GVU-Trojaner Win7 32Bit (Abgesicherter Modus geht nicht)

nwa1994 · 11.06.2013, 20:43

So,der Sperrbildschirm taucht immer noch auf

Konnte aber noch die Logfile sichern.

Code:

ATTFilter

HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : LUXSHAN-PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : NT-AUTORITÄT\SYSTEM
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-06-11 23:14:25
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 38s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 8
   Traces  . . . . . . . : 314

   Objects scanned . . . : 1.072.312
   Files scanned . . . . : 32.369
   Remnants scanned  . . : 397.019 files / 642.924 keys

Malware _____________________________________________________________________

   C:\FRST\Quarantine\Sony Smart Blaster0\safpdndnn.exe
      Size . . . . . . . : 335.872 bytes
      Age  . . . . . . . : 2.0 days (2013-06-09 23:46:28)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 13C4C0B92BA0F72F4210336E99EC6A49EAE9C55423A06AC70281CE038F1A33B4
      Product  . . . . . : Epigynum glycocho
      Publisher  . . . . : GreenMind Association ffff
      Description  . . . : Technico
      Version  . . . . . : 1.03.0002
      Copyright  . . . . : Overmerc oxynarco baronete  2001-1992
    > G Data . . . . . . : Gen:Variant.Symmi.17957
      Fuzzy  . . . . . . : 106.0
      Forensic Cluster
         -5.0s C:\Users\Luxshan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5cb99338-345a62c3.idx
         -4.9s C:\Users\Luxshan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5cb99338-345a62c3
         -2.9s C:\Users\Luxshan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ad26001-4cbdbd4c
         -2.7s C:\Users\Luxshan\AppData\Local\Temp\b34btbztdb0vavaw.exe
          0.0s C:\FRST\Quarantine\Sony Smart Blaster0\safpdndnn.exe
          2.7s C:\FRST\Quarantine\AtrosWiFi\
          2.8s C:\FRST\Quarantine\AtrosWiFi\AtrosWiF.exe
          5.2s C:\Users\Luxshan\AppData\Local\Temp\~DFABCA1F5BFCED1F5E.TMP
          6.9s C:\Users\Luxshan\AppData\Local\Temp\GCXQW.bat
          7.1s C:\FRST\Quarantine\b34btbztdb2vavaw.exe
         10.2s C:\Users\Luxshan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ad26001-38549ace.idx
         10.2s C:\Users\Luxshan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ad26001-38549ace
         10.2s C:\Users\Luxshan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ad26001-38549ace
         12.4s C:\Users\Luxshan\AppData\Local\Temp\b34btbztdb2vavaw.dll
         15.1s C:\FRST\Quarantine\Sony Smart Blaster0\
         29.8s C:\Users\Luxshan\AppData\Roaming\Microsoft\Windows\Templates\2433f433
         29.9s C:\FRST\Quarantine\2433f433
         29.9s C:\FRST\Quarantine\2433f433


Potential Unwanted Programs _________________________________________________

   C:\ProgramData\Babylon\ (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\ (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\ (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\bab025.cbid20.dat (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\bab027.Ttype010611_def.dat (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\bab031.alrts.dat (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\bab065.engset.dat (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\bab091.norecovericon.dat (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\bab094.band.dat (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\Babylon.dat (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\ (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\common.js (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\eula.html (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page1.css (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page1.html (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page1.js (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page2.css (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page2.html (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page2.js (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\title1.png (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\title2.png (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\Setup-client-x.zpb (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\Setup-tbmntr-9.0.3.5.zpb (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\Setup-tc-9.0.3.5.zpb (Babylon)
   C:\Users\Luxshan\AppData\Local\Babylon\Setup\Setup.exe (Babylon)
      Size . . . . . . . : 1.686.016 bytes
      Age  . . . . . . . : 719.9 days (2011-06-23 01:25:12)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : D60BB6464DC19E775A24EB3E3E93A4C4C39A4B707CAAD900E94B53DDC0A78BAD
      Product  . . . . . : Setup Module
      Publisher  . . . . : Babylon Ltd.
      Description  . . . : Setup Application
      Version  . . . . . : 9.0.3.5
      Copyright  . . . . : Copyright © Babylon Ltd. 1997-2011
      Fuzzy  . . . . . . : 0.0

   C:\Users\Luxshan\AppData\Local\Babylon\Setup\SetupStrings.dat (Babylon)
   C:\Users\Luxshan\AppData\Roaming\Babylon\ (Babylon)
   C:\Users\Luxshan\AppData\Roaming\Babylon\log_file.txt (Babylon)

Hitman hat einiges gefunden,bin mir aber nicht sicher ob er auch alles gelöscht hat :/

aharonov · 11.06.2013, 20:50

Zitat:

Hitman hat einiges gefunden,bin mir aber nicht sicher ob er auch alles gelöscht hat :/

Dann versuchen wir zur Sicherheit die Funde mit FRST hinterherzulöschen:

Drücke auf einem Zweitrechner bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:

Code:

ATTFilter

C:\Users\Luxshan\AppData\Local\Temp\b34btbztdb2vavaw.dll
C:\Users\Luxshan\AppData\Roaming\Microsoft\Windows\Templates\2433f433
C:\Users\Luxshan\AppData\Local\Temp\~DFABCA1F5BFCED1F5E.TMP
C:\Users\Luxshan\AppData\Local\Temp\GCXQW.bat
C:\Users\Luxshan\AppData\Local\Temp\b34btbztdb0vavaw.exe

Speichere dieses dann bitte unter dem Dateinamen Fixlist.txt auf deinen USB Stick neben FRST.

Schliesse den USB Stick wieder an den infizierten Rechner an.
Starte deinen Rechner erneut in die Reparaturoptionen.
Starte nun wiederum FRST, aber klicke dieses Mal auf den Fix Button.

Das Tool erstellt eine Datei Fixlog.txt auf deinem USB Stick. Poste deren Inhalt bitte hier.

nwa1994 · 11.06.2013, 21:02

Wow danke Leon,bin nun wieder reingekommen ohne Sperrbildschirm

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-06-2013
Ran by SYSTEM at 2013-06-11 21:57:17 Run:5
Running from G:\
Boot Mode: Recovery

==============================================

C:\Users\Luxshan\AppData\Local\Temp\b34btbztdb2vavaw.dll => Moved successfully.
C:\Users\Luxshan\AppData\Roaming\Microsoft\Windows\Templates\2433f433 => Moved successfully.
C:\Users\Luxshan\AppData\Local\Temp\~DFABCA1F5BFCED1F5E.TMP => Moved successfully.
C:\Users\Luxshan\AppData\Local\Temp\GCXQW.bat => Moved successfully.
C:\Users\Luxshan\AppData\Local\Temp\b34btbztdb0vavaw.exe => Moved successfully.

