Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan:Win32/Matsun, Logs

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 19.06.2013, 12:05   #1
Sýdnaý
 
Trojan:Win32/Matsun, Logs - Standard

Trojan:Win32/Matsun, Logs



Hallo,

habe heute beim Start meines Rechners die Meldung bekommen, dass sich ein Trojaner eingeschlichen hat. Micrsoft Security Essentials hat folgendes angezeigt:

Trojan:Win32/Matsun und das ganze dann unter Quarantäne gestellt.

Darüberhinaus funktioniert an meinem Rechner das Internet nicht mehr. Es wird angezeigt dass ich in einen Privaten Modus oder so eintreten müsste, wodurch ich jedoch für andere Sichtbar sei. Da ich kein besonderer Crack bin was den PC angeht, bin ich vorsichtshalber mit dem Laptop on, da ich nicht weiß, ob es ein Fehler meinerseits war (obwohl ich keine Einstellungen vorgenommen habe) oder das Resultat des Trojaners.

Beim Start von GMER kam dazu noch folgende Fehlermeldung:

C;\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.


Code:
ATTFilter
OTL Extras logfile created on: 2013-06-19 11:54:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\DaVinci\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: yyyy-MM-dd
 
3,98 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,25% Memory free
7,96 Gb Paging File | 6,60 Gb Available in Paging File | 82,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,02 Gb Total Space | 21,12 Gb Free Space | 17,75% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 151,60 Gb Total Space | 108,64 Gb Free Space | 71,66% Space Free | Partition Type: NTFS
 
Computer Name: DAVINCI-PC | User Name: DaVinci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0553D3E4-F026-4EC2-A498-369477216DC8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0C2965E3-ED8D-4540-966D-20F8AD0AE60B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1A5001CF-DAC0-4C4E-90A5-7496B89F751A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4207F789-8FA1-4B4A-AD24-112C8DE85CF3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4EDC5C93-A643-4E75-973E-4EEDB43DCC76}" = lport=139 | protocol=6 | dir=in | app=system | 
"{68785508-6529-4EC5-88B9-A787E839706B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{825B5FA1-57F7-4A59-832E-D1BD5379B0FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{89101395-195E-4DD2-BAC2-361DD83F303A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8B2C56C8-B16C-47AB-8A99-3251A0D0CF0E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9089B609-92AA-4B67-8A57-56E6CFD4EB65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A9FA7CDD-2847-4C7F-8065-70806C38E486}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AEB855A9-C1D9-4F04-AF5A-6F7350287733}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AEBBC548-9578-41D7-89CD-7E75C6368908}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B14C63A5-80E0-47B6-8B8B-1CA81564892B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B4F975AE-780B-484F-B473-5D4E704CF088}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BC65064B-29AE-4E0F-9263-2253B2858354}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C563FB7C-14B0-4836-9AC1-01CED9C30F9A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D4E23544-DBAB-4117-80F5-E5883FA15F4B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DDD2CECB-BB2F-43D2-9883-8F30D464241C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E7194A8C-5A07-482A-BFAB-A3A8E58223E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ECEC10ED-660A-4C74-963B-735E38D871CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F07D2C1F-C761-411A-AB90-EFB0A8FA446C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F28B0091-E4F1-45F4-8815-50579457F2A6}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036B9339-A769-4B9B-A982-2AC271D6615D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counter-strike\hl.exe | 
"{12361D03-BB14-4792-B41F-B3D32438AE26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{12DF4DC6-4F19-4917-8FEA-D5BC223A5417}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{12FF0EAF-EA64-43A5-ACE8-06EBC3B6376B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{154E9028-63CA-48A2-826D-4666020713AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{238B3F09-5CFE-441A-AF9B-CF9634C0AF4E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | 
"{28316493-483E-44C0-B227-561F7D8AD1E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{285DAFF9-7133-4053-AC75-58B051689C08}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{292A99CD-5482-407B-921A-134E22D564EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{3157DC32-63A3-4F67-B803-EE615244948C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{35076243-6E6B-41BC-9069-4EA0B01CDBDF}" = protocol=6 | dir=out | app=system | 
"{3A0A501B-3853-4ABD-8B09-5FB61462D548}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3B9A3F6B-2568-46A6-A641-6957AC8DF444}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | 
"{3E7AF965-E883-474A-99F3-D08997FC9C7C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{449EC967-AFE7-4251-B90D-0A2810C0B2D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{452CBEAB-3E69-4DD2-A2CF-7A771557439A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | 
"{4F60B938-75BE-4082-9BD2-2291E759D949}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{532C4A10-163C-41D3-893B-F98E10C15D0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{5AAF5415-0104-4572-A89A-A1256B9BB603}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{5EDC3F61-508A-4F3E-BA55-155458C1EC5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{62D50EFC-E70A-40E9-AC73-1C9D5402BCB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{638E2C30-ED2F-4144-A95E-8D8EC9A672C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6426AFCF-6961-44F3-BB38-1CB45589819A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6A6FDBA5-560D-448E-B489-B186BD9C02C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6B8ED369-2DA2-4DF1-912E-9A9A18EC5ECC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{6DE36391-1968-452D-8ED4-1F8AE6B1D54D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{718EFA78-64D8-4470-A823-DC4071B35BFF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{79DC69DC-EE47-42D7-A39C-E3AE5EE29B27}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{7AD0A081-B342-4892-8E25-242A5B138D3D}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{7D91122E-8A1B-455E-830D-6E8743D44B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{7FC1A397-BE97-4424-836B-B6E9E437AF9E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8490BB6D-56F6-480F-B985-045FBFBC69FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{85BB28F8-6A2E-4BD1-B345-540A3C056D0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{874FCBFD-3385-42D8-BCD7-970FD23C80BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{8AA5E43D-2AA1-4A87-B8EA-43BC2A164B43}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8F036BB7-2D14-4D73-B16B-D22CAE583106}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | 
"{904D490A-A3CC-4927-9904-89BFFDB1450F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | 
"{A10AD277-0AD4-4E0A-8B85-C791D2B25B7C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A4823EF5-673A-43EB-8738-A48B0FD18A63}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A7B9DE1B-55A9-4A2E-81FB-E08F3B6B377A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AD78156D-8A28-43D0-A3C0-6B537E7833BC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{B0F7B9D1-94CF-4948-8030-6E50CA1389CB}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{B17170B0-239B-4B06-A5C8-B99F9843228B}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{B2B128E7-4158-4E59-A384-56C1179E7B7A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{B30F00DB-7F81-45FB-AACD-9222506C5EDA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{B91B977C-49BD-436C-AB01-9BE6457D155E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B9239524-87A5-4A3D-86EF-A9465E8388D0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{B9E9494F-5E31-4F0D-88B6-7CA097DC9E14}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | 
"{BA04311E-4C59-4039-887B-A60AA1260980}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{BC4103F3-2F53-4638-9424-6AA72A222F8D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | 
"{C3892E94-C7CC-4E44-8671-CEEC7161262D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C44CD806-F49A-4A5C-8EA7-3725C54863A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C62B3C39-ADB1-46AD-995B-14231ACBF53A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{D15BBCFB-9B58-43FF-ABC9-9D07007C7603}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{D1D42D08-2D44-4320-9BC8-514E42236850}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{D31469D5-A9BC-40EE-BBAD-711C48F5D45F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{D6961163-EC43-403B-8597-9C3B0C365317}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{D6E1B6B8-C003-48DA-990B-6519885A66D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{DEAE91D6-1D1E-43D4-80D6-409936DBB7A9}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{E46097B4-19EE-47EA-8A4F-AA4E357C0ED6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E7364D8D-D3E6-4D4B-B796-D5EC84E34641}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{EBE9A6DC-792C-4D23-BEBF-2C81CC377800}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counter-strike\hl.exe | 
"{F1978D20-0736-4BB3-854B-30A4CE164AEB}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | 
"{FBFBB623-8835-4D8E-A56D-567CA647E65F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{274C41A6-BA04-4B61-8A64-72CDCA607875}G:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"TCP Query User{7027B254-3B00-4595-A8C3-DE20B1E333BA}C:\program files (x86)\steam\steamapps\***\counterstrike source beta\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counterstrike source beta\hl2.exe | 
"UDP Query User{0C61DD18-B705-4335-B556-2FD8B6910CFD}C:\program files (x86)\steam\steamapps\***\counterstrike source beta\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counterstrike source beta\hl2.exe | 
"UDP Query User{F76BBE59-26C0-4D6F-BAB9-075DD2A28AD1}G:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{26F32F41-2AA7-4DC9-B995-EA9860AE8C3B}" = Saitek SD6 Programming Software 6.2.1.3
"{34280DB1-8558-4709-AB7E-62A572C03355}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"SearchAnonymizer" = SearchAnonymizer
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7055
"{3B345B4A-2E94-4346-A38F-17E1347A0DA7}" = HTC Sync
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{91923599-1A3C-4EEE-B70C-8B309269DEF7}" = Sound Blaster Recon3D PCIe
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0.1.8
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6
"adawaretb" = Ad-Aware Security Add-on
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Steam App 130" = Half-Life: Blue Shift
"Steam App 20" = Team Fortress Classic
"Steam App 205100" = Dishonored
"Steam App 30" = Day of Defeat
"Steam App 40" = Deathmatch Classic
"Steam App 50" = Half-Life: Opposing Force
"Steam App 60" = Ricochet
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8870" = BioShock Infinite
"SysInfo" = Creative Systeminformationen
"SystemRequirementsLab" = System Requirements Lab
"True - ROCCAT 1.1.0" = True - ROCCAT 1.1.0
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 1.1.11
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2013-06-15 08:46:47 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2013-06-16 05:35:08 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2013-06-17 05:34:32 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2013-06-18 04:08:36 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2013-06-18 04:10:00 | Computer Name = DaVinci-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.78.87.58 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: fec    Startzeit: 
01ce6bfb0ef83191    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID:
 765bb5c1-d7ee-11e2-bea1-002522d93037  
 
Error - 2013-06-18 04:40:23 | Computer Name = DaVinci-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 SB Recon3D PCIe Audio Bus Filter.  System Error: Das System kann die angegebene Datei
 nicht finden.  .
 
