Hilfe gegen Trojaner GVU

Tobi R. · 05.07.2013, 08:08

ich steh gerade irgendwie auf den Schlauch.

Können wir mit Combofix den PC reparieren? Brauche ich dieses Parted Magic nun doch nicht?

Kann ich mit dem ganzen noch etwas warten, oder muss das so schnell wie möglich gemacht werden? Wie gesagt, ich bin meist am Lernen und da geht viel Zeit drauf.

viele Grüße,
Tobi

cosinus · 05.07.2013, 09:03

Ich hab doch geschrieben, dass man eine Bereinigung probieren kann, empfohlen bei ZeroAccess ist aber eine Neuinstallation

Tobi R. · 05.07.2013, 09:17

Wir haben uns ja auf Neuinstallation geeinigt.
Doch bevor ich diese Neuinstallation mache, sollte ich doch mit PartedMagic meine restlichen Daten sichern, richtig? Aber für was ist denn nun dieses Combofix?

Nochmal die Frage: muss das schleunigst getan werden, oder kann das auch eine Woche warten wenn ich bis dahin mit meinem PC nur normal im Internet bin oder Word-Dokumente erstelle?

viele Grüße,
Tobi

cosinus · 05.07.2013, 09:33

Ich hab dir ne Neuinstallation empfohlen. Da du da aber nicht sofort für Zeit hast, war mein Ansatz, dass wir erstmal das Gröbste mit Combofix entfernen. Und dann wenn wieder etwas Zeit ist, kannst du in Ruhe die Kiste plätten und neumachen

Tobi R. · 05.07.2013, 10:23

ok super, jetzt hab ichs verstanden. Ich werde das in den nächsten Stunden (wenn ich eine Lernpause mache) das mit Combofix tun.

cosinus · 05.07.2013, 10:31

Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)

Tobi R. · 08.07.2013, 17:34

bitte entschuldige vielmals meine späte Meldung, ich bin wegen dem vielen Lernen erst heute dazu gekommen, über Combofix das gewünschte txt-Dokument zu erstellen.