==== End of Fixlog ====

aharonov · 11.06.2013, 21:06

Das war jetzt eine mühsame Geschichte..

Weiter geht's:

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

nwa1994 · 11.06.2013, 21:19

Ja da hast du Recht :/

OTL.txt

Code:

ATTFilter

OTL logfile created on: 11.06.2013 22:08:15 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Luxshan\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,07% Memory free
5,99 Gb Paging File | 4,81 Gb Available in Paging File | 80,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,00 Gb Total Space | 60,80 Gb Free Space | 27,26% Space Free | Partition Type: NTFS
Drive D: | 226,53 Gb Total Space | 102,16 Gb Free Space | 45,10% Space Free | Partition Type: NTFS
Drive J: | 7,45 Gb Total Space | 7,44 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
 
Computer Name: LUXSHAN-PC | User Name: Luxshan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Luxshan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Luxshan\AppData\Roaming\ICQM\icq.exe (ICQ)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Programme\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Luxshan\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll ()
MOD - C:\Users\Luxshan\AppData\Roaming\ICQM\ICQ\dll\mramenu_1.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Programme\program\libxml2.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\PLFSetI.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111118.035\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111118.035\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111118.030\IDSvix86.sys (Symantec Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1206000.01D\symnets.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.sys (Symantec Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1206000.01D\ironx86.sys (Symantec Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (s115mgmt) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (s115bus) -- C:\Windows\System32\drivers\s115bus.sys (MCCI Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 47 35 55 81 76 CD 01  [binary data]
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 71 6E BC FC 01 CC 01  [binary data]
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Bbb6bc1bb-f824-4702-90cd-35e2fb24f25d%7D:1.5.1.1
FF - prefs.js..extensions.enabledAddons: %7Bea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99%7D:0.3.8.1
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Luxshan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Luxshan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011.11.19 16:49:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011.10.13 21:15:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.21 18:24:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012.09.01 12:08:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.24 15:22:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.24 15:22:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.24 15:22:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.24 15:22:38 | 000,000,000 | ---D | M]
 
[2011.04.23 23:28:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luxshan\AppData\Roaming\mozilla\Extensions
[2013.05.09 12:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luxshan\AppData\Roaming\mozilla\Firefox\Profiles\jtl60d71.default\extensions
[2012.09.01 11:35:45 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Luxshan\AppData\Roaming\mozilla\Firefox\Profiles\jtl60d71.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2013.04.05 00:51:54 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Luxshan\AppData\Roaming\mozilla\Firefox\Profiles\jtl60d71.default\extensions\ich@maltegoetz.de
[2013.05.09 12:01:15 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Luxshan\AppData\Roaming\mozilla\firefox\profiles\jtl60d71.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.01 11:35:45 | 000,041,372 | ---- | M] () (No name found) -- C:\Users\Luxshan\AppData\Roaming\mozilla\firefox\profiles\jtl60d71.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi
[2013.05.24 15:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.24 15:22:45 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Luxshan\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Luxshan\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Luxshan\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Luxshan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Luxshan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe c:\progra~2\craandfodo.dat,StartAs File not found
O4 - HKU\S-1-5-18..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe c:\progra~2\craandfodo.dat,StartAs File not found
O4 - HKU\S-1-5-19..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\PROGRA~2\craandfodo.dat,StartAs File not found
O4 - HKU\S-1-5-20..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\PROGRA~2\craandfodo.dat,StartAs File not found
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001..\Run: [Adobe Reader Synchronizer] C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001..\Run: [icq] C:\Users\Luxshan\AppData\Roaming\ICQM\icq.exe (ICQ)
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Luxshan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50EAD70A-97D6-4880-9579-D28A8F3CA480}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1149ef37-d723-11e0-ac6b-00a0d1ae1167}\Shell - "" = AutoRun
O33 - MountPoints2\{1149ef37-d723-11e0-ac6b-00a0d1ae1167}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{767ec003-6ea5-11e0-b11d-00a0d1ae1167}\Shell - "" = AutoRun
O33 - MountPoints2\{767ec003-6ea5-11e0-b11d-00a0d1ae1167}\Shell\AutoRun\command - "" = F:\pbsstart.exe
O33 - MountPoints2\{d5552f11-a015-11e0-a2e2-00a0d1ae1167}\Shell - "" = AutoRun
O33 - MountPoints2\{d5552f11-a015-11e0-a2e2-00a0d1ae1167}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{d93af0d5-6f67-11e0-8572-00a0d1ae1167}\Shell - "" = AutoRun
O33 - MountPoints2\{d93af0d5-6f67-11e0-8572-00a0d1ae1167}\Shell\AutoRun\command - "" = G:\pbsstart.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.11 23:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.11 22:06:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luxshan\Desktop\OTL.exe
[2013.06.11 21:29:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.06.10 16:26:00 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.24 15:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.11 22:06:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luxshan\Desktop\OTL.exe
[2013.06.11 22:03:32 | 000,023,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 22:03:32 | 000,023,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 22:01:04 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.11 22:01:04 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.11 22:01:04 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.11 22:01:04 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.11 21:58:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.11 21:58:12 | 2413,531,136 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.04 23:39:00 | 000,002,380 | ---- | M] () -- C:\Users\Luxshan\Desktop\Google Chrome.lnk
[2013.05.16 18:24:48 | 000,000,081 | ---- | M] () -- C:\Users\Luxshan\AppData\Roaming\mbam.context.scan
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.16 18:24:48 | 000,000,081 | ---- | C] () -- C:\Users\Luxshan\AppData\Roaming\mbam.context.scan
[2013.04.27 14:39:11 | 000,001,101 | ---- | C] () -- C:\Users\Luxshan\Dokumente - Verknüpfung.lnk
[2013.01.22 18:37:49 | 000,000,000 | ---- | C] () -- C:\Users\Luxshan\ipconfig
[2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html
[2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2012.04.06 13:56:32 | 000,002,640 | ---- | C] () -- C:\Windows\System32\GacelaLSPServiceOff.ini
[2012.02.17 19:36:48 | 001,561,841 | ---- | C] () -- C:\Users\Luxshan\mathe 001.jpg
[2011.12.28 01:46:25 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011.12.28 01:46:25 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011.12.28 01:46:25 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011.12.28 01:46:25 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2011.11.09 17:20:27 | 000,151,992 | ---- | C] () -- C:\Windows\Linder Proteinbiosynthese Uninstaller.exe
[2011.06.23 16:00:00 | 000,000,600 | ---- | C] () -- C:\Users\Luxshan\AppData\Roaming\winscp.rnd
[2011.05.24 20:43:38 | 000,000,000 | ---- | C] () -- C:\Users\Luxshan\AppData\Roaming\chrtmp
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 11.06.2013 22:08:15 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Luxshan\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,07% Memory free
5,99 Gb Paging File | 4,81 Gb Available in Paging File | 80,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,00 Gb Total Space | 60,80 Gb Free Space | 27,26% Space Free | Partition Type: NTFS
Drive D: | 226,53 Gb Total Space | 102,16 Gb Free Space | 45,10% Space Free | Partition Type: NTFS
Drive J: | 7,45 Gb Total Space | 7,44 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
 