Error - 2013-06-18 04:40:52 | Computer Name = DaVinci-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 SB Recon3D PCIe Audio Bus Filter.  System Error: Das System kann die angegebene Datei
 nicht finden.  .
 
Error - 2013-06-18 04:51:28 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2013-06-19 05:36:30 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2013-06-19 05:53:22 | Computer Name = DaVinci-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.1106,
 Zeitstempel: 0x50f957dd  Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.1106,
 Zeitstempel: 0x50f957dd  Ausnahmecode: 0x40000015  Fehleroffset: 0x0000000000155149
ID
 des fehlerhaften Prozesses: 0xde4  Startzeit der fehlerhaften Anwendung: 0x01ce6cd0869bb007
Pfad
 der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Berichtskennung:
 13309109-d8c6-11e2-939d-002522d93037
 
[ Spybot - Search and Destroy Events ]
Error - 2012-11-22 16:25:40 | Computer Name = DaVinci-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 2012-12-01 08:24:41 | Computer Name = DaVinci-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 2012-12-21 14:19:31 | Computer Name = DaVinci-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 2013-02-12 12:57:57 | Computer Name = DaVinci-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 2013-06-18 04:23:42 | Computer Name = DaVinci-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.151.2345.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%853     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9506.0     Fehlercode: 0x80240022     Fehlerbeschreibung: Die
 Suche des Programms nach Definitionsaktualisierungen ist nicht möglich. 
 
Error - 2013-06-18 04:23:42 | Computer Name = DaVinci-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.151.2345.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%853     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9506.0     Fehlercode: 0x80240022     Fehlerbeschreibung: Die
 Suche des Programms nach Definitionsaktualisierungen ist nicht möglich. 
 
Error - 2013-06-18 04:32:38 | Computer Name = DaVinci-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.151.2345.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9506.0     Fehlercode: 0x8024402c     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 2013-06-18 04:53:29 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 2013-06-18 04:53:29 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 2013-06-19 05:38:31 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 2013-06-19 05:38:31 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 2013-06-19 05:46:30 | Computer Name = DaVinci-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.153.22.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.9607.0     Fehlercode:
 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
Error - 2013-06-19 05:53:21 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 2013-06-19 05:53:21 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-19 12:16:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_470_Series_SSD rev.AXM09B1Q 119,24GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\DaVinci\AppData\Local\Temp\awliifod.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                        0000000072df1a22 2 bytes [DF, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                        0000000072df1ad0 2 bytes [DF, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                        0000000072df1b08 2 bytes [DF, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                        0000000072df1bba 2 bytes [DF, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                        0000000072df1bda 2 bytes [DF, 72]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69   0000000076a91465 2 bytes [A9, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  0000000076a914bb 2 bytes [A9, 76]
.text   ...                                                                                                                            * 2
.text   C:\ProgramData\Search Protection\SearchProtection.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000076a91465 2 bytes [A9, 76]
.text   C:\ProgramData\Search Protection\SearchProtection.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           0000000076a914bb 2 bytes [A9, 76]
.text   ...                                                                                                                            * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\kernel32.dll!CreateProcessW                    00000000758b103d 5 bytes JMP 0000000102093dc4
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\advapi32.DLL!CreateProcessAsUserW              000000007669c592 5 bytes JMP 0000000102093b6c
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!WSASend                             00000000759b4406 6 bytes JMP 719a0f5a
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                        00000000759b4889 6 bytes JMP 71af0f5a
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!FreeAddrInfoW                       00000000759b4b1b 6 bytes JMP 71a90f5a
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!recv                                00000000759b6b0e 6 bytes JMP 719d0f5a
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!send                                00000000759b6f01 6 bytes JMP 71a00f5a
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!WSARecv                             00000000759b7089 6 bytes JMP 71970f5a
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult              00000000759b7489 6 bytes JMP 71940f5a
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                      00000000759bd1ea 6 bytes JMP 71a60f5a
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!FreeAddrInfoEx                      00000000759be14d 6 bytes JMP 71a30f5a
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetCloseHandle                0000000075ab4282 5 bytes JMP 0000000102092b74
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpQueryInfoA                     0000000075ab7079 5 bytes JMP 0000000102092aa4
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpQueryInfoW                     0000000075ab77c2 5 bytes JMP 0000000102092b0c
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpSendRequestW                   0000000075ab7ca6 5 bytes JMP 00000001020904f8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpOpenRequestW                   0000000075ab83dd 5 bytes JMP 000000010208eac8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetConnectW                   0000000075abb214 5 bytes JMP 000000010208e1c0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetQueryDataAvailable         0000000075ac92e9 5 bytes JMP 0000000102091400
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetReadFile                   0000000075ac972b 5 bytes JMP 000000010209192c
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetReadFileExW                0000000075adadd7 5 bytes JMP 00000001020922dc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetReadFileExA                0000000075adae2e 5 bytes JMP 0000000102091b14
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetOpenA                      0000000075b0cf60 5 bytes JMP 000000010208e16c
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetConnectA                   0000000075b5d0b3 5 bytes JMP 000000010208e3a0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpSendRequestA                   0000000075b832f2 5 bytes JMP 000000010208fd80
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpOpenRequestA                   0000000075b83595 5 bytes JMP 000000010208ed1c

---- Threads - GMER 2.1 ----

Thread  C:\Program Files (x86)\Internet Explorer\iexplore.exe [3860:3868]                                                              0000000002099310
Thread  C:\Program Files (x86)\Internet Explorer\iexplore.exe [3860:3900]                                                              00000000020991e0
Thread  C:\Windows\SysWOW64\svchost.exe [960:3992]                                                                                     000000007efa0000
Thread  C:\Windows\SysWOW64\svchost.exe [960:1308]                                                                                     000000007efab973
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:3408]                                                         0000000077c53e45
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:392]                                                          00000000759f7587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:1496]                                                         00000000746a0cb3
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:1548]                                                         0000000077c52e25
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:2272]                                                         0000000077c53e45

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk1\DR1                                                                                                          unknown MBR code

---- EOF - GMER 2.1 ----
         

Code:
ATTFilter
OTL logfile created on: 2013-06-19 11:54:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\DaVinci\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: yyyy-MM-dd
 
3,98 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,25% Memory free
7,96 Gb Paging File | 6,60 Gb Available in Paging File | 82,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,02 Gb Total Space | 21,12 Gb Free Space | 17,75% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 151,60 Gb Total Space | 108,64 Gb Free Space | 71,66% Space Free | Partition Type: NTFS
 
Computer Name: DAVINCI-PC | User Name: DaVinci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-06-19 11:42:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DaVinci\Desktop\OTL.exe
PRC - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-12-18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-11-16 11:09:00 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012-11-13 15:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012-11-13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012-11-13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012-11-06 23:16:50 | 000,485,272 | ---- | M] (Lavasoft.) -- C:\ProgramData\Search Protection\SearchProtection.exe
PRC - [2011-12-10 19:38:43 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe
PRC - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009-05-15 08:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009-05-01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013-01-28 15:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-06-07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-05-30 16:23:35 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-04-19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-02-26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-01-28 15:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013-01-28 15:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2013-01-27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013-01-27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-12-18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-12-28 23:13:57 | 000,040,960 | ---- | M] () [Disabled | Stopped] -- C:\Users\DaVinci\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011-12-10 19:38:43 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011-09-27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009-07-26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-05-15 08:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-05-01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe -- (Prosieben)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013-01-20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012-11-22 21:59:33 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-12-11 19:33:22 | 000,014,592 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MassDfu.sys -- (DFU)
DRV:64bit: - [2011-09-02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011-09-02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011-07-08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-08 07:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011-02-08 07:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-09-30 21:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010-09-30 21:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010-06-25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010-06-23 11:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008-08-14 07:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2008-02-18 16:20:21 | 000,041,216 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2008-02-18 16:20:21 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2008-01-21 10:20:50 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728)
DRV - [2012-11-16 17:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011-12-11 19:33:22 | 000,014,592 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MassDfu.sys -- (DFU)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=7471FD209B2253C56647FE50AE83CEAC
IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{0DFC1506-A213-4AD2-BF3A-B7D16AB1661F}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{31631685-EB30-4952-9C62-13C32BF15F47}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{32F517FE-A623-422E-85CD-115A391E411F}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=7471FD209B2253C56647FE50AE83CEAC&q={searchTerms}
IE - HKCU\..\SearchScopes\{758F30B4-EDAE-414B-9ADB-70A79CDD2A0D}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{BF792BF7-5417-44B5-BFCB-6AA1BFDD2ABC}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{FA0A1C98-1314-410E-BBFC-5BE29AF51A60}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=7471FD209B2253C56647FE50AE83CEAC"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.2
FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=7471FD209B2253C56647FE50AE83CEAC&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-06-02 19:20:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\extensions\mail@gutscheinrausch.de [2011-12-28 23:07:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\extensions\firejump@firejump.net [2012-03-25 19:35:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-06-02 19:20:08 | 000,000,000 | ---D | M]
 
