Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Nach Polizeivirus install_0_msi.exe nicht mehr da (https://www.trojaner-board.de/123127-polizeivirus-install_0_msi-exe-mehr.html)

Serabuche 30.08.2012 23:56
Nach Polizeivirus install_0_msi.exe nicht mehr da
 
Kann mir jemand helfen?

Meldung nach dem Windows start,
Beispiel Bild:


http://www.trojaner-board.de/attachm...lermeldung.jpg



---------------------------------------------------------------------
Logfiles:
-----------

OTL Extras logfile created on: 31.08.2012 00:25:18 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Sera\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,90% Memory free
8,00 Gb Paging File | 6,28 Gb Available in Paging File | 78,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 49,64 Gb Free Space | 49,64% Space Free | Partition Type: NTFS
Drive D: | 132,88 Gb Total Space | 89,95 Gb Free Space | 67,69% Space Free | Partition Type: NTFS
Drive E: | 232,76 Gb Total Space | 152,46 Gb Free Space | 65,50% Space Free | Partition Type: NTFS
Drive F: | 111,79 Gb Total Space | 111,69 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive J: | 13,70 Gb Total Space | 11,12 Gb Free Space | 81,16% Space Free | Partition Type: FAT32

Computer Name: SERA-PC | User Name: Sera | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01777F13-E926-4339-9667-C81F47AC85A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{148FA0FA-F235-40D6-88CE-2D90CCF79D89}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1DB0FADF-2FAF-4CCA-AE6E-FB7E3C34FA42}" = lport=139 | protocol=6 | dir=in | app=system |
"{2313DCC9-5F14-451A-8A77-9C7F436FF452}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28A6C5AE-1A3B-4126-AAA2-BDE2CE404F21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C2E1446-E845-4AAC-A3A7-C9C914BE4EFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E71F88C-4056-4E66-A4B6-D34AEDA57E33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35A75FBF-7E4A-4849-A1D9-37E41E18B91D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3ABC03C1-5DB4-4810-983D-C33E89A61B5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B542C8D-3DC0-43D1-B4E0-D4589895F792}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{509FB9B3-B295-4064-8A60-FD47AF16D715}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E35F46A-2328-4425-A9F1-C7AA08374E25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70FC866B-3C90-4869-B474-0B97D5FC0B90}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{79C06308-4CE9-407A-A7AD-65BB1B7AF7B5}" = lport=445 | protocol=6 | dir=in | app=system |
"{79EDE12F-6121-4898-83E9-1CF536334850}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D4CFEF2-B232-43A2-BB64-6C081746C217}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81CDC13C-9718-43A3-8DC0-C9A304CE092B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{896DE469-1894-4BE2-9AB7-4489E78BCA63}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8C16EB70-B775-4959-B20F-A201C79367E4}" = lport=137 | protocol=17 | dir=in | app=system |
"{8E7A31C6-F7DC-4F54-91E0-E8EC9D01CCBF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A93759F7-3129-4D21-85B7-578E7045628F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF5E93F7-3E6F-4921-B09E-7EAC944FA84B}" = rport=139 | protocol=6 | dir=out | app=system |
"{B8F0A850-6E0F-495F-AE01-5C69E28F5B03}" = lport=138 | protocol=17 | dir=in | app=system |
"{B91369B1-10BB-4957-AE5D-2801A2254FC1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA14CF7B-38E3-44F3-8011-24D438D2BB27}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1CB5742-529F-4C27-B12E-AD0A36AE07D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E817E0B4-FD9C-454A-AFFE-72318BD59FE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFAC5209-697B-4093-9C4E-0BECCD300BFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F50B0B51-32F7-44BA-BC1A-A93502B8A632}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F96EF972-50B9-4488-8C06-0D40223238F0}" = rport=137 | protocol=17 | dir=out | app=system |
"{FB72F048-C8BC-4C85-8C8E-843F424E0D03}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE8FA8D9-2E55-40EF-9157-314ED5004506}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045A2A76-4793-4F54-9B66-497F3454D2AE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{05CCC652-780A-41C4-879C-07908762A5A9}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{071BBA47-5642-4B29-B98B-BE99CF563779}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{17601E87-9B15-4CC6-8818-7EBBD0DF6CE6}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{26768E2A-5D11-45D7-8382-CD5EAAA231E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E5571DD-2156-4B12-8089-556A74744ECD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3132CCB9-6824-4E73-B070-4985E9CDADC1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{3543EA0B-B8B0-4CC2-BECC-A2044B