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 13-07-08.02 - Tobias Rossmann 08.07.2013  18:02:00.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3037.1469 [GMT 2:00]
ausgeführt von:: c:\users\Tobias Rossmann\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-1016556084-3091970497-507946437-1000\$09091a959288d0d384b99fa633307145\@
c:\$recycle.bin\S-1-5-21-1016556084-3091970497-507946437-1000\$09091a959288d0d384b99fa633307145\U\00000001.@
c:\$recycle.bin\S-1-5-21-1016556084-3091970497-507946437-1000\$09091a959288d0d384b99fa633307145\U\80000000.@
c:\$recycle.bin\S-1-5-21-1016556084-3091970497-507946437-1000\$09091a959288d0d384b99fa633307145\U\800000cb.@
c:\programdata\FullRemove.exe
c:\users\Tobias Rossmann\AppData\Local\assembly\tmp
c:\users\Tobias Rossmann\AppData\Roaming\Evxu
c:\users\Tobias Rossmann\AppData\Roaming\Evxu\zooqp.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-08 bis 2013-07-08  ))))))))))))))))))))))))))))))
.
.
2013-07-06 12:59 . 2013-07-06 12:59	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2013-07-03 23:25 . 2013-07-03 23:25	--------	d-----w-	C:\FRST
2013-07-03 22:22 . 2013-07-03 22:22	--------	d-----w-	C:\_OTL
2013-07-03 16:43 . 2013-07-03 16:43	--------	d-----w-	c:\program files\Uninstaller
2013-07-03 16:43 . 2013-07-03 16:43	--------	d-----w-	c:\programdata\BrowserDefender
2013-07-03 16:43 . 2013-07-03 16:43	--------	d-----w-	c:\program files\Delta
2013-07-03 16:43 . 2013-07-03 16:43	--------	d-----w-	c:\users\Tobias Rossmann\AppData\Roaming\BabSolution
2013-07-03 16:43 . 2013-07-03 16:43	--------	d-----w-	c:\users\Tobias Rossmann\AppData\Roaming\Delta
2013-07-03 16:42 . 2013-07-03 16:42	--------	d-----w-	c:\users\Tobias Rossmann\AppData\Roaming\Optimizer Pro
2013-07-03 16:42 . 2013-07-03 16:42	--------	d-----w-	c:\program files\Tuguu SL
2013-07-03 16:42 . 2013-07-03 16:42	--------	d-----w-	c:\program files\Optimizer Pro
2013-07-03 16:42 . 2013-07-03 16:42	--------	d-----w-	c:\users\Tobias Rossmann\AppData\Local\Programs
2013-07-03 16:41 . 2013-07-03 16:45	--------	d-----w-	c:\program files\WebCake
2013-07-03 16:41 . 2013-07-03 16:41	--------	d-----w-	c:\users\Tobias Rossmann\AppData\Roaming\WebCake
2013-07-03 16:41 . 2013-07-03 16:41	--------	d-----w-	c:\programdata\Babylon
2013-07-03 16:41 . 2013-07-03 16:41	--------	d-----w-	c:\programdata\Tarma Installer
2013-07-03 16:41 . 2013-07-03 16:41	--------	d-----w-	c:\users\Tobias Rossmann\AppData\Roaming\Babylon
2013-06-12 20:47 . 2013-06-08 11:13	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-06-12 20:47 . 2013-06-08 11:41	218112	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 16:55 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\system32\d3d11.dll
2013-06-12 16:55 . 2013-05-10 03:20	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-12 16:55 . 2013-04-26 04:55	492544	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 16:55 . 2013-05-13 03:08	903168	----a-w-	c:\windows\system32\certutil.exe
2013-06-12 16:55 . 2013-05-13 04:45	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-12 16:55 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\system32\crypt32.dll
2013-06-12 16:55 . 2013-05-13 04:45	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-12 16:55 . 2013-05-13 03:08	43008	----a-w-	c:\windows\system32\certenc.dll
2013-06-12 16:54 . 2013-04-17 07:02	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-06-12 16:54 . 2013-05-06 05:06	3968872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-06-12 16:54 . 2013-05-06 05:06	3913576	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-06-12 16:54 . 2013-05-08 05:38	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 11:44 . 2012-07-16 06:26	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 11:44 . 2012-07-16 06:26	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-30 10:26 . 2013-04-30 10:26	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 10:26 . 2013-04-30 10:26	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-04-30 10:26 . 2013-04-30 10:26	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-04-30 10:26 . 2013-04-30 10:26	158720	----a-w-	c:\windows\system32\msls31.dll
2013-04-30 10:26 . 2013-04-30 10:26	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-04-30 10:26 . 2013-04-30 10:26	138752	----a-w-	c:\windows\system32\wextract.exe
2013-04-30 10:26 . 2013-04-30 10:26	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-30 10:26 . 2013-04-30 10:26	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 10:26 . 2013-04-30 10:26	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-30 10:26 . 2013-04-30 10:26	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-04-30 10:26 . 2013-04-30 10:26	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-30 10:26 . 2013-04-30 10:26	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-04-30 10:26 . 2013-04-30 10:26	361984	----a-w-	c:\windows\system32\html.iec
2013-04-30 10:26 . 2013-04-30 10:26	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-30 10:26 . 2013-04-30 10:26	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-30 10:26 . 2013-04-30 10:26	12800	----a-w-	c:\windows\system32\mshta.exe
2013-04-30 10:26 . 2013-04-30 10:26	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-13 04:45 . 2013-05-15 06:10	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 06:10	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 17:50	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 06:10	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 06:10	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 06:10	2347520	----a-w-	c:\windows\system32\win32k.sys
2010-05-24 18:39 . 2010-05-24 18:39	43608	----a-w-	c:\program files\internet explorer\plugins\IMAQActiveXControl.dll
2011-06-09 17:05 . 2011-06-09 17:05	158720	----a-w-	c:\program files\internet explorer\plugins\LV2010ActiveXControl.dll
2011-06-22 10:44 . 2011-06-22 10:44	158720	----a-w-	c:\program files\internet explorer\plugins\LV2011ActiveXControl.dll
2009-10-22 08:28 . 2009-10-22 08:28	133920	----a-w-	c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2008-12-10 13:50 . 2008-12-10 13:50	118784	----a-w-	c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2010-10-19 17:15 . 2010-10-19 17:15	158720	----a-w-	c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
2013-07-06 13:00 . 2013-07-06 13:00	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NIRegistrationWizard"="c:\users\Tobias Rossmann\Desktop\Studium\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
"WebCake Desktop"="c:\users\Tobias Rossmann\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-06-21 47896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"NI Update Service"="c:\users\Tobias Rossmann\Desktop\Studium\Shared\Update Service\NIUpdateService.exe" [2011-06-07 3002976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1109072]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 1629280]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-03 348664]
.
c:\users\Tobias Rossmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NI Error Reporting.lnk - c:\users\Tobias Rossmann\Desktop\Studium\Shared\NI Error Reporting\nierserver.exe [2011-6-19 619672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261339~1.144\{C16C1~1\BrowserDefender.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 ENI Server;ENI Server;c:\users\Tobias Rossmann\Desktop\CoDeSys\CoDeSys ENI Server\ENI.exe [x]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11432]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2011-02-14 11968]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2011-02-14 11968]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2010-06-23 11432]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2009-08-10 237696]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\users\Tobias Rossmann\Desktop\Studium\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1343400]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 15448]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-03 36000]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-02 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-09-03 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-09-03 465360]
S2 GPVPNService;gateProtect VPN Service;c:\program files\gateProtect\VPN Client\bin\GPVPNService.exe [2009-11-30 86016]
S2 NIApplicationWebServer;NI Application Web Server;c:\users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 50336]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2010-06-23 131776]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 194224]
S2 NINetworkDiscovery;NI Network Discovery;c:\users\Tobias Rossmann\Desktop\Studium\Shared\NI Network Discovery\niDiscSvc.exe [2011-06-10 121032]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2010-06-23 11432]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files\WebCake\WebCakeDesktop.Updater.exe [2013-06-21 23552]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 23:38	1165776	----a-w-	c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 11:44]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-15 16:49]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-15 16:49]
.
2013-07-08 c:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- c:\users\Tobias Rossmann\Desktop\Studium\Regelungstechnik1\Final\bin\win32\MATLABStartupAccelerator.exe [2012-06-07 14:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=3b5b11f5-155c-4a6f-b77f-3f31c9e22758&apn_ptnrs=%5EABT&apn_sauid=402C6D5E-1B51-437B-AABB-FC9170EE64D1&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: 2013-07-03 18:41; plugin@getwebcake.com; c:\users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\extensions\plugin@getwebcake.com
FF - ExtSQL: 2013-07-03 18:43; ffxtlbr@delta.com; c:\users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\extensions\ffxtlbr@delta.com
FF - user.js: extentions.webcake.installId - 8e451d3b-9014-4ca6-a2ca-b98bd4f6aae6
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 6c6e06ca0000000000000024541aa6c3
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15889
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.518:43
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=120521&tsp=4932
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-syshost32 - c:\users\Tobias Rossmann\AppData\Local\{195FA8DB-7AD9-07B3-62C6-37234284098A}\syshost.exe
HKLM-Run-ENISysTray - c:\users\Tobias Rossmann\Desktop\CoDeSys\CoDeSys ENI Server\ENISysTray.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-PDF Blender - c:\users\Tobias Rossmann\Desktop\pdfzusammenfügen\PDF Blender\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\lkads.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\users\Tobias Rossmann\Desktop\Studium\MAX\nimxs.exe
c:\users\Tobias Rossmann\Desktop\Studium\Shared\Security\nidmsrv.exe
c:\users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\SystemWebServer.exe
c:\users\Tobias Rossmann\Desktop\Studium\Shared\Tagger\tagsrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lktsrv.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-08  18:30:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-08 16:30
.
Vor Suchlauf: 10 Verzeichnis(se), 18.236.530.688 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 18.958.319.616 Bytes frei
.
- - End Of File - - 01E4213158A24A4E4E6778B1AF032990
         