[2011-11-18 17:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Extensions
[2013-05-10 19:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions
[2012-11-22 21:58:07 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012-03-25 19:35:53 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions\firejump@firejump.net
[2012-11-22 21:58:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011-12-28 23:07:54 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions\mail@gutscheinrausch.de
[2013-05-10 19:15:02 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011-12-28 23:13:58 | 000,002,182 | ---- | M] () -- C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\searchplugins\{B5EB2D7B-EA87-4A1C-9C95-22B60289593D}.xml
[2011-12-28 23:13:58 | 000,001,864 | ---- | M] () -- C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\searchplugins\{CF3A2487-E996-4C04-BA3D-17506E6357EA}.xml
[2011-12-28 23:13:58 | 000,002,071 | ---- | M] () -- C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\searchplugins\{E711E580-7D5D-41A2-91EC-CE152B78DA82}.xml
[2013-05-30 16:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013-05-30 16:23:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012-11-22 21:58:08 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\DaVinci\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiVolume] C:\Programme\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat ()
O4 - HKCU..\Run: [exectt] C:\Users\DaVinci\AppData\Roaming\exectt.exe ()
O4 - HKCU..\Run: [jrtecxbt] C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln\gauigcxbt.exe (CJSC "Computing Forces")
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\DaVinci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EAB614B-FABC-4BC6-9543-68D533D4B45A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\sbrnpcie.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sbrnpcie.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-06-19 11:42:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DaVinci\Desktop\OTL.exe
[2013-06-18 10:13:18 | 000,000,000 | ---D | C] -- C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln
[2013-06-02 19:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013-05-30 16:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-05-25 18:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013-05-25 18:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013-05-25 18:56:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013-06-19 11:52:39 | 000,000,000 | ---- | M] () -- C:\Users\DaVinci\defogger_reenable
[2013-06-19 11:48:42 | 001,527,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-06-19 11:48:42 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013-06-19 11:48:42 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-06-19 11:48:42 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013-06-19 11:48:42 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-06-19 11:44:12 | 000,025,206 | ---- | M] () -- C:\Users\DaVinci\Desktop\SystemScan.odt
[2013-06-19 11:43:32 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-06-19 11:43:32 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-06-19 11:43:17 | 000,377,856 | ---- | M] () -- C:\Users\DaVinci\Desktop\gmer_2.1.19163.exe
[2013-06-19 11:42:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DaVinci\Desktop\OTL.exe
[2013-06-19 11:41:38 | 000,050,477 | ---- | M] () -- C:\Users\DaVinci\Desktop\Defogger.exe
[2013-06-19 11:36:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-06-18 10:51:26 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-06-18 10:40:20 | 000,000,051 | RH-- | M] () -- C:\Windows\ctfile.rfc
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013-06-19 11:52:39 | 000,000,000 | ---- | C] () -- C:\Users\DaVinci\defogger_reenable
[2013-06-19 11:44:10 | 000,025,206 | ---- | C] () -- C:\Users\DaVinci\Desktop\SystemScan.odt
[2013-06-19 11:43:11 | 000,377,856 | ---- | C] () -- C:\Users\DaVinci\Desktop\gmer_2.1.19163.exe
[2013-06-19 11:41:37 | 000,050,477 | ---- | C] () -- C:\Users\DaVinci\Desktop\Defogger.exe
[2013-06-18 10:51:23 | 000,294,344 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-09-14 10:32:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012-09-14 10:32:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012-01-28 12:39:16 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012-01-28 12:39:16 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012-01-28 12:38:54 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012-01-25 09:27:17 | 000,003,492 | ---- | C] () -- C:\Windows\Solitaire.ini
[2011-12-28 23:07:53 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011-12-10 19:38:45 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-12-10 19:38:43 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-11-18 18:56:36 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2011-11-18 18:56:36 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011-11-18 18:56:35 | 001,202,763 | ---- | C] () -- C:\Windows\unins000.exe
[2011-11-18 18:56:35 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll
[2011-11-18 18:56:35 | 000,012,750 | ---- | C] () -- C:\Windows\unins000.dat
[2011-11-18 18:43:51 | 001,555,974 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1601-01-01 02:00:00 | 000,242,176 | ---- | C] () -- C:\Users\DaVinci\AppData\Roaming\exectt.exe
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011-12-04 20:32:44 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Acreon
[2013-04-25 16:40:50 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Amazon
[2012-11-22 21:58:08 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\blekko
[2013-06-18 10:13:18 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln
[2012-12-27 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\ControlCenter4
[2011-11-18 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\DAEMON Tools Lite
[2011-12-28 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\DesktopIconForAmazon
[2012-09-11 15:33:52 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\HTC
[2013-05-25 18:59:24 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\ICQ
[2011-11-18 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Leadertech
[2012-12-26 17:33:13 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\noteMaNIA
[2013-01-20 20:06:48 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Nuance
[2011-12-28 23:13:57 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\OCS
[2011-11-18 20:40:13 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\OpenOffice.org
[2011-12-28 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Opera
[2011-12-10 19:38:41 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\PunkBuster
[2013-02-05 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\smc
[2011-11-18 18:47:34 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Thunderbird
[2013-06-18 10:18:23 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\TS3Client
[2013-01-20 14:44:59 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\TuneUp Software
[2013-01-20 20:06:50 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 19.06.2013, 12:12   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan:Win32/Matsun, Logs - Standard

Trojan:Win32/Matsun, Logs



Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 20.06.2013, 11:55   #3
Sýdnaý
 
Trojan:Win32/Matsun, Logs - Standard

Trojan:Win32/Matsun, Logs



Hallo,

hier die angeforderten Logs


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2013
Ran by DaVinci (administrator) on 20-06-2013 12:46:14
Running from C:\Users\DaVinci\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Saitek) C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lavasoft.) C:\ProgramData\Search Protection\SearchProtection.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Ocs_SM] C:\Users\DaVinci\AppData\Roaming\OCS\SM\SearchAnonymizer.exe                                                                                                                                                                                                              [106496 2011-12-28] (OCS)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe [186880 2008-01-18] (Saitek)
HKLM\...\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [194560 2008-01-18] (Saitek)
HKLM\...\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [352256 2008-01-18] (Saitek)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [jrtecxbt] C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln\gauigcxbt.exe [122368 2013-06-19] (CJSC "Computing Forces")
HKCU\...\Run: [exectt] "C:\Users\DaVinci\AppData\Roaming\exectt.exe" -autorun [242176 1693-10-01] ()
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542104 2012-11-16] (Lavasoft)
HKLM-x32\...\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat [172 2012-11-22] ()
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKU\UpdatusUser\...\Run: [zASRockInstantBoot]  [x]
HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-07] (Valve Corporation)
HKU\UpdatusUser\...\Run: [CTRegRun] C:\Windows\CTRegRun.EXE [53248 2006-10-06] (Creative Technology Ltd )
HKU\UpdatusUser\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [x]
HKU\UpdatusUser\...\RunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller [x]
HKU\UpdatusUser\...\RunOnce: [InetReg] "C:\Program Files (x86)\Creative\Produktregistrierung\German\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6 [x]
IMEO\sbrnpcie.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\Users\DaVinci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=7471FD209B2253C56647FE50AE83CEAC
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
URLSearchHook: (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} -  No File
SearchScopes: HKCU - {0DFC1506-A213-4AD2-BF3A-B7D16AB1661F} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {31631685-EB30-4952-9C62-13C32BF15F47} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {32F517FE-A623-422E-85CD-115A391E411F} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=7471FD209B2253C56647FE50AE83CEAC&q={searchTerms}
SearchScopes: HKCU - {758F30B4-EDAE-414B-9ADB-70A79CDD2A0D} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {BF792BF7-5417-44B5-BFCB-6AA1BFDD2ABC} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {FA0A1C98-1314-410E-BBFC-5BE29AF51A60} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=7471FD209B2253C56647FE50AE83CEAC&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FireJump - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\firejump@firejump.net
FF Extension: Lavasoft Search Plugin - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF Extension: Gutscheinrausch.de - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\mail@gutscheinrausch.de
FF Extension: Ad-Aware Security Add-on - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF Extension: No Name - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\firejump_1027.zip
FF Extension: No Name - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-12-10] ()
R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S4 SearchAnonymizer; C:\Users\DaVinci\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2011-12-28] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