4B643F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BCFB9B8-CE75-458B-87BB-9D20B120D4B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4CEFC374-C6DA-4428-A539-1C9738745622}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{52FB7F96-BC45-4ED6-B89F-6E2D616F5F63}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{5703EAF1-9637-4C9D-9356-AC93DF95D0E1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{605BE609-D050-4C50-8847-E3A09C539074}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{771D8954-0C78-4F65-BF5C-694BEBA52B3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CF7719F-2EA3-4DBB-9172-FCE015BD282C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D51E62F-B983-40F1-A9A4-9F1CA9935B46}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7F825652-DA34-4797-85CF-C6976C116F96}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7FC36DB3-B402-416B-B28A-1230FC82DED2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{81CC1AB3-745E-4B25-8A6E-564363A75D1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D4F716A-6F2B-4B9C-AEF2-520F9E69B2FF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A05645A1-ABA3-4A5A-8077-5FD5F8271F68}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A542382A-2C3A-4507-8044-FF48A1EF2026}" = protocol=6 | dir=in | app=e:\mamas ordner\proggs\azureus\azureus.exe |
"{B0A2C2E6-9614-4CD3-AA24-E396F8F44959}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{B88C5F97-992C-42D9-B14D-24EAE704EDEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD9E11C4-9B76-4B24-922D-26F8FAC6FA22}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C2454C06-43DC-4FE1-B0CD-57CD4B37880C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C3552995-2591-4B02-90E5-5CD02E54422C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C5A370EC-BF4D-4774-9494-EEC33D9BC68F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C5A3BB71-9ECD-4026-852E-CB6554CCD37E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C6FAF979-DEE1-4CF3-AF8A-2AB022AF4AD7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7793B7D-B577-4462-8A49-34AFBECA0664}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C8D5041F-E123-4DAD-81F4-F25C82F24842}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{C9CC4CBF-C68B-415C-A754-F2403118C0E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE3CEB59-C063-4705-AA59-B8F598A895C5}" = protocol=6 | dir=out | app=system |
"{DB0CACBC-F8A0-48DA-9EA4-2F3D02FF5E28}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E68930CD-86E6-4972-A090-B8FADC993420}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E73402E0-C642-4DFF-8438-B4B3DD82F83C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{F442C8DB-2583-4DA3-8F88-18A7789747D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FBC9AF47-FE53-4406-A73C-8AF87A5E45FA}" = protocol=17 | dir=in | app=e:\mamas ordner\proggs\azureus\azureus.exe |
"TCP Query User{6A1EA4CE-A865-465D-9B4E-E40C112991A5}C:\users\sera\appdata\roaming\uvyben\axqua.exe" = protocol=6 | dir=in | app=c:\users\sera\appdata\roaming\uvyben\axqua.exe |
"TCP Query User{CF815926-1AF2-4D37-9AA8-11CD932D6747}C:\program files (x86)\mozilla firefox 4.0 beta 6\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox 4.0 beta 6\plugin-container.exe |
"UDP Query User{987B222B-6EEE-4A97-BDFA-1576A83D8B0E}C:\program files (x86)\mozilla firefox 4.0 beta 6\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox 4.0 beta 6\plugin-container.exe |
"UDP Query User{BBBA4C27-6368-4BE5-B8D8-672617B46D97}C:\users\sera\appdata\roaming\uvyben\axqua.exe" = protocol=17 | dir=in | app=c:\users\sera\appdata\roaming\uvyben\axqua.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4C47DA93-303F-4165-918B-BCBAD9099DB8}" = Russisch für Deutsche - empfohlen
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F827F147-D65E-43C9-B73F-7401CA93FDB3}" = Russisch (deutschе Tastatur)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Upload-Manager" = 1&1 Upload-Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Free 3D Video Maker_is1" = Free 3D Video Maker version 1.1.5.508
"Free Audio Converter_is1" = Free Audio Converter version 5.0.11.508
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.12.804
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Google Chrome" = Google Chrome
"Internet Download Manager" = Internet Download Manager
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ST6UNST #1" = BEWERBUNGSMASTER
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.1.11

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19.10.2011 00:55:29 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9079

Error - 19.10.2011 00:55:29 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9079

Error - 19.10.2011 00:55:30 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19.10.2011 00:55:30 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10077