 --- --- ---
2E5DEBB2116B3417023E0D6562D7ED07

cosinus · 09.07.2013, 22:42

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Tobi R. · 12.07.2013, 17:46

Ich kann Malwarebytes Anti-Root-Kit nicht öffnen. Wenn ich auf deinen Link klicke, muss ich wahrscheinlich etwas weiter unten auf dieses Pferd klicken wo rechts daneben der HTML und der BB-Code stehen, richtig? Wenn ich da drauf klicke passiert einfach nichts.

Gleiche Problem hatte ich mit GMER. Mit deinem zusätzlichen Link "(Dateiname zufällig)" hat es aber dann problemlos geklappt.

viele Grüße,
Tobi

cosinus · 14.07.2013, 17:09

Und wo ist das Log von GMER?

MBAR bitte mal von hier laden => http://downloads.malwarebytes.org/file/mbar

Tobi R. · 24.07.2013, 15:13

Entschuldige nochmals meine verspätete Antwort. Während des Prüfungsstress ist auch noch mein Internet ausgefallen. (1&1 hatte irgend ein Systemupdate was unserem Router nicht so gefallen hat)
Gestern war meine letzte Prüfung, und ein neuer Router ist nun auch da.

Der Clean-up-Button ist bei mir nicht zum anklicken, steht also nur so am linken Rand.
An der Stelle wo der Neustart hätte erfolgen müssen kam die Meldung
"
Cleanup:
Congratulations, no cleanup is required

Scan Finished: No malware found! (mit grünem Haken dahinter)
"
habe dann auf "Exit" geklickt (alternativ hätte ich nur noch "Previous" klicken können)

hier das Logfile von GMER:

Code:

ATTFilter

GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-12 18:36:38
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320II rev.2AC101C4 298,09GB
Running: tihiug6r.exe; Driver: C:\Users\TOBIAS~1\AppData\Local\Temp\fwddrfog.sys