S3 DFU; C:\Windows\System32\drivers\MassDfu.sys [14592 2011-12-11] (Philips PTCL)
S3 DFU; C:\Windows\SysWow64\drivers\MassDfu.sys [14592 2011-12-11] (Philips PTCL)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-11-22] (GFI Software)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [16000 2008-02-18] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [41216 2008-02-18] (Saitek)
S3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 cthda; system32\drivers\cthda.sys [x]
U3 JavaQuickStarterService; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-20 12:45 - 2013-06-20 12:45 - 00000000 ____D C:\FRST
2013-06-20 12:44 - 2013-06-20 12:44 - 01929572 ____A (Farbar) C:\Users\DaVinci\Desktop\FRST64.exe
2013-06-19 12:16 - 2013-06-19 12:16 - 00008262 ____A C:\Users\DaVinci\Desktop\Gmer.log
2013-06-19 12:00 - 2013-06-19 12:09 - 00010266 ____A C:\Users\DaVinci\Desktop\trojaner.odt
2013-06-19 11:57 - 2013-06-19 11:57 - 00076934 ____A C:\Users\DaVinci\Desktop\Extras.Txt
2013-06-19 11:56 - 2013-06-19 11:56 - 00074876 ____A C:\Users\DaVinci\Desktop\OTL.Txt
2013-06-19 11:52 - 2013-06-19 12:15 - 00000476 ____A C:\Users\DaVinci\Desktop\defogger_disable.log
2013-06-19 11:52 - 2013-06-19 11:52 - 00000000 ____A C:\Users\DaVinci\defogger_reenable
2013-06-19 11:44 - 2013-06-19 11:44 - 00025206 ____A C:\Users\DaVinci\Desktop\SystemScan.odt
2013-06-19 11:43 - 2013-06-19 11:43 - 00377856 ____A C:\Users\DaVinci\Desktop\gmer_2.1.19163.exe
2013-06-19 11:42 - 2013-06-19 11:42 - 00602112 ____A (OldTimer Tools) C:\Users\DaVinci\Desktop\OTL.exe
2013-06-19 11:41 - 2013-06-19 11:41 - 00050477 ____A C:\Users\DaVinci\Desktop\Defogger.exe
2013-06-18 10:51 - 2013-06-20 12:38 - 00001223 ____A C:\Windows\setupact.log
2013-06-18 10:51 - 2013-06-18 10:51 - 00294344 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-18 10:51 - 2013-06-18 10:51 - 00064152 ____A C:\Users\DaVinci\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-18 10:51 - 2013-06-18 10:51 - 00002102 ____A C:\Windows\PFRO.log
2013-06-18 10:51 - 2013-06-18 10:51 - 00000000 ____A C:\Windows\setuperr.log
2013-06-18 10:13 - 2013-06-18 10:13 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln
2013-06-17 12:59 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-17 12:59 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-17 12:59 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-17 12:59 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-17 12:59 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-17 12:59 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-17 12:59 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-17 12:59 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-17 12:59 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-17 12:59 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-17 12:59 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-17 12:59 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-17 12:59 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-17 12:59 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-17 12:59 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-17 12:59 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-17 12:59 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-17 12:59 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-17 12:59 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-17 12:59 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-17 12:59 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-17 12:59 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-17 12:59 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-17 12:59 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-17 12:59 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-17 12:59 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-17 12:59 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-17 12:59 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-17 12:59 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-17 12:59 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-17 12:59 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-17 12:55 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-17 12:55 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-17 12:55 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-17 12:55 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-17 12:55 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-17 12:55 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-17 12:55 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-17 12:55 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-17 12:55 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-17 12:55 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-17 12:55 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-17 12:55 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-17 12:55 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-17 12:55 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-17 12:55 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-17 12:55 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-17 12:55 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-16 20:55 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-16 20:55 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-02 19:19 - 2013-06-02 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-30 16:23 - 2013-06-18 10:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-25 18:56 - 2013-05-25 19:06 - 228075456 ____A (NVIDIA Corporation) C:\Users\DaVinci\Downloads\320.18-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-05-25 18:56 - 2013-05-25 18:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-25 18:55 - 2013-05-25 18:55 - 01337448 ____A (Skype Technologies S.A.) C:\Users\DaVinci\Downloads\SkypeSetup(1).exe

==================== One Month Modified Files and Folders =======

2013-06-20 12:45 - 2013-06-20 12:45 - 00000000 ____D C:\FRST
2013-06-20 12:45 - 2011-11-19 02:08 - 00664618 ____A C:\Windows\System32\perfh007.dat
2013-06-20 12:45 - 2011-11-19 02:08 - 00134786 ____A C:\Windows\System32\perfc007.dat
2013-06-20 12:45 - 2009-07-14 07:13 - 01527550 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-20 12:45 - 2009-07-14 06:45 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 12:45 - 2009-07-14 06:45 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-20 12:44 - 2013-06-20 12:44 - 01929572 ____A (Farbar) C:\Users\DaVinci\Desktop\FRST64.exe
2013-06-20 12:42 - 2011-11-18 17:17 - 01657750 ____A C:\Windows\WindowsUpdate.log
2013-06-20 12:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-20 12:38 - 2013-06-18 10:51 - 00001223 ____A C:\Windows\setupact.log
2013-06-20 12:38 - 2011-11-18 18:14 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-20 12:38 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 12:16 - 2013-06-19 12:16 - 00008262 ____A C:\Users\DaVinci\Desktop\Gmer.log
2013-06-19 12:15 - 2013-06-19 11:52 - 00000476 ____A C:\Users\DaVinci\Desktop\defogger_disable.log
2013-06-19 12:09 - 2013-06-19 12:00 - 00010266 ____A C:\Users\DaVinci\Desktop\trojaner.odt
2013-06-19 11:57 - 2013-06-19 11:57 - 00076934 ____A C:\Users\DaVinci\Desktop\Extras.Txt
2013-06-19 11:56 - 2013-06-19 11:56 - 00074876 ____A C:\Users\DaVinci\Desktop\OTL.Txt
2013-06-19 11:52 - 2013-06-19 11:52 - 00000000 ____A C:\Users\DaVinci\defogger_reenable
2013-06-19 11:52 - 2011-11-18 17:17 - 00000000 ____D C:\users\DaVinci
2013-06-19 11:44 - 2013-06-19 11:44 - 00025206 ____A C:\Users\DaVinci\Desktop\SystemScan.odt
2013-06-19 11:43 - 2013-06-19 11:43 - 00377856 ____A C:\Users\DaVinci\Desktop\gmer_2.1.19163.exe
2013-06-19 11:42 - 2013-06-19 11:42 - 00602112 ____A (OldTimer Tools) C:\Users\DaVinci\Desktop\OTL.exe
2013-06-19 11:41 - 2013-06-19 11:41 - 00050477 ____A C:\Users\DaVinci\Desktop\Defogger.exe
2013-06-18 10:51 - 2013-06-18 10:51 - 00294344 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-18 10:51 - 2013-06-18 10:51 - 00064152 ____A C:\Users\DaVinci\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-18 10:51 - 2013-06-18 10:51 - 00002102 ____A C:\Windows\PFRO.log
2013-06-18 10:51 - 2013-06-18 10:51 - 00000000 ____A C:\Windows\setuperr.log
2013-06-18 10:43 - 2013-05-30 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-18 10:41 - 2012-02-03 20:26 - 00000000 ____D C:\Program Files (x86)\Creative
2013-06-18 10:40 - 2012-02-03 20:28 - 00000000 ____D C:\ProgramData\Creative
2013-06-18 10:40 - 2012-02-03 20:28 - 00000000 ____D C:\Program Files\Creative
2013-06-18 10:40 - 2012-02-03 20:27 - 00000051 __RAH C:\Windows\ctfile.rfc
2013-06-18 10:18 - 2012-04-09 13:14 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\TS3Client
2013-06-18 10:18 - 2011-11-19 02:10 - 00000000 ____D C:\Windows\Panther
2013-06-18 10:18 - 2011-11-18 18:59 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-18 10:13 - 2013-06-18 10:13 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln
2013-06-17 13:00 - 2011-11-21 21:54 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-17 11:42 - 2012-06-26 22:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-17 11:42 - 2011-11-18 17:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-08 16:08 - 2013-06-17 12:59 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-17 12:59 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-17 12:59 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-17 12:59 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-17 12:59 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-17 12:59 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-17 12:59 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-17 12:59 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-17 12:59 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-17 12:59 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-17 12:59 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-17 12:59 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-05 11:59 - 2012-05-10 18:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-02 19:22 - 2013-06-02 19:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-25 20:09 - 2012-11-15 14:08 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\Skype
2013-05-25 19:06 - 2013-05-25 18:56 - 228075456 ____A (NVIDIA Corporation) C:\Users\DaVinci\Downloads\320.18-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-05-25 18:59 - 2011-11-18 22:12 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\ICQ
2013-05-25 18:56 - 2013-05-25 18:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-25 18:56 - 2012-11-15 14:08 - 00000000 ____D C:\ProgramData\Skype
2013-05-25 18:55 - 2013-05-25 18:55 - 01337448 ____A (Skype Technologies S.A.) C:\Users\DaVinci\Downloads\SkypeSetup(1).exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-16 13:06

==================== End Of Log ============================
         
--- --- ---

--- --- ---

[/CODE]