Computer Name: LUXSHAN-PC | User Name: Luxshan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2211236486-4210627768-2744985528-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05634693-0F80-4C6D-9B48-ACFE79182CB6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0A647F7D-6286-4E01-AABE-5781B201A33B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1234B01D-B3B5-4E51-8326-82D83E303D9E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{17452ECD-1FBA-4F87-81DF-E854C1F29221}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32E61182-4ECB-4244-AE29-6DEF80FC90F5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3CCB671A-2D5B-4160-A846-13CE3DFAB07E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4F207916-473A-4C2B-ADCF-E9117E882CAA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4F819414-2299-4B89-9EEA-9DEC59A2B608}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{592A3CC9-A10F-423E-8228-70929D2E86A6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{600724BD-19B7-496E-8F4D-FFB268E8D2C2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{61ECFAE8-2D33-4A40-927E-3300B2FBD059}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6F5852E4-84DB-4697-8AB7-235835E166AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{70CEF6A2-B46F-4F84-B114-2CEDBA262FE3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{733C9E31-6A94-4633-BC9B-4C7131330F68}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{80603F81-8B5F-4B3D-BCA0-0261A4C0D92D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{819B9DEB-178D-4728-AE2B-3785993CCDB9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8EE4D41B-CF01-44BB-808D-38412E7804B0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9109408E-076D-40BE-B14E-0CF929884FC2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{91396F44-7DE1-4CA8-9109-ADF4A25DEEC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9675887F-18CF-42B2-9366-2FB142F3E476}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AEF72804-A3EB-41C0-B14E-53785D7C72B3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B0C60D8D-D237-484C-9E90-121CF8FCC35C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B8719E9D-887E-48D6-A5D1-329915A24AA4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D7D0D865-D3A2-47A3-ACE0-B8AC3C454B70}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DF5E1CE4-1EAD-4610-85FA-35514A52F1C4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E5BA9183-0C5D-4E0D-8FF3-4954D2D886C2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E7E5FF19-E496-46FC-B89D-3948542B68BE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011C2F5E-C73A-48AE-9DF1-2DBDC54DACA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0715479F-264E-422D-B9D2-C38EDEF31A3C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{0AB64762-949C-4D09-8A9D-21812CC50B54}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{0B827B4B-3C92-45C8-956C-B89AFA3AFC38}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0BC65F43-9BC4-4FE4-8B20-C0350BB28433}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0BFE41C2-834D-4971-ADD7-43EC75A8F67A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0CA5134F-FCFF-467B-8B1A-36D6DFED35E3}" = dir=out | app=%programfiles%\activision\call of duty - world at war deluxe edition\codwaw.exe | 
"{109E620A-62AC-40C4-B378-0FDF95262547}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1D3F7F35-188D-4421-A5AF-71D889B6C2C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1EBAEE4C-B228-42D7-98BD-34D3F33F4294}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3DBB52D6-E168-4CC7-9884-26A2EA548047}" = protocol=17 | dir=in | app=c:\users\luxshan\appdata\roaming\icqm\icq.exe | 
"{3EEEF840-1A00-45E3-9678-97761B1F8B88}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{473427EF-117F-4156-89E0-798ADFB681AD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{4979ADA2-3E08-4118-BD5E-8109564C13C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5F6FD492-FB26-4A34-8585-20FD83D0F3A5}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe | 
"{66E8F239-3CE5-4E38-B56F-9607641E2DBB}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe | 
"{79E42492-E130-4C91-A06F-D2D27967DB2C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{820B6873-9B28-4D7B-BEEA-753A8D039AF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{85474CC9-2CD2-4458-BEAD-79606BA9B59D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8723BD6B-EEF3-4FD3-9455-64E6F2DF4A91}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8D3F127E-97F6-441E-B427-5BC360B6623F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{985E1418-A9D5-4E03-BCD3-717D82278CFB}" = protocol=6 | dir=out | app=system | 
"{BDEFD639-40A0-4910-8B3D-649FAA02993A}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{CD461D52-CD98-4A3C-A7AE-B92845F8E105}" = protocol=6 | dir=in | app=c:\users\luxshan\appdata\roaming\icqm\icq.exe | 
"{D31F5B86-60BB-4F29-BF61-9462E3C68F02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D70D4AD6-3CBE-41DD-A37A-6EBA1EC50C7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA97619C-FDA0-48E4-B70E-84A96D783EAC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E01926C6-A129-4305-A9C0-5395FB4A3588}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E8F96C9F-A615-4CBC-8103-E37B9B0E6471}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E9CC552E-11D9-44DA-80C3-2FEE6439ACA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{113EE488-D0A3-4B9F-B5A1-05AF2F44C798}C:\program files\fussball manager 11\manager11.exe" = protocol=6 | dir=in | app=c:\program files\fussball manager 11\manager11.exe | 
"TCP Query User{6BDA61F0-BB7E-4EFA-838D-F8269DAA4D1C}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{74572CCF-D888-4B1B-B0FC-86A26D673164}C:\users\luxshan\appdata\local\temp\rar$ex46.080\redsn0w_win_0.9.10b3\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\luxshan\appdata\local\temp\rar$ex46.080\redsn0w_win_0.9.10b3\redsn0w.exe | 
"TCP Query User{9ED413C7-E668-4967-9010-A2B5A449E3DE}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{AE3A4A18-3C9C-4734-89E1-8EEA18199EB7}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{BFDA56D5-2AF3-490A-A750-49D62736F47F}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{CF3070D8-70E4-4640-989C-523D923FC213}C:\program files\activision\call of duty - world at war deluxe edition\codwaw.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war deluxe edition\codwaw.exe | 
"TCP Query User{D57803F3-493A-4B9F-BCFA-C1B045D257C1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{DFBEF4D9-5E4E-488F-88AF-72168C5880A9}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{EC287136-FBDD-4E20-8D80-4266108EC0CC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{1FC52CDC-1584-445F-A02C-01C70BE8E5C7}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{269E2256-FD35-4778-A847-3AE8E2FA16C7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{60948E3F-9188-4B1C-AE8B-2D61CC966740}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{73B3C946-BC1D-4FE9-B23A-499B375C9740}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{99B5726B-6AEE-4C17-BAA5-AB927C9EF772}C:\program files\activision\call of duty - world at war deluxe edition\codwaw.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war deluxe edition\codwaw.exe | 
"UDP Query User{9C035E78-1AF9-4660-945F-D23A9EA20CC7}C:\program files\fussball manager 11\manager11.exe" = protocol=17 | dir=in | app=c:\program files\fussball manager 11\manager11.exe | 
"UDP Query User{A2A10FAB-35CD-40C4-8AF2-7F7C1709BD3F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{C188DF03-78B9-41D1-BF0F-48CD37AACF94}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{C66446E3-1DC4-4DA0-84EE-761C6AFBE81B}C:\users\luxshan\appdata\local\temp\rar$ex46.080\redsn0w_win_0.9.10b3\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\luxshan\appdata\local\temp\rar$ex46.080\redsn0w_win_0.9.10b3\redsn0w.exe | 
"UDP Query User{FE35E8C4-6AC7-49C7-AB0C-E9FFFC3A6DBF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{60B2F25C-22CB-4CD9-9168-8C63708DC1A1}" = LibreOffice 3.6
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72ED0FA0-8987-4C21-BF4B-F56506597207}_is1" = Call of Duty - World at War Deluxe Edition
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-8-2-5 (All Users)
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"DFX for Windows Media Player" = DFX for Windows Media Player
"DivX Setup" = DivX-Setup
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Linder Proteinbiosynthese" = Linder Proteinbiosynthese
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"XMedia Recode" = XMedia Recode 2.3.2.9
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2211236486-4210627768-2744985528-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"ICQ" = ICQ 8.0 (build 6019)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.06.2013 16:47:12 | Computer Name = Luxshan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.06.2013 16:47:12 | Computer Name = Luxshan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 31357886
 