---- System - GMER 2.1 ----

SSDT            8E90B5A6                                                                                                                ZwCreateSection
SSDT            8E90B5B0                                                                                                                ZwRequestWaitReplyPort
SSDT            8E90B5AB                                                                                                                ZwSetContextThread
SSDT            8E90B5B5                                                                                                                ZwSetSecurityObject
SSDT            8E90B5BA                                                                                                                ZwSystemDebugControl
SSDT            8E90B547                                                                                                                ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                                8308A9E5 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                  830AA512 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 14BF                                                                                     830B1AB4 4 Bytes  [A6, B5, 90, 8E]
.text           ntoskrnl.exe!KeRemoveQueueEx + 181B                                                                                     830B1E10 4 Bytes  [B0, B5, 90, 8E]
.text           ntoskrnl.exe!KeRemoveQueueEx + 185F                                                                                     830B1E54 4 Bytes  [AB, B5, 90, 8E]
.text           ntoskrnl.exe!KeRemoveQueueEx + 18DB                                                                                     830B1ED0 4 Bytes  [B5, B5, 90, 8E]
.text           ntoskrnl.exe!KeRemoveQueueEx + 192F                                                                                     830B1F24 4 Bytes  [BA, B5, 90, 8E]
.text           ...                                                                                                                     
.text           C:\windows\system32\DRIVERS\atikmdag.sys                                                                                section is writeable [0x93817000, 0x2DEB7A, 0xE8000020]

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269e276d4                                             
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269e279d5                                             
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf91ac0                                             
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269e276d4 (not active ControlSet)                         
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269e279d5 (not active ControlSet)                         
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf91ac0 (not active ControlSet)                         
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{5DD7EBAF-A38F-11DE-AC75-806E6F6E6963}  7955156856

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                                   unknown MBR code

---- EOF - GMER 2.1 ----
         
 --- --- ---

viele Grüße,
Tobi

cosinus · 24.07.2013, 15:17

Bitte die Logs von Malwarebytes (mbar) immer posten

Tobi R. · 24.07.2013, 15:57

entschuldige, ich dachte dummerweiße dass gar kein file erzeugt wurde da kein Neustart erfolgte.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.24.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Tobias Rossmann :: TOBIASROSSMANN [administrator]

24.07.2013 15:40:36
mbar-log-2013-07-24 (15-40-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 246410
Time elapsed: 23 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 25.07.2013, 02:22

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Tobi R. · 28.07.2013, 11:22

Hier die Datei JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows 7 Home Premium x86
Ran by Tobias Rossmann on 28.07.2013 at 11:36:30,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] webcake desktop updater 



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\webcake desktop
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\webcakeieclient.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{09c554c3-109b-483c-a06b-f14172f1a947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{39cb8175-e224-4446-8746-00566302df8d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{7169bbb3-3289-4696-b35d-4a88bcf6fb12}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{b12e99ed-69bd-437c-86be-c862b9e5444d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{261dd098-8a3e-43d4-87aa-63324fa897d8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{4fcb4630-2a1c-4aa1-b422-345e8dc8a6de}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{86838207-681d-469d-9511-d0dcc6f19f9b}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{a0b10ebe-4e51-4cae-949b-e6b9e7d68cea}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{af6b0594-6008-4327-93e5-608ad710a6fa}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{bb975e58-e769-4e5a-ba12-b765bc559ff3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{df84e609-c3a4-49cb-a160-61767daf8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{e97a663b-81a6-49c5-a6d3-bcb05ba1de26}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f511afdb-726e-4458-90e7-1ecb97406544}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{0afd55c8-adf8-4a33-a6e1-dedb7a36aeb4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{df84e609-c3a4-49cb-a160-61767daf8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{39cb8175-e224-4446-8746-00566302df8d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.api
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.api.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta ltd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\domaiq
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2269050
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3CABF988-1FE2-420A-B03D-20092295B650}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}



~~~ Files

Successfully deleted: [File] "C:\Users\Tobias Rossmann\desktop\optimizer pro.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\browserdefender"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\AppData\Roaming\delta"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\AppData\Roaming\webcake"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\delta"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files\webcake"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\Tobias Rossmann\appdata\local\{195FA8DB-7AD9-07B3-62C6-37234284098A}