Error - 19.10.2011 00:55:30 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10077

Error - 19.10.2011 04:50:24 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19.10.2011 04:50:24 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1060

Error - 19.10.2011 04:50:24 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1060

Error - 19.10.2011 04:50:25 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19.10.2011 04:50:25 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2059

[ Media Center Events ]
Error - 07.12.2011 09:47:52 | Computer Name = Sera-PC | Source = Microsoft-Windows-Media Center Extender | ID = 536
Description =

Error - 07.12.2011 09:50:52 | Computer Name = Sera-PC | Source = Microsoft-Windows-Media Center Extender | ID = 536
Description =

Error - 07.12.2011 09:57:10 | Computer Name = Sera-PC | Source = Microsoft-Windows-Media Center Extender | ID = 536
Description =

Error - 07.12.2011 10:01:19 | Computer Name = Sera-PC | Source = Microsoft-Windows-Media Center Extender | ID = 536
Description =

[ System Events ]
Error - 30.08.2012 05:40:09 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 07:14:28 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 07:14:30 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 08:59:16 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 08:59:18 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 09:37:43 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 09:37:45 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 11:15:33 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 11:15:35 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 15:33:28 | Computer Name = Sera-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.


< End of report >
-----------------------------------------------------------------------


OTL logfile created on: 31.08.2012 00:25:18 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Sera\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,90% Memory free
8,00 Gb Paging File | 6,28 Gb Available in Paging File | 78,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 49,64 Gb Free Space | 49,64% Space Free | Partition Type: NTFS
Drive D: | 132,88 Gb Total Space | 89,95 Gb Free Space | 67,69% Space Free | Partition Type: NTFS
Drive E: | 232,76 Gb Total Space | 152,46 Gb Free Space | 65,50% Space Free | Partition Type: NTFS
Drive F: | 111,79 Gb Total Space | 111,69 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive J: | 13,70 Gb Total Space | 11,12 Gb Free Space | 81,16% Space Free | Partition Type: FAT32

Computer Name: SERA-PC | User Name: Sera | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sera\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()


========== Services (SafeList) ==========

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ui11rdr) -- C:\Windows\SysNative\drivers\ui11rdr.SYS (1&1 Internet AG)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=a4ea60ff000000000000001fd055267c
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 E8 A3 BD 2C 78 CB 01 [binary data]
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\URLSearchHook: {dfabc5b5-039b-4865-979a-de31cdf3e351} - No CLSID value found
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes,DefaultScope = {0590B797-28CC-4B24-BC3E-6BC6BF9627C3}
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes\{0590B797-28CC-4B24-BC3E-6BC6BF9627C3}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100789&babsrc=SP_ss&mntrId=a4ea60ff000000000000001fd055267c
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 11:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Sera\AppData\Roaming\IDM\idmmzcc3 [2011.05.23 22:29:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Sera\AppData\Roaming\IDM\idmmzcc3 [2011.05.23 22:29:10 | 000,000,000 | ---D | M]