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2013
Ran by DaVinci at 2013-06-20 12:46:32 Run:
Running from C:\Users\DaVinci\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Ad-Aware Security Add-on (Version: 2.2.0.17)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.168)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.5) - Deutsch (Version: 10.1.5)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Advertising Center (Version: 0.0.0.1)
Allgemeine Runtime Files (x86) (Version: 1.0.3.2)
Amazon Kindle
ASRock InstantBoot v1.26
Assassin's Creed Revelations (Version: 1.01)
BioShock Infinite
Brother MFL-Pro Suite DCP-7055 (Version: 1.0.7.0)
CCleaner (Version: 3.12)
Counter-Strike: Global Offensive
Creative Systeminformationen (Version: 1.10)
Day of Defeat
Deathmatch Classic
Desktop Icon für Amazon (Version: 1.0.1 (de))
Dishonored (Version: 1.0)
Dolby Digital Live Pack (Version: 3.03)
DolbyFiles (Version: 2.0)
Dragon Age II (Version: 1.04)
Dragon Age: Origins (Version: 1.00)
eReg (Version: 1.20.138.34)
Etron USB3.0 Host Controller (Version: 0.96)
FireJump 1.0.1.8 (Version: 1.0.1.8)
GutscheinRausch.de - AddOn für Firefox (Version: 2.81)
Half-Life: Blue Shift
Half-Life: Opposing Force
HTC Driver Installer (Version: 3.0.0.006)
HTC Sync (Version: 3.0.5527)
ICQ7.7 (Version: 7.7)
ImagXpress (Version: 7.0.74.0)
Intel(R) Management Engine Components (Version: 7.0.0.1144)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
Java(TM) 6 Update 27 (Version: 6.0.270)
Java(TM) 6 Update 29 (64-bit) (Version: 6.0.290)
Java(TM) 7 Update 4 (64-bit) (Version: 7.0.40)
JavaFX 2.1.1 (Version: 2.1.1)
Logitech SetPoint 6.32 (Version: 6.32.20)
maxdome Download Manager 4.1.300.78 (Version: 4.1.30078)
Menu Templates - Starter Kit (Version: 9.4.2.0)
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 1.1 SP1
Microsoft .NET Framework 1.1 SP1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 17.0.6)
Mozilla Thunderbird 17.0.6 (x86 de) (Version: 17.0.6)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero BurnRights (Version: 3.4.10.100)
Nero DiscSpeed (Version: 5.4.10.100)
Nero DriveSpeed (Version: 4.4.10.100)
Nero InfoTool (Version: 6.4.10.100)
Nero Installer (Version: 4.4.8.1)
Nero StartSmart (Version: 9.4.11.100)
NeroBurningROM (Version: 9.4.13.100)
NeroExpress (Version: 9.4.13.100)
neroxml (Version: 1.0.0)
NVIDIA 3D Vision Controller-Treiber 285.62 (Version: 285.62)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA HD-Audiotreiber 1.2.24.0 (Version: 1.2.24.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.11.1111)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
PaperPort Image Printer 64-bit (Version: 1.00.0001)
PunkBuster Services (Version: 0.991)
Rayman Origins (Version: 1.02)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6167)
Ricochet
Saitek Cyborg Keyboard Volume 6.2.1.3 (Version: 6.2.1.3)
Saitek SD6 Programming Software 6.2.1.3 (Version: 6.2.1.3)
Samsung SSD Magician (Version: 1.2)
SearchAnonymizer (Version: 1.0.1 (de))
Skype™ 6.3 (Version: 6.3.107)
Sound Blaster Recon3D PCIe (Version: 1.00.07)
Spybot - Search & Destroy (Version: 2.0.12)
Steam (Version: 1.0.0.0)
System Requirements Lab
Team Fortress Classic
TeamSpeak 3 Client (Version: 3.0.10.1)
True - ROCCAT 1.1.0
TuneUp Utilities 2013 (Version: 13.0.3020.2)
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.3020.2)
TuneUp Utilities Language Pack (de-DE) (Version: 9.0.6030.1)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VLC media player 1.1.11 (Version: 1.1.11)
World of Warcraft

==================== Restore Points  =========================

18-06-2013 08:40:52 Entfernt Host OpenAL

==================== Scheduled Tasks (whitelisted) =============

Task: {160EB9A1-34C2-4EDB-8593-F477858276F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe No File
Task: {2CAB5863-30BB-4FFB-BB14-ECB277AC09AB} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {30B7400E-E04F-4025-8342-DFEC7B118A93} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {363552DC-4F26-4989-BA08-092CE552CF9A} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
Task: {472C8353-AB91-47EE-8E7C-BA0461A4C4D9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe No File
Task: {47AEFD34-857E-4612-BC6B-ADF257CEAFE3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {4A8F3393-28F5-42DD-B872-65B7DF9B24EB} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {4B773A63-C22A-4028-A7F1-07EE11B5EA26} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {6B746E97-9ECA-41D7-9E37-FB7D4291BFA7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe No File
Task: {81DF71DB-90FB-4990-B112-2B979F3AFE72} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {891E8033-18BC-436A-A940-3B71E81F7016} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe No File
Task: {972DAC66-D746-48F7-8C8F-AE4CF357E3DF} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {ACC075F7-09A6-4B91-815C-E38545BDAEDB} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {EFD3A809-DAD3-4AF1-B14B-69C08B68CEC6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe No File

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2013 00:38:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2013 00:23:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 00:24:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 00:21:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 00:12:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 00:06:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000218a
ID des fehlerhaften Prozesses: 0x57c
Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0
Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1
Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2
Berichtskennung: gmer_2.1.19163.exe3

Error: (06/19/2013 11:59:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 11:53:22 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.1106, Zeitstempel: 0x50f957dd
Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.1106, Zeitstempel: 0x50f957dd
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000155149
ID des fehlerhaften Prozesses: 0xde4
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3

Error: (06/19/2013 11:36:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2013 10:51:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/20/2013 00:40:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/20/2013 00:40:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/20/2013 00:35:07 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.153.22.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.2.0223.00

	Quellpfad: 4.2.0223.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/20/2013 00:25:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/20/2013 00:25:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/19/2013 00:35:55 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.153.22.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.2.0223.00

	Quellpfad: 4.2.0223.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/19/2013 00:26:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/19/2013 00:26:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/19/2013 00:23:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/19/2013 00:23:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (06/20/2013 00:38:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2013 00:23:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 00:24:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 00:21:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 00:12:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 00:06:46 PM) (Source: Application Error)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050000218a57c01ce6cd413a7839eC:\Users\DaVinci\Desktop\gmer_2.1.19163.exeC:\Users\DaVinci\Desktop\gmer_2.1.19163.exef2e1f2a7-d8c7-11e2-9858-002522d93037

Error: (06/19/2013 11:59:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 11:53:22 AM) (Source: Application Error)(User: )
Description: nvtray.exe7.17.13.110650f957ddnvtray.exe7.17.13.110650f957dd400000150000000000155149de401ce6cd0869bb007C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exe13309109-d8c6-11e2-939d-002522d93037

Error: (06/19/2013 11:36:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2013 10:51:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-02-22 15:06:30.428
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\wow64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-22 11:09:20.597
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\wow64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-20 16:52:01.446
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\wow64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-20 16:35:42.885
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\wow64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 4078.06 MB
Available physical RAM: 2748.91 MB
Total Pagefile: 8154.3 MB
Available Pagefile: 6739.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.02 GB) (Free:20.61 GB) NTFS (Disk=1 Partition=3)
Drive d: () (Fixed) (Total:146.48 GB) (Free:146.39 GB) NTFS (Disk=0 Partition=1)
Drive e: () (Fixed) (Total:151.6 GB) (Free:108.64 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 21B37DF1)
Partition 1: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=152 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 119 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
==================== End Of Log ============================
         

Mfg

Sýd
__________________

Alt 20.06.2013, 12:21   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan:Win32/Matsun, Logs - Standard

Trojan:Win32/Matsun, Logs



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.06.2013, 11:01   #5
Sýdnaý
 
Trojan:Win32/Matsun, Logs - Standard

Trojan:Win32/Matsun, Logs



Hallo,

habe wie vorgeschrieben alle Programme ausgemacht, dennoch zeigte mir Combofix an, sie seien noch aktiv. Weder in der Taskleiste rechts unten noch im Taskmanager konnte ich Prozesse/Anwendungen finden die auf Spybot oder Security Essentials hinwiesen.


Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-06-21.02 - DaVinci 2013-06-21  11:49:12.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4078.2498 [GMT 2:00]
ausgeführt von:: c:\users\DaVinci\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\DaVinci\AppData\Local\._Revolution_
c:\windows\SysWow64\themeui.dll.tmp
c:\windows\SysWow64\tmp4B71.tmp
c:\windows\SysWow64\tmp4B81.tmp
c:\windows\SysWow64\tmp4D64.tmp
c:\windows\SysWow64\tmp4D65.tmp
c:\windows\SysWow64\uxtheme.dll.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-21 bis 2013-06-21  ))))))))))))))))))))))))))))))
.
.
2013-06-21 09:51 . 2013-06-21 09:51	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-21 09:51 . 2013-06-21 09:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-20 10:49 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37CB875B-E4F6-4D2A-9820-201A612A7C19}\mpengine.dll
2013-06-20 10:45 . 2013-06-20 10:45	--------	d-----w-	C:\FRST
2013-06-18 08:34 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-18 08:13 . 2013-06-18 08:13	--------	d-----w-	c:\users\DaVinci\AppData\Roaming\Ckfgfzgjbln
2013-06-17 10:55 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-16 18:55 . 2013-04-26 05:51	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-06-16 18:55 . 2013-04-26 04:55	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-06-16 09:45 . 2013-05-25 17:39	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63118A0C-5879-4B66-960E-3DAAB5F75711}\gapaengine.dll
2013-06-02 17:19 . 2013-06-02 17:22	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-05-25 16:56 . 2013-05-25 16:56	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-05-25 16:56 . 2013-05-25 16:56	--------	d-----r-	c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-17 11:00 . 2011-11-21 19:54	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-17 09:42 . 2012-06-26 20:58	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-17 09:42 . 2011-11-18 15:53	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-25 17:39 . 2012-02-10 10:31	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 19:33	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 19:33	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 19:33	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 19:33	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 19:33	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 19:33	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 14:44	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 19:33	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 19:33	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 19:33	3153920	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-11-16 21:41	87448	----a-w-	c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"jrtecxbt"="c:\users\DaVinci\AppData\Roaming\Ckfgfzgjbln\gauigcxbt.exe" [2013-06-19 122368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]
"SearchProtection"="c:\programdata\Search Protection\_run.bat" [2012-11-22 172]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\DaVinci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe  /AUTOHIDE [2011-11-18 1265664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"BrStsMon00"=c:\program files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
"Sound Blaster Recon3D PCIe Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" /r
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"ControlCenter4"=c:\program files (x86)\ControlCenter4\BrCcBoot.exe /autorun
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 cthda;SB Recon3D HDAudio;c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 DFU;DFU;c:\windows\system32\drivers\MassDfu.sys;c:\windows\SYSNATIVE\drivers\MassDfu.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys;c:\windows\SYSNATIVE\drivers\skfiltv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 SearchAnonymizer;SearchAnonymizer;c:\users\DaVinci\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe;c:\users\DaVinci\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Prosieben;maxdome Download Manager;c:\program files (x86)\maxdome\DCBin\DCService.exe;c:\program files (x86)\maxdome\DCBin\DCService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0728.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Ocs_SM"="c:\users\DaVinci\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-12-28 106496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 186880]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2008-01-18 194560]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2008-01-18 352256]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=7471FD209B2253C56647FE50AE83CEAC
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=7471FD209B2253C56647FE50AE83CEAC
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=7471FD209B2253C56647FE50AE83CEAC&q=
FF - ExtSQL: !HIDDEN! 2011-12-28 22:07; firejump@firejump.net; c:\users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\extensions\firejump@firejump.net
FF - ExtSQL: !HIDDEN! 2011-12-28 22:07; mail@gutscheinrausch.de; c:\users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\extensions\mail@gutscheinrausch.de
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Prosieben]
"ImagePath"="\"c:\program files (x86)\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-21  11:52:52
ComboFix-quarantined-files.txt  2013-06-21 09:52
.
Vor Suchlauf: 10 Verzeichnis(se), 21.791.571.968 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 21.660.176.384 Bytes frei
.
- - End Of File - - C5653D8BEA0ABBF8DA1377E2C69E74BB
         
--- --- --- A36C5E4F47E84449FF07ED3517B43A31

Mfg

Sýd


Alt 21.06.2013, 12:55   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan:Win32/Matsun, Logs - Standard

Trojan:Win32/Matsun, Logs



Passt

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Logfile. Noch Probleme?
__________________
--> Trojan:Win32/Matsun, Logs

Alt 22.06.2013, 00:39   #7
Sýdnaý
 
Trojan:Win32/Matsun, Logs - Standard

Trojan:Win32/Matsun, Logs



Hallo,

habe die Anweisungen befolgt, aber Security Check hat scheinbar nicht funktioniert, ich habe es gestartet und bekam folgendes zu lesen:

Code:
ATTFilter
UNSUPPORTED OPERATING SYSTEM! ABORTED!
         
geht das Programm davon aus, dass meine Windows Version nicht Original ist, oder ist was anderes daran Schuld? Ich kann mir kaum vorstellen, dass dies das gewünschte Ergebnis ist?!


alles andere ging problemlos, hier die Logs:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 21/06/2013 um 22:46:55 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : DaVinci - DAVINCI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\DaVinci\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : SearchAnonymizer

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
Ordner Gelöscht : C:\Program Files (x86)\adawaretb
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\search protection
Ordner Gelöscht : C:\Users\DaVinci\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\DaVinci\AppData\Roaming\blekko
Ordner Gelöscht : C:\Users\DaVinci\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\adawaretb
Ordner Gelöscht : C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\extensions\firejump@firejump.net
Ordner Gelöscht : C:\Users\DaVinci\AppData\Roaming\OCS

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawaretb
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKLM\Software\adawaretb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [firejump@firejump.net]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\prefs.js

C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [3150 octets] - [21/06/2013 22:46:55]

########## EOF - C:\AdwCleaner[S1].txt - [3210 octets] ##########
         
--- --- ---

[/CODE]


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by DaVinci on 2013-06-21 at 22:54:23,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-236201796-2842626628-2122523665-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\DaVinci\appdata\local\adawarebp"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Successfully deleted: [Folder] C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\extensions\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Successfully deleted the following from C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\prefs.js

user_pref("browser.search.defaulturl", "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=7471FD209B2253C56647FE50AE83CEAC");
user_pref("keyword.URL", "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=7471FD209B2253C56647FE50AE83CEAC&q=");
Emptied folder: C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013-06-21 at 22:56:59,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bf87261f4e45f147a8439898d6541b86
# engine=14129
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-21 11:10:03
# local_time=2013-06-22 01:10:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 50198473 123486053 0 0
# scanned=264764
# found=1
# cleaned=0
# scan_time=7516
sh=F196A2F4E47E9C27F46BFD6509BEF5C8E6FAAC5D ft=1 fh=c71c00118a33948f vn="a variant of Win32/Injector.AIKK trojan" ac=I fn="C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln\gauigcxbt.exe"
         


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013 02
Ran by DaVinci (administrator) on 22-06-2013 01:24:57
Running from C:\Users\DaVinci\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Saitek) C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe [186880 2008-01-18] (Saitek)
HKLM\...\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [194560 2008-01-18] (Saitek)
HKLM\...\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [352256 2008-01-18] (Saitek)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [jrtecxbt] C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln\gauigcxbt.exe [122368 2013-06-19] (CJSC "Computing Forces")
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542104 2012-11-16] (Lavasoft)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKU\UpdatusUser\...\Run: [zASRockInstantBoot]  [x]
HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-07] (Valve Corporation)
HKU\UpdatusUser\...\Run: [CTRegRun] C:\Windows\CTRegRun.EXE [53248 2006-10-06] (Creative Technology Ltd )
HKU\UpdatusUser\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [x]
HKU\UpdatusUser\...\RunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller [x]
HKU\UpdatusUser\...\RunOnce: [InetReg] "C:\Program Files (x86)\Creative\Produktregistrierung\German\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6 [x]
Startup: C:\Users\DaVinci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {0DFC1506-A213-4AD2-BF3A-B7D16AB1661F} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {31631685-EB30-4952-9C62-13C32BF15F47} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {32F517FE-A623-422E-85CD-115A391E411F} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {758F30B4-EDAE-414B-9ADB-70A79CDD2A0D} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {BF792BF7-5417-44B5-BFCB-6AA1BFDD2ABC} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {FA0A1C98-1314-410E-BBFC-5BE29AF51A60} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Gutscheinrausch.de - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\mail@gutscheinrausch.de
FF Extension: No Name - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\firejump_1027.zip
FF Extension: No Name - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-12-10] ()
R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