Error - 09.06.2013 16:47:12 | Computer Name = Luxshan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31357886
 
Error - 09.06.2013 18:07:44 | Computer Name = Luxshan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.06.2013 08:27:19 | Computer Name = Luxshan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.06.2013 09:42:41 | Computer Name = Luxshan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.06.2013 18:31:54 | Computer Name = Luxshan-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NVIDIA
 Corporation\Display\nvtray.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\NVIDIA Corporation\Display\nvtray.exe" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 11.06.2013 16:45:04 | Computer Name = Luxshan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.06.2013 17:14:47 | Computer Name = Luxshan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.06.2013 16:00:00 | Computer Name = Luxshan-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 06.04.2012 18:44:18 | Computer Name = Luxshan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "COM+-Systemanwendung" ist vom Dienst "Benachrichtigungsdienst
 für Systemereignisse" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%126
 
Error - 09.04.2012 15:51:44 | Computer Name = Luxshan-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde mit
 folgendem Fehler beendet:   %%126
 
Error - 09.04.2012 15:51:50 | Computer Name = Luxshan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "COM+-Systemanwendung" ist vom Dienst "Benachrichtigungsdienst
 für Systemereignisse" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%126
 
Error - 28.04.2012 13:56:45 | Computer Name = Luxshan-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 30.04.2012 08:16:35 | Computer Name = Luxshan-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.05.2012 04:50:15 | Computer Name = Luxshan-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 03.06.2012 14:18:03 | Computer Name = Luxshan-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 29.06.2012 16:33:46 | Computer Name = Luxshan-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{50EAD70A-97D6-4880-9579-D28A8F3CA480} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 02.07.2012 16:02:11 | Computer Name = Luxshan-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 03.07.2012 00:02:33 | Computer Name = Luxshan-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

aharonov · 11.06.2013, 21:23

Jetzt geht's aber voran.

Wie läuft der Rechner?

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe c:\progra~2\craandfodo.dat,StartAs File not found
O4 - HKU\S-1-5-18..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe c:\progra~2\craandfodo.dat,StartAs File not found
O4 - HKU\S-1-5-19..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\PROGRA~2\craandfodo.dat,StartAs File not found
O4 - HKU\S-1-5-20..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\PROGRA~2\craandfodo.dat,StartAs File not found

:commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 5

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck
Log von OTL

nwa1994 · 11.06.2013, 21:31

Der Rechner läuft wieder ganz gut,aber anscheinend muss noch einiges getan werden

Schritt 1:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Luxshan
->Temp folder emptied: 181437 bytes
->Temporary Internet Files folder emptied: 3244434 bytes
->Java cache emptied: 779394 bytes
->FireFox cache emptied: 62997684 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 532 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2920272 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 67,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06112013_222535

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

aharonov · 11.06.2013, 21:46

Ja, das ist jetzt hoffentlich die letzte (Kontroll-)Runde.

nwa1994 · 11.06.2013, 22:04

Ok

Schritt 2:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.11.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Luxshan :: LUXSHAN-PC [Administrator]

11.06.2013 22:39:40
mbam-log-2013-06-11 (22-39-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232051
Laufzeit: 9 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Die nächsten Schritte führe ich gleich aus

aharonov · 11.06.2013, 22:31

Ok.
Der ESET-Scan könnte dann etwas länger dauern..