[2010.10.24 20:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Extensions
[2010.08.26 22:51:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.05.05 20:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.10.22 12:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\fv7cfqo8.default\extensions
[2011.09.28 21:45:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\fv7cfqo8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.26 23:32:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\fv7cfqo8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.30 23:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions
[2012.07.25 23:17:50 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.08.21 10:38:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.26 23:32:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.22 11:32:11 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Sera\AppData\Roaming\Mozilla\Firefox\Profiles\fv7cfqo8.default\searchplugins\icqplugin.xml
[2012.01.09 23:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.09 23:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 6\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM
[2012.07.20 11:20:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.09 23:04:24 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: YouTube = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Billabong Surf Theme = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnjghdbnnficankmjeocglncagiippoc\1.0_0\
CHR - Extension: Google Mail = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [audiohddrive] C:\Users\Sera\AppData\Roaming\audiohddrive\audiohddrive.exe File not found
O4:64bit: - HKLM..\Run: [audiohddrivewin] C:\Users\Sera\AppData\Roaming\audiohddrivewin\audiohddrivewin.exe File not found
O4:64bit: - HKLM..\Run: [AudioTreiber_x64] C:\Users\Sera\AppData\Roaming\AudioTreiber_x64\AudioTreiber_x64.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-357678653-1223163808-252771922-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-357678653-1223163808-252771922-1001..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94382F93-BB1E-4413-B941-CFB4EA52BDE8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Sera\AppData\Roaming\audiohddrive\audiohddrive.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Sera\AppData\Roaming\audiohddrivewin\audiohddrivewin.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Sera\AppData\Roaming\drivehdwin\drivehdwin.exeC:\Users\Sera\AppData\Roaming\AudioTreiber_x64\AudioTreiber_x64.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{02b5c2ce-e006-11df-ac38-001167b61e81}\Shell - "" = AutoRun
O33 - MountPoints2\{02b5c2ce-e006-11df-ac38-001167b61e81}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk /p \?HINE BootExecute sett)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.30 23:40:20 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Sera\Desktop\OTL.exe
[2012.08.30 22:11:25 | 000,000,000 | ---D | C] -- C:\Users\Sera\AppData\Roaming\Avira
[2012.08.30 21:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.30 21:59:47 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.08.30 21:59:47 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.08.30 21:59:47 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.08.30 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.30 21:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.08.30 21:52:12 | 000,000,000 | ---D | C] -- C:\Users\Sera\AppData\Roaming\NetSpeedMonitor
[2012.01.04 09:59:25 | 000,060,416 | ---- | C] (gdsfgsdf) -- C:\Users\Sera\AppData\Roaming\408938.exe
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.31 00:24:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.31 00:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.30 23:40:22 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Sera\Desktop\OTL.exe
[2012.08.30 23:32:15 | 002,213,358 | ---- | M] () -- C:\Users\Sera\Desktop\Unbenannt.png
[2012.08.30 23:30:35 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.30 23:26:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 23:26:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 23:18:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.30 23:18:14 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.30 21:42:58 | 083,023,306 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.29 11:26:34 | 000,001,889 | ---- | M] () -- C:\Users\Sera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.27 13:27:03 | 000,000,162 | -H-- | M] () -- C:\Users\Sera\Documents\~$rita l.rtf
[2012.08.15 10:08:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 10:08:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.30 23:32:14 | 002,213,358 | ---- | C] () -- C:\Users\Sera\Desktop\Unbenannt.png
[2012.08.29 11:26:34 | 000,001,889 | ---- | C] () -- C:\Users\Sera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.29 11:26:32 | 083,023,306 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.27 13:27:03 | 000,000,162 | -H-- | C] () -- C:\Users\Sera\Documents\~$rita l.rtf
[2012.02.18 21:03:32 | 000,000,562 | ---- | C] () -- C:\Windows\wiso.ini
[2011.11.21 19:39:04 | 000,000,217 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.11.21 19:39:04 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.07.06 18:12:20 | 000,005,981 | ---- | C] () -- C:\Users\Sera\ESt2009_Buchmüller_Sergej_und_Margarethe.elfo
[2011.07.03 02:56:25 | 000,007,603 | ---- | C] () -- C:\Users\Sera\AppData\Local\Resmon.ResmonCfg
[2011.05.20 20:57:45 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.03.25 11:10:03 | 000,033,134 | ---- | C] () -- C:\Users\Sera\AppData\Roaming\UserTile.png
[2010.10.25 08:58:22 | 000,037,467 | ---- | C] () -- C:\Users\Sera\russisch tastatur.exe
[2010.10.24 20:30:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.24 13:18:58 | 012,666,128 | ---- | C] () -- C:\Users\Sera\objectdock_1_9_536.exe