S3 DFU; C:\Windows\System32\drivers\MassDfu.sys [14592 2011-12-11] (Philips PTCL)
S3 DFU; C:\Windows\SysWow64\drivers\MassDfu.sys [14592 2011-12-11] (Philips PTCL)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-11-22] (GFI Software)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [16000 2008-02-18] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [41216 2008-02-18] (Saitek)
S3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cthda; system32\drivers\cthda.sys [x]
U3 JavaQuickStarterService; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-22 01:24 - 2013-06-22 01:24 - 01930924 ____A (Farbar) C:\Users\DaVinci\Desktop\FRST64.exe
2013-06-22 01:19 - 2013-06-22 01:19 - 00000041 ____A C:\Users\DaVinci\Desktop\checkup.txt
2013-06-22 01:17 - 2013-06-22 01:17 - 00890839 ____A C:\Users\DaVinci\Desktop\SecurityCheck.exe
2013-06-21 23:00 - 2013-06-21 23:00 - 02347384 ____A (ESET) C:\Users\DaVinci\Desktop\esetsmartinstaller_enu.exe
2013-06-21 22:56 - 2013-06-21 22:56 - 00002429 ____A C:\Users\DaVinci\Desktop\JRT.txt
2013-06-21 22:54 - 2013-06-21 22:54 - 00000000 ____D C:\Windows\ERUNT
2013-06-21 22:53 - 2013-06-21 22:53 - 00000000 ____D C:\JRT
2013-06-21 22:50 - 2013-06-21 22:50 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\DaVinci\Desktop\JRT.exe
2013-06-21 22:49 - 2013-06-21 22:49 - 00003273 ____A C:\Users\DaVinci\Desktop\AdwCleaner[S1].txt
2013-06-21 22:46 - 2013-06-21 22:47 - 00003273 ____A C:\AdwCleaner[S1].txt
2013-06-21 22:44 - 2013-06-21 22:45 - 00648201 ____A C:\Users\DaVinci\Desktop\adwcleaner.exe
2013-06-21 11:52 - 2013-06-21 11:52 - 00018752 ____A C:\ComboFix.txt
2013-06-21 11:48 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-21 11:48 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-21 11:48 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-21 11:48 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-21 11:48 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-21 11:48 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-21 11:48 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-21 11:48 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-21 11:46 - 2013-06-21 11:52 - 00000000 ____D C:\Qoobox
2013-06-21 11:46 - 2013-06-21 11:51 - 00000000 ____D C:\Windows\erdnt
2013-06-21 11:42 - 2013-06-21 11:42 - 05081922 ____R (Swearware) C:\Users\DaVinci\Desktop\ComboFix.exe
2013-06-20 12:46 - 2013-06-20 12:46 - 00020667 ____A C:\Users\DaVinci\Desktop\Addition.txt
2013-06-20 12:45 - 2013-06-20 12:45 - 00000000 ____D C:\FRST
2013-06-19 12:16 - 2013-06-19 12:16 - 00008262 ____A C:\Users\DaVinci\Desktop\Gmer.log
2013-06-19 12:00 - 2013-06-20 13:07 - 00010412 ____A C:\Users\DaVinci\Desktop\trojaner.odt
2013-06-19 11:57 - 2013-06-19 11:57 - 00076934 ____A C:\Users\DaVinci\Desktop\Extras.Txt
2013-06-19 11:56 - 2013-06-19 11:56 - 00074876 ____A C:\Users\DaVinci\Desktop\OTL.Txt
2013-06-19 11:52 - 2013-06-19 12:15 - 00000476 ____A C:\Users\DaVinci\Desktop\defogger_disable.log
2013-06-19 11:52 - 2013-06-19 11:52 - 00000000 ____A C:\Users\DaVinci\defogger_reenable
2013-06-19 11:43 - 2013-06-19 11:43 - 00377856 ____A C:\Users\DaVinci\Desktop\gmer_2.1.19163.exe
2013-06-19 11:42 - 2013-06-19 11:42 - 00602112 ____A (OldTimer Tools) C:\Users\DaVinci\Desktop\OTL.exe
2013-06-19 11:41 - 2013-06-19 11:41 - 00050477 ____A C:\Users\DaVinci\Desktop\Defogger.exe
2013-06-18 10:51 - 2013-06-21 22:48 - 00001447 ____A C:\Windows\setupact.log
2013-06-18 10:51 - 2013-06-21 22:42 - 00002654 ____A C:\Windows\PFRO.log
2013-06-18 10:51 - 2013-06-18 10:51 - 00294344 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-18 10:51 - 2013-06-18 10:51 - 00064152 ____A C:\Users\DaVinci\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-18 10:51 - 2013-06-18 10:51 - 00000000 ____A C:\Windows\setuperr.log
2013-06-18 10:13 - 2013-06-18 10:13 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln
2013-06-17 12:59 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-17 12:59 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-17 12:59 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-17 12:59 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-17 12:59 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-17 12:59 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-17 12:59 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-17 12:59 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-17 12:59 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-17 12:59 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-17 12:59 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-17 12:59 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-17 12:59 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-17 12:59 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-17 12:59 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-17 12:59 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-17 12:59 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-17 12:59 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-17 12:59 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-17 12:59 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-17 12:59 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-17 12:59 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-17 12:59 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-17 12:59 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-17 12:59 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-17 12:59 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-17 12:59 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-17 12:59 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-17 12:59 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-17 12:59 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-17 12:59 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-17 12:55 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-17 12:55 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-17 12:55 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-17 12:55 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-17 12:55 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-17 12:55 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-17 12:55 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-17 12:55 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-17 12:55 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-17 12:55 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-17 12:55 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-17 12:55 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-17 12:55 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-17 12:55 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-17 12:55 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-17 12:55 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-17 12:55 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-16 20:55 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-16 20:55 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-02 19:19 - 2013-06-02 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-30 16:23 - 2013-06-18 10:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-25 18:56 - 2013-05-25 19:06 - 228075456 ____A (NVIDIA Corporation) C:\Users\DaVinci\Downloads\320.18-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-05-25 18:56 - 2013-05-25 18:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-25 18:55 - 2013-05-25 18:55 - 01337448 ____A (Skype Technologies S.A.) C:\Users\DaVinci\Downloads\SkypeSetup(1).exe

==================== One Month Modified Files and Folders =======

2013-06-22 01:24 - 2013-06-22 01:24 - 01930924 ____A (Farbar) C:\Users\DaVinci\Desktop\FRST64.exe
2013-06-22 01:19 - 2013-06-22 01:19 - 00000041 ____A C:\Users\DaVinci\Desktop\checkup.txt
2013-06-22 01:17 - 2013-06-22 01:17 - 00890839 ____A C:\Users\DaVinci\Desktop\SecurityCheck.exe
2013-06-21 23:02 - 2011-11-19 02:08 - 00664618 ____A C:\Windows\System32\perfh007.dat
2013-06-21 23:02 - 2011-11-19 02:08 - 00134786 ____A C:\Windows\System32\perfc007.dat
2013-06-21 23:02 - 2009-07-14 07:13 - 01527550 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-21 23:00 - 2013-06-21 23:00 - 02347384 ____A (ESET) C:\Users\DaVinci\Desktop\esetsmartinstaller_enu.exe
2013-06-21 22:59 - 2011-11-18 17:17 - 01769527 ____A C:\Windows\WindowsUpdate.log
2013-06-21 22:56 - 2013-06-21 22:56 - 00002429 ____A C:\Users\DaVinci\Desktop\JRT.txt
2013-06-21 22:55 - 2009-07-14 06:45 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-21 22:55 - 2009-07-14 06:45 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-21 22:54 - 2013-06-21 22:54 - 00000000 ____D C:\Windows\ERUNT
2013-06-21 22:53 - 2013-06-21 22:53 - 00000000 ____D C:\JRT
2013-06-21 22:50 - 2013-06-21 22:50 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\DaVinci\Desktop\JRT.exe
2013-06-21 22:49 - 2013-06-21 22:49 - 00003273 ____A C:\Users\DaVinci\Desktop\AdwCleaner[S1].txt
2013-06-21 22:48 - 2013-06-18 10:51 - 00001447 ____A C:\Windows\setupact.log
2013-06-21 22:48 - 2011-11-18 18:14 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-21 22:48 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-21 22:47 - 2013-06-21 22:46 - 00003273 ____A C:\AdwCleaner[S1].txt
2013-06-21 22:45 - 2013-06-21 22:44 - 00648201 ____A C:\Users\DaVinci\Desktop\adwcleaner.exe
2013-06-21 22:42 - 2013-06-18 10:51 - 00002654 ____A C:\Windows\PFRO.log
2013-06-21 11:52 - 2013-06-21 11:52 - 00018752 ____A C:\ComboFix.txt
2013-06-21 11:52 - 2013-06-21 11:46 - 00000000 ____D C:\Qoobox
2013-06-21 11:51 - 2013-06-21 11:46 - 00000000 ____D C:\Windows\erdnt
2013-06-21 11:51 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-21 11:42 - 2013-06-21 11:42 - 05081922 ____R (Swearware) C:\Users\DaVinci\Desktop\ComboFix.exe
2013-06-20 13:07 - 2013-06-19 12:00 - 00010412 ____A C:\Users\DaVinci\Desktop\trojaner.odt
2013-06-20 12:46 - 2013-06-20 12:46 - 00020667 ____A C:\Users\DaVinci\Desktop\Addition.txt
2013-06-20 12:45 - 2013-06-20 12:45 - 00000000 ____D C:\FRST
2013-06-20 12:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-19 12:16 - 2013-06-19 12:16 - 00008262 ____A C:\Users\DaVinci\Desktop\Gmer.log
2013-06-19 12:15 - 2013-06-19 11:52 - 00000476 ____A C:\Users\DaVinci\Desktop\defogger_disable.log
2013-06-19 11:57 - 2013-06-19 11:57 - 00076934 ____A C:\Users\DaVinci\Desktop\Extras.Txt
2013-06-19 11:56 - 2013-06-19 11:56 - 00074876 ____A C:\Users\DaVinci\Desktop\OTL.Txt
2013-06-19 11:52 - 2013-06-19 11:52 - 00000000 ____A C:\Users\DaVinci\defogger_reenable
2013-06-19 11:52 - 2011-11-18 17:17 - 00000000 ____D C:\users\DaVinci
2013-06-19 11:43 - 2013-06-19 11:43 - 00377856 ____A C:\Users\DaVinci\Desktop\gmer_2.1.19163.exe
2013-06-19 11:42 - 2013-06-19 11:42 - 00602112 ____A (OldTimer Tools) C:\Users\DaVinci\Desktop\OTL.exe
2013-06-19 11:41 - 2013-06-19 11:41 - 00050477 ____A C:\Users\DaVinci\Desktop\Defogger.exe
2013-06-18 10:51 - 2013-06-18 10:51 - 00294344 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-18 10:51 - 2013-06-18 10:51 - 00064152 ____A C:\Users\DaVinci\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-18 10:51 - 2013-06-18 10:51 - 00000000 ____A C:\Windows\setuperr.log
2013-06-18 10:43 - 2013-05-30 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-18 10:41 - 2012-02-03 20:26 - 00000000 ____D C:\Program Files (x86)\Creative
2013-06-18 10:40 - 2012-02-03 20:28 - 00000000 ____D C:\ProgramData\Creative
2013-06-18 10:40 - 2012-02-03 20:28 - 00000000 ____D C:\Program Files\Creative
2013-06-18 10:40 - 2012-02-03 20:27 - 00000051 __RAH C:\Windows\ctfile.rfc
2013-06-18 10:18 - 2012-04-09 13:14 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\TS3Client
2013-06-18 10:18 - 2011-11-19 02:10 - 00000000 ____D C:\Windows\Panther
2013-06-18 10:18 - 2011-11-18 18:59 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-18 10:13 - 2013-06-18 10:13 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln
2013-06-17 13:00 - 2011-11-21 21:54 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-17 11:42 - 2012-06-26 22:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-17 11:42 - 2011-11-18 17:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-08 16:08 - 2013-06-17 12:59 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-17 12:59 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-17 12:59 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-17 12:59 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-17 12:59 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-17 12:59 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-17 12:59 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-17 12:59 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-17 12:59 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-17 12:59 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-17 12:59 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-17 12:59 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-05 11:59 - 2012-05-10 18:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-02 19:22 - 2013-06-02 19:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-25 20:09 - 2012-11-15 14:08 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\Skype
2013-05-25 19:06 - 2013-05-25 18:56 - 228075456 ____A (NVIDIA Corporation) C:\Users\DaVinci\Downloads\320.18-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-05-25 18:59 - 2011-11-18 22:12 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\ICQ
2013-05-25 18:56 - 2013-05-25 18:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-25 18:56 - 2012-11-15 14:08 - 00000000 ____D C:\ProgramData\Skype
2013-05-25 18:55 - 2013-05-25 18:55 - 01337448 ____A (Skype Technologies S.A.) C:\Users\DaVinci\Downloads\SkypeSetup(1).exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-16 13:06