~~~ FireFox

Successfully deleted: [File] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\user.js
Successfully deleted: [File] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\delta.xml
Successfully deleted: [Folder] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\winamptoolbardata
Successfully deleted: [Folder] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\extensions\ffxtlbr@delta.com
Successfully deleted: [Folder] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\extensions\staged
Successfully deleted: [Folder] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted the following from C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\prefs.js

user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2269050.CTID", "CT2269050");
user_pref("CT2269050.CurrentServerDate", "6-10-2010");
user_pref("CT2269050.DialogsAlignMode", "LTR");
user_pref("CT2269050.DownloadReferralCookieData", "");
user_pref("CT2269050.EMailNotifierPollDate", "Wed Oct 06 2010 19:49:51 GMT+0200");
user_pref("CT2269050.ExternalComponentPollDate8877840225553681985", "Fri Sep 24 2010 13:08:02 GMT+0200");
user_pref("CT2269050.FirstServerDate", "24-9-2010");
user_pref("CT2269050.FirstTime", true);
user_pref("CT2269050.FirstTimeFF3", true);
user_pref("CT2269050.FirstTimeSettingsDone", true);
user_pref("CT2269050.FixPageNotFoundErrors", true);
user_pref("CT2269050.GroupingServerCheckInterval", 1440);
user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2269050.Initialize", true);
user_pref("CT2269050.InitializeCommonPrefs", true);
user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
user_pref("CT2269050.InstalledDate", "Sun Jan 17 2010 12:32:49 GMT+0100");
user_pref("CT2269050.InvalidateCache", false);
user_pref("CT2269050.IsGrouping", false);
user_pref("CT2269050.IsMulticommunity", false);
user_pref("CT2269050.IsOpenThankYouPage", false);
user_pref("CT2269050.IsOpenUninstallPage", false);
user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Oct 06 2010 19:44:55 GMT+0200");
user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2269050.LastLogin_2.4.0.4", "Sun Mar 14 2010 13:38:50 GMT+0100");
user_pref("CT2269050.LastLogin_2.7.2.0", "Wed Oct 06 2010 19:44:51 GMT+0200");
user_pref("CT2269050.LatestVersion", "2.7.2.0");
user_pref("CT2269050.Locale", "en");
user_pref("CT2269050.LoginCache", 4);
user_pref("CT2269050.MCDetectTooltipHeight", "83");
user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2269050.MCDetectTooltipWidth", "295");
user_pref("CT2269050.RadioIsPodcast", false);
user_pref("CT2269050.RadioLastCheckTime", "Wed Oct 06 2010 19:44:51 GMT+0200");
user_pref("CT2269050.RadioLastUpdateIPServer", "3");
user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
user_pref("CT2269050.RadioMediaID", "12473383");
user_pref("CT2269050.RadioMediaType", "Media Player");
user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
user_pref("CT2269050.RadioStationName", "Hotmix%20108");
user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
user_pref("CT2269050.SHRINK_TOOLBAR", 1);
user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2269050.SearchFromAddressBarIsInit", true);
user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
user_pref("CT2269050.SearchInNewTabEnabled", true);
user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Oct 06 2010 19:44:51 GMT+0200");
user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2269050.SettingsCheckIntervalMin", 120);
user_pref("CT2269050.SettingsLastCheckTime", "Wed Oct 06 2010 19:44:50 GMT+0200");
user_pref("CT2269050.SettingsLastUpdate", "1285583098");
user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Sep 24 2010 13:08:02 GMT+0200");
user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1267632738");
user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
user_pref("CT2269050.UserID", "UN83714726142160359");
user_pref("CT2269050.ValidationData_Search", 1);
user_pref("CT2269050.ValidationData_Toolbar", 2);
user_pref("CT2269050.WeatherNetwork", "");
user_pref("CT2269050.WeatherPollDate", "Wed Oct 06 2010 19:44:52 GMT+0200");
user_pref("CT2269050.WeatherUnit", "C");
user_pref("CT2269050.alertChannelId", "666138");
user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
user_pref("CT2269050.clientLogIsEnabled", true);
user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2269050.myStuffEnabled", true);
user_pref("CT2269050.myStuffPublihserMinWidth", 400);
user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2685&invocationType=tb50ffwinampab&query=");
user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Oct 06 2010 19:44:51 GMT+0200");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Delta Search");
user_pref("browser.search.selectedEngine", "Delta Search");
user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932");
user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.bbDpng", "12");
user_pref("extensions.delta.cntry", "DE");
user_pref("extensions.delta.dfltLng", "de");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.hdrMd5", "6C1B284AD4B5DD4003CAAC7FE0F941A3");
user_pref("extensions.delta.id", "6c6e06ca0000000000000024541aa6c3");
user_pref("extensions.delta.instlDay", "15889");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.lastVrsnTs", "1.8.21.518:43:25");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.sg", "azb");
user_pref("extensions.delta.smplGrp", "azb");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.21.5");
user_pref("extensions.delta.vrsnTs", "1.8.21.518:43:25");
user_pref("extensions.delta.vrsni", "1.8.21.5");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=120521&tsp=4932");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.newAddons", "plugin@getwebcake.com,ffxtlbr@delta.com");
user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=3b5b11f5-155c-4a6f-b77f-3f31c9e22758&apn_ptnrs=%5EABT&apn
user_pref("winamp_toolbar.search.searchtype", "web");
Emptied folder: C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\minidumps [2 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Tobias Rossmann\appdata\local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Folder] C:\Users\Tobias Rossmann\appdata\local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.07.2013 at 11:39:21,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hier die Datei AdwCleaner[S1].txt