nwa1994 · 12.06.2013, 22:47

Soo Schritt 3:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b7ec197db7a1224cbfce66d82dbacbcc
# engine=14051
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-11 11:25:17
# local_time=2013-06-12 01:25:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3588 16777214 85 82 49282551 74885923 0 0
# compatibility_mode=5893 16776574 100 94 64752906 122624308 0 0
# scanned=69964
# found=4
# cleaned=0
# scan_time=4279
sh=BB0FB9451F622CA43A1F4992559542043A48208C ft=1 fh=a9a142d29f463315 vn="Win32/Moure.A trojan" ac=I fn="C:\FRST\Quarantine\b34btbztdb2vavaw.dll"
sh=3EAE5D6E7D58F8E609D53DCC4BD5C35731CD6ECA ft=1 fh=a9a142d2dfb7f412 vn="Win32/Moure.A trojan" ac=I fn="C:\FRST\Quarantine\b34btbztdb2vavaw.exe"
sh=E1003ED10D11F9A3E026E9C5A9EF16586FE8F407 ft=1 fh=c71c0011dd21162e vn="Win32/Neurevt.A trojan" ac=I fn="C:\FRST\Quarantine\Sony Smart Blaster0\safpdndnn.exe"
sh=15A2917873048CA631801FF39731CC510F80EFD8 ft=1 fh=9194ec692ec7f912 vn="a variant of Win32/Agent.PRC trojan" ac=I fn="C:\FRST\Quarantine\Taaajjo\Taaajjo.scr"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b7ec197db7a1224cbfce66d82dbacbcc
# engine=14057
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-12 09:38:55
# local_time=2013-06-12 11:38:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3588 16777214 85 82 49362569 74965941 0 0
# compatibility_mode=5893 16776574 100 94 64832924 122704326 0 0
# scanned=276329
# found=7
# cleaned=0
# scan_time=12889
sh=BB0FB9451F622CA43A1F4992559542043A48208C ft=1 fh=a9a142d29f463315 vn="Win32/Moure.A trojan" ac=I fn="C:\FRST\Quarantine\b34btbztdb2vavaw.dll"
sh=3EAE5D6E7D58F8E609D53DCC4BD5C35731CD6ECA ft=1 fh=a9a142d2dfb7f412 vn="Win32/Moure.A trojan" ac=I fn="C:\FRST\Quarantine\b34btbztdb2vavaw.exe"
sh=2D88D44D96DA32ECEB3D8CD7669232FBE581CE49 ft=1 fh=c76ce7cf5ce987b8 vn="probably a variant of Win32/VB.IWSVOVL trojan" ac=I fn="C:\FRST\Quarantine\AtrosWiFi\AtrosWiF.exe"
sh=E1003ED10D11F9A3E026E9C5A9EF16586FE8F407 ft=1 fh=c71c0011dd21162e vn="Win32/Neurevt.A trojan" ac=I fn="C:\FRST\Quarantine\Sony Smart Blaster0\safpdndnn.exe"
sh=15A2917873048CA631801FF39731CC510F80EFD8 ft=1 fh=9194ec692ec7f912 vn="a variant of Win32/Agent.PRC trojan" ac=I fn="C:\FRST\Quarantine\Taaajjo\Taaajjo.scr"
sh=9CE5EADFD955F384880AD0FCDC636EACDA6E1F6A ft=0 fh=0000000000000000 vn="Win32/Spy.SpyEye.CFG.A trojan" ac=I fn="C:\winlogon\7205BBE083BF3EF"
sh=E1B80E9A6032924330D0D80A30704DD5F7FBC360 ft=1 fh=e01ba4efbb4c64fe vn="a variant of Win32/Kryptik.NCK trojan" ac=I fn="D:\_OTL\MovedFiles\06112013_223738\C_Users\Luxshan\AppData\Local\axopifatufoqiwu.dll"

ESET hat noch 7 Sachen gefunden :/

aharonov · 12.06.2013, 23:53

Hallo,

Zitat:

ESET hat noch 7 Sachen gefunden :/

6 dieser 7 Sachen sind nur Dinge, welche wir bereits entdeckt und in Quarantäne geschoben haben.
Aber einer davon ist bisher noch nicht aufgetaucht.

Mach noch die Schritte 4 und 5. Ersetze dabei den Schritt 5 aber folgendermassen:

Schritt 5

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

dir /a/s/b "C:\winlogon" /c

Schliesse bitte alle anderen Programme.
Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

nwa1994 · 13.06.2013, 12:46

Ok Leo

Schritt 4:

Code:

ATTFilter

Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 Java(TM) 6 Update 31  
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 	11.6.602.180  
 Adobe Reader 10.0.1 Adobe Reader out of Date!  
 Mozilla Firefox (21.0) 
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Schritt 5: OTL.txt

Code:

ATTFilter

OTL logfile created on: 13.06.2013 13:49:10 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Luxshan\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,56% Memory free
5,99 Gb Paging File | 4,30 Gb Available in Paging File | 71,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,00 Gb Total Space | 61,76 Gb Free Space | 27,69% Space Free | Partition Type: NTFS
Drive D: | 226,53 Gb Total Space | 102,16 Gb Free Space | 45,10% Space Free | Partition Type: NTFS
 
Computer Name: LUXSHAN-PC | User Name: Luxshan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Luxshan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Luxshan\AppData\Roaming\ICQM\icq.exe (ICQ)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Java\jre7\bin\javaw.exe (Oracle Corporation)
PRC - C:\Programme\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Programme\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Luxshan\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll ()
MOD - C:\Users\Luxshan\AppData\Roaming\ICQM\ICQ\dll\mramenu_1.dll ()
MOD - C:\Programme\program\libxml2.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\PLFSetI.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111118.035\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111118.035\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111118.030\IDSvix86.sys (Symantec Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1206000.01D\symnets.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.sys (Symantec Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1206000.01D\ironx86.sys (Symantec Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (s115mgmt) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (s115bus) -- C:\Windows\System32\drivers\s115bus.sys (MCCI Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 47 35 55 81 76 CD 01  [binary data]
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 71 6E BC FC 01 CC 01  [binary data]
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Bbb6bc1bb-f824-4702-90cd-35e2fb24f25d%7D:1.5.1.1
FF - prefs.js..extensions.enabledAddons: %7Bea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99%7D:0.3.8.1
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Luxshan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Luxshan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011.11.19 16:49:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011.10.13 21:15:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.21 18:24:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012.09.01 12:08:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.24 15:22:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.24 15:22:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.24 15:22:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.24 15:22:38 | 000,000,000 | ---D | M]
 