========== LOP Check ==========

[2012.06.09 10:44:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\redsn0w
[2012.01.09 14:27:16 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\1&1
[2010.11.08 14:10:54 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\ACD Systems
[2012.01.23 23:37:02 | 000,000,000 | RHSD | M] -- C:\Users\Sera\AppData\Roaming\audiohddrive
[2011.11.04 17:15:08 | 000,000,000 | RHSD | M] -- C:\Users\Sera\AppData\Roaming\audiohddrivewin
[2012.01.23 23:37:02 | 000,000,000 | RHSD | M] -- C:\Users\Sera\AppData\Roaming\AudioTreiber_x64
[2012.08.30 23:12:35 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Azureus
[2012.01.09 23:04:23 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Babylon
[2012.02.18 21:04:45 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Buhl Data Service
[2011.10.09 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DAEMON Tools Lite
[2012.08.30 22:25:35 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DMCache
[2011.07.05 20:36:47 | 000,000,000 | -H-D | M] -- C:\Users\Sera\AppData\Roaming\drivehdwin
[2012.06.02 14:06:14 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DVDVideoSoft
[2011.08.15 16:18:15 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.27 17:29:02 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Fisher-Price
[2011.05.27 15:05:14 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Fuov
[2012.01.09 12:59:43 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\ICQ
[2012.08.30 22:23:51 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\IDM
[2011.05.20 21:19:22 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Leadertech
[2012.08.31 00:29:26 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\NetSpeedMonitor
[2011.12.19 00:20:53 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Paloma Networks, Inc
[2012.06.11 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\redsn0w
[2010.11.07 04:17:40 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\streamripper
[2011.10.28 01:40:35 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\TeamViewer
[2012.06.18 21:45:17 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\TomTom
[2010.11.07 18:55:58 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Ubisoft
[2011.06.24 01:30:30 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\updaterz
[2011.06.24 01:30:25 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Uvyben
[2011.07.10 21:05:54 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\whitepixel
[2012.01.23 23:37:02 | 000,000,000 | -HSD | M] -- C:\Users\Sera\AppData\Roaming\winsvchost
[2012.02.29 21:21:38 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Xilisoft
[2012.05.31 23:13:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
------------------------------------------------------------------------

Danke in voraus!
MfG. Sera

kira 31.08.2012 06:30
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malwarevon hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
erneut einen Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

Serabuche 01.09.2012 14:03
also das kam dabei raus

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.01.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Sera :: SERA-PC [Administrator]

01.09.2012 12:22:50
mbam-log-2012-09-01 (12-22-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 565403
Laufzeit: 1 Stunde(n), 8 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\$Recycle.Bin\S-1-5-18\$8414520073c97ab01b01bc433a5ff08b\U\00000004.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-18\$8414520073c97ab01b01bc433a5ff08b\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-18\$8414520073c97ab01b01bc433a5ff08b\U\000000cb.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-18\$8414520073c97ab01b01bc433a5ff08b\U\80000000.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sera\AppData\Local\Alt.Binz\download\App's\KMS.Activator.for.Microsoft.Office.2010.Applications.x86.x64.Multilingual-FIXISO\mini-KMS_Activator_v1.053.exe (PUP.Hacktool.Office) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sera\AppData\Roaming\408938.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
OTL logfile created on: 01.09.2012 14:34:54 - Run 3
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\Sera\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,38% Memory free
8,00 Gb Paging File | 6,66 Gb Available in Paging File | 83,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 48,83 Gb Free Space | 48,83% Space Free | Partition Type: NTFS
Drive D: | 132,88 Gb Total Space | 89,94 Gb Free Space | 67,68% Space Free | Partition Type: NTFS
Drive E: | 232,76 Gb Total Space | 152,46 Gb Free Space | 65,50% Space Free | Partition Type: NTFS
Drive F: | 111,79 Gb Total Space | 111,69 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive J: | 13,70 Gb Total Space | 11,12 Gb Free Space | 81,16% Space Free | Partition Type: FAT32
 
Computer Name: SERA-PC | User Name: Sera | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sera\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ui11rdr) -- C:\Windows\SysNative\drivers\ui11rdr.SYS (1&1 Internet AG)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=a4ea60ff000000000000001fd055267c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 E8 A3 BD 2C 78 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {dfabc5b5-039b-4865-979a-de31cdf3e351} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0590B797-28CC-4B24-BC3E-6BC6BF9627C3}
IE - HKCU\..\SearchScopes\{0590B797-28CC-4B24-BC3E-6BC6BF9627C3}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100789&babsrc=SP_ss&mntrId=a4ea60ff000000000000001fd055267c
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 11:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Sera\AppData\Roaming\IDM\idmmzcc3 [2011.05.23 22:29:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Sera\AppData\Roaming\IDM\idmmzcc3 [2011.05.23 22:29:10 | 000,000,000 | ---D | M]
 