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 28/07/2013 um 11:41:47 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Tobias Rossmann - TOBIASROSSMANN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tobias Rossmann\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : WebCake Desktop Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-10.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-4.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-5.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-6.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-7.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-8.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-9.xml
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\Conduit
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\CT2269050
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\extensions\plugin@getwebcake.com
Ordner Gelöscht : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\5d55d88cb43abf10
Schlüssel Gelöscht : HKCU\Software\a6efa49133e92ad0
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\5d55d88cb43abf10
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v12.0 (de)

Datei : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\prefs.js

Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr@delta.com:1.5.0,plugin@getwebcake.com:1.00.01,{195A30[...]
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "youtube%20spielt%20nicht%20ab||youtube||viva%20kibera||trucks%20ven[...]
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.26");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "126341074112634107351263411779122");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1372252489);
Gelöscht : user_pref("icqtoolbar.version", "1.1.5");
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("winamp_toolbar.buttons.layout", "skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;ai[...]
Gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.12.1");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "26");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "5");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2013");
Gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "16");
Gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "16");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "20");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "1");
Gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "1");
Gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2010");
Gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
Gelöscht : user_pref("winamp_toolbar.search.source", "tb50ffwinamp");
Gelöscht : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.winamp.appversion", "-1");
Gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
Gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.volume", "0");

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Tobias Rossmann\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.27] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Gelöscht [l.30] : keyword = "babylon.com",
Gelöscht [l.34] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=6C6E002454[...]
Gelöscht [l.1984] : homepage = "hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=6C6E0024541AA6C3&affID=120521&t[...]
Gelöscht [l.2541] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=6C6E0024[...]

*************************

AdwCleaner[S1].txt - [13733 octets] - [28/07/2013 11:41:47]

########## EOF - C:\AdwCleaner[S1].txt - [13794 octets] ##########

--- --- ---

[/CODE]

Und zum Schluss die Dateien von OTL

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 7/28/2013 11:56:39 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tobias Rossmann\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 48.27% Memory free
5.93 Gb Paging File | 4.26 Gb Available in Paging File | 71.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 21.00 Gb Free Space | 14.84% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 136.43 Gb Free Space | 96.42% Space Free | Partition Type: NTFS
 
Computer Name: TOBIASROSSMANN | User Name: Tobias Rossmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tobias Rossmann\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\MAX\nimxs.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Security\nidmsrv.exe (National Instruments Corporation)
PRC - C:\Windows\System32\lktsrv.exe (National Instruments Corporation)
PRC - C:\Windows\System32\lkads.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation)
PRC - C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe ()
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\c57eba08ab60f48e7d57228849d92a34\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Error Reporting\niwsrp.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3531.38598__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3531.38481__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3531.38538__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3531.38551__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3531.38490__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3531.38533__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3531.38571__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3531.38569__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3531.38490__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3531.38595__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3531.38526__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3531.38502__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3531.38546__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3531.38532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3531.38506__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3531.38505__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3531.38520__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3531.38531__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3531.38593__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3531.38575__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3531.38478__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3531.38565__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3531.38563__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3531.38559__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3531.38480__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3531.38479__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3531.38486__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3531.38565__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3531.38477__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3531.38478__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ENI Server) -- C:\Users\Tobias Rossmann\Desktop\CoDeSys\CoDeSys ENI Server\ENI.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (mxssvr) -- C:\Users\Tobias Rossmann\Desktop\Studium\MAX\nimxs.exe (National Instruments Corporation)
SRV - (NITaggerService) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
SRV - (NIDomainService) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\System32\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\System32\lkads.exe (National Instruments Corporation)
SRV - (NINetworkDiscovery) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation)
SRV - (nimDNSResponder) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (LkCitadelServer) -- C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
SRV - (NILM License Manager) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (niLXIDiscovery) -- C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation)
SRV - (GPVPNService) -- C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\TOBIAS~1\AppData\Local\Temp\catchme.sys File not found
DRV - (AgereSoftModem) -- system32\DRIVERS\AGRSM.sys File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nipalfwedl) -- C:\Windows\System32\drivers\nipalfwedl.sys (National Instruments Corporation)
DRV - (nipalusbedl) -- C:\Windows\System32\drivers\nipalusbedl.sys (National Instruments Corporation)
DRV - (NIPALK) -- C:\Windows\System32\drivers\nipalk.sys (National Instruments Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NiViPxiK) -- C:\Windows\System32\drivers\NiViPxiKl.sys (National Instruments Corporation)
DRV - (NiViPciK) -- C:\Windows\System32\drivers\NiViPciKl.sys (National Instruments Corporation)
DRV - (nidimk) -- C:\Windows\System32\drivers\nidimkl.sys (National Instruments Corporation)
DRV - (nipbcfk) -- C:\Windows\System32\drivers\nipbcfk.sys (National Instruments Corporation)
DRV - (VSPerfDrv100) -- C:\Users\Tobias Rossmann\Desktop\Studium\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (niorbk) -- C:\Windows\System32\drivers\niorbkl.sys (National Instruments Corporation)
DRV - (cvintdrv) -- C:\windows\System32\drivers\cvintdrv.sys ()
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: ffxtlbr@delta.com:1.5.0
FF - prefs.js..extensions.enabledItems: plugin@getwebcake.com:1.00.01
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/06 15:00:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/06 15:00:01 | 000,000,000 | ---D | M]
 