[2011.04.23 23:28:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luxshan\AppData\Roaming\mozilla\Extensions
[2013.06.13 00:01:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luxshan\AppData\Roaming\mozilla\Firefox\Profiles\jtl60d71.default\extensions
[2012.09.01 11:35:45 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Luxshan\AppData\Roaming\mozilla\Firefox\Profiles\jtl60d71.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2013.04.05 00:51:54 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Luxshan\AppData\Roaming\mozilla\Firefox\Profiles\jtl60d71.default\extensions\ich@maltegoetz.de
[2013.06.13 00:01:40 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Luxshan\AppData\Roaming\mozilla\firefox\profiles\jtl60d71.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.01 11:35:45 | 000,041,372 | ---- | M] () (No name found) -- C:\Users\Luxshan\AppData\Roaming\mozilla\firefox\profiles\jtl60d71.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi
[2013.05.24 15:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.24 15:22:45 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Luxshan\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Luxshan\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Luxshan\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Luxshan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Luxshan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001..\Run: [Adobe Reader Synchronizer] C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001..\Run: [icq] C:\Users\Luxshan\AppData\Roaming\ICQM\icq.exe (ICQ)
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Luxshan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50EAD70A-97D6-4880-9579-D28A8F3CA480}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1149ef37-d723-11e0-ac6b-00a0d1ae1167}\Shell - "" = AutoRun
O33 - MountPoints2\{1149ef37-d723-11e0-ac6b-00a0d1ae1167}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{767ec003-6ea5-11e0-b11d-00a0d1ae1167}\Shell - "" = AutoRun
O33 - MountPoints2\{767ec003-6ea5-11e0-b11d-00a0d1ae1167}\Shell\AutoRun\command - "" = F:\pbsstart.exe
O33 - MountPoints2\{d5552f11-a015-11e0-a2e2-00a0d1ae1167}\Shell - "" = AutoRun
O33 - MountPoints2\{d5552f11-a015-11e0-a2e2-00a0d1ae1167}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{d93af0d5-6f67-11e0-8572-00a0d1ae1167}\Shell - "" = AutoRun
O33 - MountPoints2\{d93af0d5-6f67-11e0-8572-00a0d1ae1167}\Shell\AutoRun\command - "" = G:\pbsstart.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.11 23:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.11 22:32:37 | 000,000,000 | ---D | C] -- C:\Users\Luxshan\AppData\Local\Programs
[2013.06.11 22:25:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.11 22:06:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luxshan\Desktop\OTL.exe
[2013.06.11 21:29:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.06.10 16:26:00 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.24 15:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.13 13:42:04 | 000,890,839 | ---- | M] () -- C:\Users\Luxshan\Desktop\SecurityCheck.exe
[2013.06.13 13:40:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.11 22:41:24 | 000,023,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 22:41:24 | 000,023,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 22:36:04 | 2413,531,136 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.11 22:32:55 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.11 22:06:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luxshan\Desktop\OTL.exe
[2013.06.11 22:01:04 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.11 22:01:04 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.11 22:01:04 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.11 22:01:04 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.04 23:39:00 | 000,002,380 | ---- | M] () -- C:\Users\Luxshan\Desktop\Google Chrome.lnk
[2013.05.16 18:24:48 | 000,000,081 | ---- | M] () -- C:\Users\Luxshan\AppData\Roaming\mbam.context.scan
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.13 13:41:57 | 000,890,839 | ---- | C] () -- C:\Users\Luxshan\Desktop\SecurityCheck.exe
[2013.05.16 18:24:48 | 000,000,081 | ---- | C] () -- C:\Users\Luxshan\AppData\Roaming\mbam.context.scan
[2013.01.22 18:37:49 | 000,000,000 | ---- | C] () -- C:\Users\Luxshan\ipconfig
[2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html
[2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2012.04.06 13:56:32 | 000,002,640 | ---- | C] () -- C:\Windows\System32\GacelaLSPServiceOff.ini
[2012.02.17 19:36:48 | 001,561,841 | ---- | C] () -- C:\Users\Luxshan\mathe 001.jpg
[2011.12.28 01:46:25 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011.12.28 01:46:25 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011.12.28 01:46:25 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011.12.28 01:46:25 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2011.11.09 17:20:27 | 000,151,992 | ---- | C] () -- C:\Windows\Linder Proteinbiosynthese Uninstaller.exe
[2011.06.23 16:00:00 | 000,000,600 | ---- | C] () -- C:\Users\Luxshan\AppData\Roaming\winscp.rnd
[2011.05.24 20:43:38 | 000,000,000 | ---- | C] () -- C:\Users\Luxshan\AppData\Roaming\chrtmp
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.06.23 01:25:11 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Babylon
[2011.04.25 16:01:36 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\DAEMON Tools Lite
[2011.05.13 21:19:04 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2012.08.07 17:32:12 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.03.19 21:29:45 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Dropbox
[2012.02.28 15:25:36 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Duil
[2012.03.19 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\ICQ
[2013.05.05 15:51:34 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\ICQ-Profile
[2013.05.05 15:50:09 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\ICQM
[2012.10.16 17:27:46 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Illii
[2011.05.19 15:59:28 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Jumping Bytes
[2011.04.26 00:47:54 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Leadertech
[2013.01.08 06:28:00 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\LibreOffice
[2012.03.11 22:22:59 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Mayntu
[2012.02.11 22:00:15 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\MicroST
[2011.05.20 16:26:41 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\MyPhoneExplorer
[2012.03.17 01:24:07 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Naxyq
[2012.03.04 20:53:58 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Niaf
[2012.11.05 18:56:49 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Ofny
[2011.05.24 16:02:48 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\OpenOffice.org
[2012.04.12 11:48:40 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Opera
[2012.03.12 19:59:41 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Qutib
[2012.08.10 00:50:00 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Qyyb
[2012.01.28 23:29:38 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\redsn0w
[2012.04.20 14:51:33 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\TeamViewer
[2012.03.18 15:08:03 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Teof
[2011.10.13 08:32:19 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Tific
[2011.11.09 16:04:07 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Ubisoft
[2012.02.25 01:30:37 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Uxebe
[2012.04.03 23:43:13 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Windows Desktop Search
[2012.03.19 21:29:45 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Windows Search
[2012.03.12 20:51:14 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Woivih
[2011.05.17 19:48:42 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\XMedia Recode
[2012.03.04 21:12:34 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Ycwuk
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< dir /a/s/b "C:\winlogon" /c >
C:\WINLOGON\7205BBE083BF3EF

< End of report >

aharonov · 14.06.2013, 15:05

Hi,

du hattest da wirklich die ganze Zeit immer mal wieder ungebetenen Besuch..
Einmal einstampfen und neu machen ist auch nie eine schlechte Idee.