[2010.10.24 20:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Extensions
[2010.08.26 22:51:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.05.05 20:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.10.22 12:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\fv7cfqo8.default\extensions
[2011.09.28 21:45:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\fv7cfqo8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.26 23:32:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\fv7cfqo8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.30 23:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions
[2012.07.25 23:17:50 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.08.21 10:38:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.26 23:32:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.22 11:32:11 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Sera\AppData\Roaming\Mozilla\Firefox\Profiles\fv7cfqo8.default\searchplugins\icqplugin.xml
[2012.01.09 23:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.09 23:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 6\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM
[2012.07.20 11:20:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.09 23:04:24 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: YouTube = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Billabong Surf Theme = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnjghdbnnficankmjeocglncagiippoc\1.0_0\
CHR - Extension: Google Mail = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [audiohddrive] C:\Users\Sera\AppData\Roaming\audiohddrive\audiohddrive.exe File not found
O4:64bit: - HKLM..\Run: [audiohddrivewin] C:\Users\Sera\AppData\Roaming\audiohddrivewin\audiohddrivewin.exe File not found
O4:64bit: - HKLM..\Run: [AudioTreiber_x64] C:\Users\Sera\AppData\Roaming\AudioTreiber_x64\AudioTreiber_x64.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94382F93-BB1E-4413-B941-CFB4EA52BDE8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Sera\AppData\Roaming\audiohddrive\audiohddrive.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Sera\AppData\Roaming\audiohddrivewin\audiohddrivewin.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Sera\AppData\Roaming\drivehdwin\drivehdwin.exeC:\Users\Sera\AppData\Roaming\AudioTreiber_x64\AudioTreiber_x64.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{02b5c2ce-e006-11df-ac38-001167b61e81}\Shell - "" = AutoRun
O33 - MountPoints2\{02b5c2ce-e006-11df-ac38-001167b61e81}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk /p \?HINE BootExecute sett)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.01 12:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.01 12:19:03 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.01 12:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.31 10:33:28 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.08.30 23:40:20 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Sera\Desktop\OTL.exe
[2012.08.30 22:11:25 | 000,000,000 | ---D | C] -- C:\Users\Sera\AppData\Roaming\Avira
[2012.08.30 21:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.30 21:59:47 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.08.30 21:59:47 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.08.30 21:59:47 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.08.30 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.30 21:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.08.30 21:52:12 | 000,000,000 | ---D | C] -- C:\Users\Sera\AppData\Roaming\NetSpeedMonitor
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.01 14:38:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.01 14:38:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.01 14:31:11 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.01 14:30:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.01 14:30:47 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.01 14:24:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.01 14:08:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 00:33:39 | 000,022,953 | ---- | M] () -- C:\Users\Sera\Desktop\Unbenannt.png
[2012.08.30 23:40:22 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Sera\Desktop\OTL.exe
[2012.08.30 21:42:58 | 083,023,306 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.27 13:27:03 | 000,000,162 | -H-- | M] () -- C:\Users\Sera\Documents\~$rita l.rtf
[2012.08.15 10:08:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 10:08:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.30 23:32:14 | 000,022,953 | ---- | C] () -- C:\Users\Sera\Desktop\Unbenannt.png
[2012.08.29 11:26:32 | 083,023,306 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.27 13:27:03 | 000,000,162 | -H-- | C] () -- C:\Users\Sera\Documents\~$rita l.rtf
[2012.02.18 21:03:32 | 000,000,562 | ---- | C] () -- C:\Windows\wiso.ini
[2011.11.21 19:39:04 | 000,000,217 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.11.21 19:39:04 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.07.06 18:12:20 | 000,005,981 | ---- | C] () -- C:\Users\Sera\ESt2009_Buchmüller_Sergej_und_Margarethe.elfo
[2011.07.03 02:56:25 | 000,007,603 | ---- | C] () -- C:\Users\Sera\AppData\Local\Resmon.ResmonCfg
[2011.05.20 20:57:45 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.03.25 11:10:03 | 000,033,134 | ---- | C] () -- C:\Users\Sera\AppData\Roaming\UserTile.png
[2010.10.25 08:58:22 | 000,037,467 | ---- | C] () -- C:\Users\Sera\russisch tastatur.exe
[2010.10.24 20:30:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.24 13:18:58 | 012,666,128 | ---- | C] () -- C:\Users\Sera\objectdock_1_9_536.exe
 