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Mfg

Sýd

Alt 22.06.2013, 13:02   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan:Win32/Matsun, Logs - Standard

Trojan:Win32/Matsun, Logs



Hi,

SecurityCheck spinnt manchmal rum, kein Problem

Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln
HKCU\...\Run: [jrtecxbt] C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln\gauigcxbt.exe [122368 2013-06-19] (CJSC "Computing Forces")
         
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.06.2013, 18:23   #9
Sýdnaý
 
Trojan:Win32/Matsun, Logs - Standard

Trojan:Win32/Matsun, Logs



Hallo,

hier nun das Fixlog:


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2013
Ran by DaVinci at 2013-06-22 19:15:55 Run:1
Running from C:\Users\DaVinci\Desktop
Boot Mode: Normal
==============================================

C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\jrtecxbt => Value not found.

==== End of Fixlog ====
         
zur Frage ob es noch Probleme gibt kann ich eigentlich gar nicht wirklich genau antworten. In den letzten Tagen hat Security Essentials mal fröhlich vor sich hingepingt und mal gar nichts gemeldet. Gerade eben habe ich nochmal einen "Schnellscan" gemacht der mir sagte es sei alles in Ordnung. Kann ich dem nun glauben schenken oder ist weiterhin Vorsicht geboten?

Oder weißt der Satz "Value not found" im Log darauf hin, dass ich was verbockt habe?^^


Mfg

Sýd

Alt 22.06.2013, 18:56   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan:Win32/Matsun, Logs - Standard

Trojan:Win32/Matsun, Logs



Nö alles gut und wir sind fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.06.2013, 20:29   #11
Sýdnaý
 
Trojan:Win32/Matsun, Logs - Standard

Trojan:Win32/Matsun, Logs



Hallo,

soweit ist alles erledigt und an dieser Stelle mal ein riesen Danke!!
Ich war zuerst etwas skeptisch, da ich in diversen Foren schon mitbekommen habe, dass Leute eher verarscht werden, als dass ihnen geholfen wird. Hier jedoch war ich sehr positiv überrascht, sowohl was die prompten Antworten und professionellen Tipps und Anweisungen betrifft, als auch von der Tatsache, dass ihr das hier alles unentgeldlich betreibt, wie ich gelesen habe. So etwas findet man heutzutage nicht mehr oft. Du/Ihr habt mir eine Menge arbeit erspart und deshalb werde ich euch auch mit einer kleinen Spende ein wenig unterstützen!

Sollte ich mal auf jemanden treffen, dessen Rechner sich etwas eingefangen hat, werde ich euch sofort weiterempfehlen!!

Auch wenn es verdient wäre, fallen mir keine weiteren Lobgesänge mehr ein


Abschließend habe ich dennoch eine Frage. Versteh diese jedoch bitte nicht als Beleidigung, deine/eure Professionalität habt ihr zu Genüge bewiesen. Da ich aber mit meinem Rechner auf alle wichtigen Daten (Bank usw) zugreife, möchte ich eben noch einmal genau fragen:

Kann ich nun wieder bedenkenlos alle Passwörter, Pins & Co. nutzen? (Natürlich unter der Voraussetzung, dass Ich nicht erneut einen dummen Fehler mache )


Mit freundlichsten Grüßen und bestem Dank an das gesamte Team, ob geholfen oder nicht

Sýdnaý

Alt 23.06.2013, 08:54   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan:Win32/Matsun, Logs - Standard

Trojan:Win32/Matsun, Logs



Kannst Du

Passwörter würde ich allgemein ändern, OnlineBanking wäre ich auch mit neuem frischem System vorsichtig, je nachdem wie du das machst. Ich empfehle mindestens ChipTan.

und Gern Geschhehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Trojan:Win32/Matsun, Logs
.com, ad-aware, bho, error, fehler, flash player, homepage, iexplore.exe, install.exe, internet, logfile, mozilla, plug-in, prozess, realtek, registry, scan, security, software, svchost.exe, system, system error, teamspeak, trojan, trojaner, windows




Ähnliche Themen: Trojan:Win32/Matsun, Logs


  1. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  2. Win32:Malware-gen und Trojan.Win32.WinloadSDA.dewcdw und PUA.Win32.Packer.Upx-28 - falsch positive Meldungen?
    Plagegeister aller Art und deren Bekämpfung - 20.09.2014 (1)
  3. ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk
    Log-Analyse und Auswertung - 11.02.2014 (9)
  4. Kaspersky findet Backdoor.Win32.Zaccess, Trojan-Ransom.Win32.Gimeno, Trojan.Win32.Inject
    Log-Analyse und Auswertung - 01.02.2014 (17)
  5. Windows 8.1: Trojan:Win32/Meredrop, Trojan:Win32/Malagent, Trojan:Win32/Matsnu.L und Worm:Win32/Ainslot.A
    Log-Analyse und Auswertung - 19.01.2014 (5)
  6. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  7. Verschlüsselungs-Trojaner: Trojan.Win32.Yakes.bshd, Trojan.Win32.Bublik.abyj
    Plagegeister aller Art und deren Bekämpfung - 25.01.2013 (1)
  8. Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (7)
  9. Virenfund: Trojan.Win32.zapchast.acwq und Trojan.Win32.small.bmrh
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (27)
  10. Trojaner auf PC :Trojan.Win32.Jpgiframe!E2/trojan.win32.Generic!BT
    Log-Analyse und Auswertung - 25.07.2012 (1)
  11. Trojan:Win32/Win64/Sirefef; Trojan:Win32/Conedex und Trojandropper:Win32/Sirefef
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (11)
  12. Trojaner: Trojan-PSW.Win32.Coced.219 sowie Trojan-BNK.Win32.Keylogger.gen
    Log-Analyse und Auswertung - 24.01.2012 (42)
  13. Trojan:Win32/Alureon.FL | PWS:Win32/Fareit.A | Trojan:Win32/Sirefef.P....Auch MBR infiziert?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (7)
  14. Mehrere Viren u.a. Trojan-Dropper.Win32.FrauDrop.bdq, Trojan.Win32.Generic
    Log-Analyse und Auswertung - 13.09.2010 (5)
  15. Trojan.Win32.Agent.delx ; Trojan-Downloader.Win32.Agent.bvst; HackTool.Win32.Kiser.fb
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (3)
  16. Trojan-Spy.Win32.Pophot.gzv / Trojan.Win32.Buzus.alwl / Virus.Win32.Virut.ce
    Plagegeister aller Art und deren Bekämpfung - 19.02.2009 (1)
  17. brauch hilfe bei: Win32/Oleloa.gen!, Trojan.Win32.Golid.g, Trojan.Win32.Small.ev
    Plagegeister aller Art und deren Bekämpfung - 29.11.2005 (1)

Zum Thema Trojan:Win32/Matsun, Logs - Hallo, habe heute beim Start meines Rechners die Meldung bekommen, dass sich ein Trojaner eingeschlichen hat. Micrsoft Security Essentials hat folgendes angezeigt: Trojan:Win32/Matsun und das ganze dann unter Quarantäne gestellt. - Trojan:Win32/Matsun, Logs...
Archiv
Du betrachtest: Trojan:Win32/Matsun, Logs auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.