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
[2012.03.04 21:12:34 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Ycwuk
[2012.03.12 20:51:14 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Woivih
[2012.02.25 01:30:37 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Uxebe
[2012.03.18 15:08:03 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Teof
[2012.03.12 19:59:41 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Qutib
[2012.08.10 00:50:00 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Qyyber
[2012.03.17 01:24:07 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Naxyq
[2012.03.04 20:53:58 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Niaf
[2012.11.05 18:56:49 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Ofny
[2012.03.11 22:22:59 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Mayntu
[2011.10.13 08:32:19 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Tific
[2012.10.16 17:27:46 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Illii
[2012.02.28 15:25:36 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Duil
[2011.06.23 01:25:11 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Babylon

:files
C:\WINLOGON
regsvr32 wscsvc.dll /c

:commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 21.

Gehe zu
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
Start --> Systemsteuerung --> Software (bei Win XP)
und deinstalliere alle älteren Java-Versionen.

In wenigen Fällen wird Java wirklich benötigt. Auch werden immer wieder neue, noch nicht geschlossene Sicherheitslücken ausgenutzt.
Überleg dir also, ob du eine Java-Installation wirklich brauchst.
Falls du Java weiterhin verwenden möchtest, dann:

Lade dir die neueste Java-Version herunter.
Schliesse alle laufenden Programme, speziell den Browser.
Starte die heruntergeladene jxpiinstall.exe und folge den Anweisungen.
Entferne während der Installation den Haken bei "Installieren Sie die Ask-Toolbar ...".

Schritt 3

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:

Deinstalliere bitte deine aktuelle Version von Adobe Reader über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
Besuche diese Seite von Adobe.
Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
Drücke auf Jetzt herunterladen und installiere die neuste Version.

Schritt 4

Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:

Besuche diese Seite von Adobe.
Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.

Schritt 5

Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 6

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von SecurityCheck
Log von OTL

nwa1994 · 15.06.2013, 22:02

Hi Leo,ja hast absolut recht,sollte ich demnächst mal in Betracht ziehen

Schritt 1:

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Users\Luxshan\AppData\Roaming\Ycwuk folder moved successfully.
C:\Users\Luxshan\AppData\Roaming\Woivih folder moved successfully.
C:\Users\Luxshan\AppData\Roaming\Uxebe folder moved successfully.
C:\Users\Luxshan\AppData\Roaming\Teof folder moved successfully.
C:\Users\Luxshan\AppData\Roaming\Qutib folder moved successfully.
Folder C:\Users\Luxshan\AppData\Roaming\Qyyber\ not found.
C:\Users\Luxshan\AppData\Roaming\Naxyq folder moved successfully.
C:\Users\Luxshan\AppData\Roaming\Niaf folder moved successfully.
C:\Users\Luxshan\AppData\Roaming\Ofny folder moved successfully.
C:\Users\Luxshan\AppData\Roaming\Mayntu folder moved successfully.
C:\Users\Luxshan\AppData\Roaming\Tific folder moved successfully.
C:\Users\Luxshan\AppData\Roaming\Illii folder moved successfully.
C:\Users\Luxshan\AppData\Roaming\Duil folder moved successfully.
C:\Users\Luxshan\AppData\Roaming\Babylon folder moved successfully.
========== FILES ==========
C:\winlogon folder moved successfully.
< regsvr32 wscsvc.dll /c >
C:\Users\Luxshan\Desktop\cmd.bat deleted successfully.
C:\Users\Luxshan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Luxshan
->Temp folder emptied: 169700 bytes
->Temporary Internet Files folder emptied: 51127 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14373339 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 712264 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 15,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06152013_225538

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Während OTL lief,bekam ich eine Meldung,dass eine .dll datei nicht gefunden werden konnte.

Schritt 5:Log von SecurityCheck

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 Java 7 Update 21  
 Adobe Flash Player 	11.7.700.224  
 Mozilla Firefox (21.0) 
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Schritt 5: Log von OTL

Code:

ATTFilter

Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 57,94% Memory free
5,99 Gb Paging File | 4,75 Gb Available in Paging File | 79,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,00 Gb Total Space | 65,77 Gb Free Space | 29,49% Space Free | Partition Type: NTFS
Drive D: | 226,53 Gb Total Space | 105,12 Gb Free Space | 46,41% Space Free | Partition Type: NTFS
 
Computer Name: LUXSHAN-PC | User Name: Luxshan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Luxshan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Luxshan\AppData\Roaming\ICQM\icq.exe (ICQ)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Programme\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Luxshan\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll ()
MOD - C:\Users\Luxshan\AppData\Roaming\ICQM\ICQ\dll\mramenu_1.dll ()
MOD - C:\Programme\program\libxml2.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\PLFSetI.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111118.035\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111118.035\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111118.030\IDSvix86.sys (Symantec Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1206000.01D\symnets.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.sys (Symantec Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1206000.01D\ironx86.sys (Symantec Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (s115mgmt) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (s115bus) -- C:\Windows\System32\drivers\s115bus.sys (MCCI Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 47 35 55 81 76 CD 01  [binary data]
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 71 6E BC FC 01 CC 01  [binary data]
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Bbb6bc1bb-f824-4702-90cd-35e2fb24f25d%7D:1.5.1.1
FF - prefs.js..extensions.enabledAddons: %7Bea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99%7D:0.3.8.1
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Luxshan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Luxshan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011.11.19 16:49:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011.10.13 21:15:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.21 18:24:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012.09.01 12:08:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.15 23:20:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.15 23:20:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.15 23:20:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.15 23:20:17 | 000,000,000 | ---D | M]
 