[2010/01/13 21:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Extensions
[2013/07/28 11:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Firefox\Profiles\eb85k963.default\extensions
[2011/07/31 15:07:44 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Firefox\Profiles\eb85k963.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/10/29 17:59:51 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-11.xml
[2010/12/19 13:00:24 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-12.xml
[2011/03/03 23:36:13 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-13.xml
[2011/03/06 10:36:03 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-14.xml
[2011/03/26 18:10:40 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-15.xml
[2011/05/11 14:44:52 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-16.xml
[2011/06/25 09:13:41 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-17.xml
[2011/08/21 11:15:24 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-18.xml
[2011/09/02 21:54:16 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-19.xml
[2011/09/08 12:59:36 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-20.xml
[2011/10/19 13:47:37 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-21.xml
[2011/11/26 19:44:49 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-22.xml
[2012/01/02 22:00:44 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-23.xml
[2012/06/02 16:50:56 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-24.xml
[2013/03/07 14:33:20 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-25.xml
[2010/01/16 21:20:03 | 000,001,201 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\winamp-search.xml
[2013/07/06 15:00:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 21:42:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) -- C:\USERS\TOBIAS ROSSMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EB85K963.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
File not found (No name found) -- C:\USERS\TOBIAS ROSSMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EB85K963.DEFAULT\EXTENSIONS\PLUGIN@GETWEBCAKE.COM
[2013/07/06 15:00:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/05 10:28:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/05/24 20:39:14 | 000,059,936 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\npIMAQAXControl.dll
[2011/06/09 19:05:10 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv2010win32.dll
[2011/06/22 12:43:54 | 000,026,112 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv2011win32.dll
[2009/10/22 10:28:40 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
[2008/12/10 15:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv86win32.dll
[2010/10/19 19:15:20 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll
[2013/07/06 14:59:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/07/06 14:59:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/07/06 14:59:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/07/06 14:59:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/07/06 14:59:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/07/06 14:59:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Babylon (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: National Instruments IMAQ 1.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npIMAQAXControl.dll
CHR - plugin: National Instruments LabVIEW 2010 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv2010win32.dll
CHR - plugin: National Instruments LabVIEW 2011 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv2011win32.dll
CHR - plugin: National Instruments LabVIEW 8.2 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
CHR - plugin: National Instruments LabVIEW 8.6 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv86win32.dll
CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv90win32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
 