========== LOP Check ==========
 
[2012.01.09 14:27:16 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\1&1
[2010.11.08 14:10:54 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\ACD Systems
[2012.01.23 23:37:02 | 000,000,000 | RHSD | M] -- C:\Users\Sera\AppData\Roaming\audiohddrive
[2011.11.04 17:15:08 | 000,000,000 | RHSD | M] -- C:\Users\Sera\AppData\Roaming\audiohddrivewin
[2012.01.23 23:37:02 | 000,000,000 | RHSD | M] -- C:\Users\Sera\AppData\Roaming\AudioTreiber_x64
[2012.08.30 23:12:35 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Azureus
[2012.01.09 23:04:23 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Babylon
[2012.02.18 21:04:45 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Buhl Data Service
[2011.10.09 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DAEMON Tools Lite
[2012.08.30 22:25:35 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DMCache
[2011.07.05 20:36:47 | 000,000,000 | -H-D | M] -- C:\Users\Sera\AppData\Roaming\drivehdwin
[2012.06.02 14:06:14 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DVDVideoSoft
[2011.08.15 16:18:15 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.27 17:29:02 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Fisher-Price
[2011.05.27 15:05:14 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Fuov
[2012.01.09 12:59:43 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\ICQ
[2012.08.30 22:23:51 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\IDM
[2011.05.20 21:19:22 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Leadertech
[2012.09.01 14:42:45 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\NetSpeedMonitor
[2011.12.19 00:20:53 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Paloma Networks, Inc
[2012.06.11 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\redsn0w
[2010.11.07 04:17:40 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\streamripper
[2011.10.28 01:40:35 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\TeamViewer
[2012.06.18 21:45:17 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\TomTom
[2010.11.07 18:55:58 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Ubisoft
[2011.06.24 01:30:30 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\updaterz
[2011.06.24 01:30:25 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Uvyben
[2011.07.10 21:05:54 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\whitepixel
[2012.01.23 23:37:02 | 000,000,000 | -HSD | M] -- C:\Users\Sera\AppData\Roaming\winsvchost
[2012.02.29 21:21:38 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Xilisoft
[2012.05.31 23:13:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
install
Code:
1&1 Upload-Manager        1&1 Internet AG        03.03.2012                2.0.676
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        14.08.2012        6,00MB        11.3.300.271
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        14.08.2012        6,00MB        11.3.300.271
Adobe Reader X (10.1.3) - Deutsch        Adobe Systems Incorporated        15.04.2012        168,2MB        10.1.3
Avira Free Antivirus        Avira        29.08.2012        110,9MB        12.0.0.1167
BEWERBUNGSMASTER                18.12.2011               
Bonjour        Apple Inc.        10.06.2012        2,00MB        3.0.0.10
CCleaner        Piriform        09.07.2011                3.08
DAEMON Tools Toolbar        DT Soft Ltd        23.10.2010                1.1.2.0185
Defraggler        Piriform        21.10.2011                2.07
Free 3D Video Maker version 1.1.5.508        DVDVideoSoft Ltd.        01.06.2012        53,4MB        1.1.5.508
Free Audio Converter version 5.0.11.508        DVDVideoSoft Ltd.        01.06.2012        75,7MB        5.0.11.508
Free YouTube Download 3 version 3.0.12.804        DVDVideoSoft Limited.        14.08.2011        41,9MB       
Free YouTube to MP3 Converter version 3.10.15.1228        DVDVideoSoft Ltd.        20.01.2012        85,6MB       
Google Chrome        Google Inc.        09.07.2011                21.0.1180.83
Google Drive        Google, Inc.        06.08.2012        12,4MB        1.3.3209.2688
Google Earth Plug-in        Google        30.06.2012        48,7MB        6.2.2.6613
Internet Download Manager                22.05.2011               
Java(TM) 7 Update 5        Oracle        01.06.2012        99,3MB        7.0.50
JavaFX 2.1.1        Oracle Corporation        20.07.2012        20,9MB        2.1.1
Logitech Vid        Logitech Inc.        19.05.2011        39,9MB        1.10.1009
Logitech Webcam Software        Logitech Inc.        19.05.2011        44,4MB        12.10.1113
Logitech Webcam Software-Treiberpaket        Logitech Inc.        19.05.2011                12.10.1110
Malwarebytes Anti-Malware Version 1.62.0.1300        Malwarebytes Corporation        31.08.2012        18,8MB        1.62.0.1300
Microsoft Office Professional Plus 2010        Microsoft Corporation        26.11.2010                14.0.4763.1000
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        26.11.2010        0,34MB        8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        28.02.2012        1,42MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        16.11.2011        0,23MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        26.11.2010        0,23MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        23.10.2010        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        05.07.2011        0,59MB        9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        29.08.2012        11,1MB        10.0.40219
Mozilla Firefox 14.0.1 (x86 de)        Mozilla        19.07.2012        36,3MB        14.0.1
MSXML 4.0 SP2 Parser and SDK        Microsoft Corporation        27.08.2011        1,23MB        4.20.9818.0
Nero BackItUp 10        Nero AG        26.11.2010        109,4MB        5.6.10600.6.100
Nero Burning ROM 10        Nero AG        26.11.2010        328MB        10.2.10500.7.100
Nero Multimedia Suite 10 Platinum HD        Nero AG        26.11.2010        392MB        10.5.10000
NetSpeedMonitor 2.5.4.0 x64        Florian Gilles        18.07.2012        1,25MB        2.5.4.0
NVIDIA 3D Vision Treiber 260.99        NVIDIA Corporation        06.11.2010                260.99
NVIDIA Grafiktreiber 260.99        NVIDIA Corporation        06.11.2010                260.99
NVIDIA PhysX-Systemsoftware 9.10.0514        NVIDIA Corporation        06.11.2010                9.10.0514
Rosetta Stone Version 3        Rosetta Stone Ltd.        04.11.2010        120,4MB        3.4.5.0
Russisch (deutschе Tastatur)        m-rothe.de        24.10.2010        40,00KB        1.0.3.13
Russisch für Deutsche - empfohlen        Uni Leipzig        29.10.2010        0,13MB        1.0.3.40
Skype™ 5.3        Skype Technologies S.A.        21.06.2011        16,6MB        5.3.120
TeamViewer 6        TeamViewer GmbH        27.10.2011                6.0.11117
VLC media player 1.1.11        VideoLAN        25.10.2011                1.1.11
WinRAR                23.10.2010               
WISO Steuer-Sparbuch 2012        Buhl Data Service GmbH        17.02.2012                19.00.7303