[2011.04.23 23:28:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luxshan\AppData\Roaming\mozilla\Extensions
[2013.06.13 00:01:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luxshan\AppData\Roaming\mozilla\Firefox\Profiles\jtl60d71.default\extensions
[2012.09.01 11:35:45 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Luxshan\AppData\Roaming\mozilla\Firefox\Profiles\jtl60d71.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2013.04.05 00:51:54 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Luxshan\AppData\Roaming\mozilla\Firefox\Profiles\jtl60d71.default\extensions\ich@maltegoetz.de
[2013.06.13 00:01:40 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Luxshan\AppData\Roaming\mozilla\firefox\profiles\jtl60d71.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.01 11:35:45 | 000,041,372 | ---- | M] () (No name found) -- C:\Users\Luxshan\AppData\Roaming\mozilla\firefox\profiles\jtl60d71.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi
[2013.06.15 23:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.24 15:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.24 15:22:45 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Luxshan\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Luxshan\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Luxshan\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Luxshan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Luxshan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001..\Run: [icq] C:\Users\Luxshan\AppData\Roaming\ICQM\icq.exe (ICQ)
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1001..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2211236486-4210627768-2744985528-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Luxshan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50EAD70A-97D6-4880-9579-D28A8F3CA480}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1149ef37-d723-11e0-ac6b-00a0d1ae1167}\Shell - "" = AutoRun
O33 - MountPoints2\{1149ef37-d723-11e0-ac6b-00a0d1ae1167}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{767ec003-6ea5-11e0-b11d-00a0d1ae1167}\Shell - "" = AutoRun
O33 - MountPoints2\{767ec003-6ea5-11e0-b11d-00a0d1ae1167}\Shell\AutoRun\command - "" = F:\pbsstart.exe
O33 - MountPoints2\{d5552f11-a015-11e0-a2e2-00a0d1ae1167}\Shell - "" = AutoRun
O33 - MountPoints2\{d5552f11-a015-11e0-a2e2-00a0d1ae1167}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{d93af0d5-6f67-11e0-8572-00a0d1ae1167}\Shell - "" = AutoRun
O33 - MountPoints2\{d93af0d5-6f67-11e0-8572-00a0d1ae1167}\Shell\AutoRun\command - "" = G:\pbsstart.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.15 23:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.06.15 23:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.06.15 23:10:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.06.15 23:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.06.11 23:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.11 22:32:37 | 000,000,000 | ---D | C] -- C:\Users\Luxshan\AppData\Local\Programs
[2013.06.11 22:25:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.11 22:06:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luxshan\Desktop\OTL.exe
[2013.06.11 21:29:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.06.10 16:26:00 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.24 15:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.15 23:14:51 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.15 23:02:25 | 000,023,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.15 23:02:25 | 000,023,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.15 22:57:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.15 22:57:04 | 2413,531,136 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.13 13:42:04 | 000,890,839 | ---- | M] () -- C:\Users\Luxshan\Desktop\SecurityCheck.exe
[2013.06.11 22:32:55 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.11 22:06:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luxshan\Desktop\OTL.exe
[2013.06.11 22:01:04 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.11 22:01:04 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.11 22:01:04 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.11 22:01:04 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.04 23:39:00 | 000,002,380 | ---- | M] () -- C:\Users\Luxshan\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.15 23:13:25 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.13 13:41:57 | 000,890,839 | ---- | C] () -- C:\Users\Luxshan\Desktop\SecurityCheck.exe
[2013.05.16 18:24:48 | 000,000,081 | ---- | C] () -- C:\Users\Luxshan\AppData\Roaming\mbam.context.scan
[2013.01.22 18:37:49 | 000,000,000 | ---- | C] () -- C:\Users\Luxshan\ipconfig
[2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html
[2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2012.04.06 13:56:32 | 000,002,640 | ---- | C] () -- C:\Windows\System32\GacelaLSPServiceOff.ini
[2012.02.17 19:36:48 | 001,561,841 | ---- | C] () -- C:\Users\Luxshan\mathe 001.jpg
[2011.12.28 01:46:25 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011.12.28 01:46:25 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011.12.28 01:46:25 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011.12.28 01:46:25 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2011.11.09 17:20:27 | 000,151,992 | ---- | C] () -- C:\Windows\Linder Proteinbiosynthese Uninstaller.exe
[2011.06.23 16:00:00 | 000,000,600 | ---- | C] () -- C:\Users\Luxshan\AppData\Roaming\winscp.rnd
[2011.05.24 20:43:38 | 000,000,000 | ---- | C] () -- C:\Users\Luxshan\AppData\Roaming\chrtmp
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.04.25 16:01:36 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\DAEMON Tools Lite
[2011.05.13 21:19:04 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2012.08.07 17:32:12 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.03.19 21:29:45 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Dropbox
[2012.03.19 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\ICQ
[2013.05.05 15:51:34 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\ICQ-Profile
[2013.05.05 15:50:09 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\ICQM
[2011.05.19 15:59:28 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Jumping Bytes
[2011.04.26 00:47:54 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Leadertech
[2013.01.08 06:28:00 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\LibreOffice
[2012.02.11 22:00:15 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\MicroST
[2011.05.20 16:26:41 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\MyPhoneExplorer
[2011.05.24 16:02:48 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\OpenOffice.org
[2012.04.12 11:48:40 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Opera
[2012.08.10 00:50:00 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Qyyb
[2012.01.28 23:29:38 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\redsn0w
[2012.04.20 14:51:33 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\TeamViewer
[2011.11.09 16:04:07 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Ubisoft
[2012.04.03 23:43:13 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Windows Desktop Search
[2012.03.19 21:29:45 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\Windows Search
[2011.05.17 19:48:42 | 000,000,000 | ---D | M] -- C:\Users\Luxshan\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >

11.06.2013, 21:46	#38
aharonov /// TB-Ausbilder	GVU-Trojaner Win7 32Bit (Abgesicherter Modus geht nicht) Ja, das ist jetzt hoffentlich die letzte (Kontroll-)Runde. __________________ cheers, Leo

11.06.2013, 22:31	#40
aharonov /// TB-Ausbilder	GVU-Trojaner Win7 32Bit (Abgesicherter Modus geht nicht) Ok. Der ESET-Scan könnte dann etwas länger dauern.. __________________ cheers, Leo

GVU-Trojaner Win7 32Bit (Abgesicherter Modus geht nicht)

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner Win7 32Bit (Abgesicherter Modus geht nicht)