O1 HOSTS File: ([2013/07/08 18:18:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Users\Tobias Rossmann\Desktop\Studium\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NI Update Service] C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000..\Run: [NIRegistrationWizard] C:\Users\Tobias Rossmann\Desktop\Studium\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
O4 - Startup: C:\Users\Tobias Rossmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B342B67-2DD7-4797-98B9-04CEF99E0D86}: DhcpNameServer = 192.168.220.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/28 11:36:18 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/07/27 15:09:23 | 000,050,968 | ---- | C] (cake bake) -- C:\Program Files\WCDesktop.Updater.exe
[2013/07/27 14:33:23 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\AppData\Roaming\Web Cake
[2013/07/27 10:12:17 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\Desktop\Benediktenwand2013
[2013/07/24 15:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/24 15:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/17 09:49:44 | 000,000,000 | ---D | C] -- C:\windows\System32\MRT
[2013/07/12 18:39:55 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\Desktop\malwarebytes
[2013/07/11 13:37:45 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/07/11 13:37:43 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/07/11 13:37:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/07/11 13:37:42 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/07/11 13:37:41 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/07/11 13:37:40 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/07/11 13:37:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/07/11 13:37:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/07/11 13:37:39 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/07/11 13:37:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/07/10 19:27:52 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013/07/10 19:27:47 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2013/07/10 19:27:46 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll
[2013/07/10 19:27:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/07/08 18:30:54 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/07/08 18:21:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/08 17:59:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/07/08 17:59:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/07/08 17:59:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/07/08 17:55:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/08 17:55:01 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/07/06 15:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/06 15:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/04 01:25:14 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/04 00:22:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/03 18:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/07/03 18:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zipper
[2013/07/03 18:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2013/07/03 18:42:36 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\AppData\Local\Programs
[2 C:\Users\Tobias Rossmann\Desktop\*.tmp files -> C:\Users\Tobias Rossmann\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/28 11:58:11 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/28 11:58:11 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/28 11:53:33 | 000,000,702 | ---- | M] () -- C:\windows\tasks\MATLAB R2011b Startup Accelerator.job
[2013/07/28 11:48:50 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/28 11:47:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/28 11:47:41 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/28 11:34:22 | 000,001,152 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Continue Image Editor Installation.lnk
[2013/07/28 11:13:00 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/28 11:08:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/27 15:09:22 | 000,050,968 | ---- | M] (cake bake) -- C:\Program Files\WCDesktop.Updater.exe
[2013/07/27 10:14:05 | 000,763,254 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/07/27 10:14:05 | 000,718,532 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/07/27 10:14:05 | 000,173,608 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/07/27 10:14:05 | 000,146,554 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/07/21 10:24:54 | 000,024,376 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Sebastião Salgado 07.jpg
[2013/07/15 10:33:45 | 005,765,722 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Pilze.JPG
[2013/07/11 15:22:46 | 000,447,304 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/07/09 17:48:26 | 000,064,477 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Werner.jpg
[2013/07/08 18:18:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/07/03 18:46:38 | 000,001,144 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Continue Zip Opener Installation.lnk
[2013/07/03 18:46:07 | 000,001,966 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Local\recently-used.xbel
[2 C:\Users\Tobias Rossmann\Desktop\*.tmp files -> C:\Users\Tobias Rossmann\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/28 11:34:22 | 000,001,152 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Continue Image Editor Installation.lnk
[2013/07/21 10:24:53 | 000,024,376 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Sebastião Salgado 07.jpg
[2013/07/15 10:33:45 | 005,765,722 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Pilze.JPG
[2013/07/09 17:48:26 | 000,064,477 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Werner.jpg
[2013/07/08 17:59:25 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/07/08 17:59:25 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/07/08 17:59:25 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/07/08 17:59:25 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/07/08 17:59:25 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/07/06 15:00:06 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/03 18:46:38 | 000,001,144 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Continue Zip Opener Installation.lnk
[2013/07/03 18:46:07 | 000,001,966 | ---- | C] () -- C:\Users\Tobias Rossmann\AppData\Local\recently-used.xbel
[2013/03/20 21:38:11 | 000,075,264 | ---- | C] () -- C:\windows\System32\callrproxy.dll
[2011/11/16 15:22:04 | 000,003,843 | ---- | C] () -- C:\windows\scad3.INI
[2011/07/13 04:40:57 | 000,000,000 | ---- | C] () -- C:\Users\Tobias Rossmann\AppData\Local\{F0D212F8-ABBE-4CF2-B8CE-0F99522FBD83}
[2011/07/13 01:40:42 | 000,000,000 | ---- | C] () -- C:\Users\Tobias Rossmann\AppData\Local\{FE9F1CF2-22C6-49B6-87E6-39CD9422313F}
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---

[/CODE]

05.07.2013, 09:03	#32
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Hilfe gegen Trojaner GVU Ich hab doch geschrieben, dass man eine Bereinigung probieren kann, empfohlen bei ZeroAccess ist aber eine Neuinstallation __________________ __________________

05.07.2013, 09:33	#34
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Hilfe gegen Trojaner GVU Ich hab dir ne Neuinstallation empfohlen. Da du da aber nicht sofort für Zeit hast, war mein Ansatz, dass wir erstmal das Gröbste mit Combofix entfernen. Und dann wenn wieder etwas Zeit ist, kannst du in Ruhe die Kiste plätten und neumachen __________________ Logfiles bitte immer in CODE-Tags posten

05.07.2013, 10:31	#36
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Hilfe gegen Trojaner GVU Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags) __________________ --> Hilfe gegen Trojaner GVU

14.07.2013, 17:09	#40
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Hilfe gegen Trojaner GVU Und wo ist das Log von GMER? MBAR bitte mal von hier laden => http://downloads.malwarebytes.org/file/mbar __________________ Logfiles bitte immer in CODE-Tags posten

24.07.2013, 15:17	#42
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Hilfe gegen Trojaner GVU Bitte die Logs von Malwarebytes (mbar) immer posten __________________ Logfiles bitte immer in CODE-Tags posten

Hilfe gegen Trojaner GVU

Plagegeister aller Art und deren Bekämpfung: Hilfe gegen Trojaner GVU