kira 02.09.2012 09:06
Habe leider schlechte Nachricht für Dich, da hast Du Dir ein grausliches Tierchen eingefangenhttp://www.world-of-smilies.com/wos_sonstige/crying.gif:
Zitat:
win32.ZAccess
Empfiehlt sich hier das System nur mehr neu zu installieren (alle anderen Optionen sind Unsinn!), da die Bekämpfung diese Art der Infektion ohne div. Nebenwirkungen und hinterlassenen Schaden, die immer wieder [auf verschiedene Weise] Probleme bereiten können, ist nicht möglich!
- einen Backdoor mit Rootkitfunktionalität http://www.world-of-smilies.com/wos_sonstige/crying.gif

diese Malware verwendet Rootkit-Technologie und Backdoor-Routine
*was sind Backdoors und Rootkits*

Verhaltensweise:
"speicherresident"

Zweites Problem ist:
Code:
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
► Hast Du nicht gewusst, dass Du dein System auf aktuellem Stand halten musst?
für Win7 das Service Pack 1 (SP1) fehlt:
das SP1 umfasst die neuesten Aktualisierungen, wie z.B wichtige Sicherheits-, Stabilitäts- und Leistungsverbesserungen.
- Der Internet Explorer auch veraltet, aktuell ist IE 9!
Allerdings in diesem Zustand (der Rechner aktuell durch Malware befallen ist), der alten Version eine Aufrüstung auf die nächste NICHT erfolgen darf, sonst schadet es mehr als es nutzt! Soll nun die Festplatte erst formatiert werden, also absolut malwarefrei sein!

Tipps & Rat: wenn Du deine Daten sichern möchtest:
- für eine reibungslose Abwicklung im Bereich Datensicherung, führe das folgende script mit OTL aus, außerdem das Tool TDSSKiller von Kaspersky laufen lassen:

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript (also - nach dem "Code", alles was in der Codebox steht! - (also beginnend mit :OTL und am Ende [emptytemp] ohne "code"!) :
Code:
:OTL
[2012.08.30 21:42:58 | 083,023,306 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.29 11:26:32 | 083,023,306 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4

:Files
C:\Users\Sera\AppData\Roaming\Azureus
C:\Users\Sera\AppData\Roaming\Babylon
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
Zitat:
Achtung Mitleser!:
Jedes einzelne OTL-Script wird individuell auf den Benutzer abgestimmt! Diese Anleitung gilt nur auf dem hier betroffenen Rechner. Anwendung bei anderen Maschinen oder Nutzung von "selbst erstellte Scriptkombination" kann zu ernsthaften Schäden führen!
2.
TDSSKiller von Kaspersky
  • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
  • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
  • deaktiviere vorübergehend dein AntiVirus-Programm
  • Starte die TDSSKiller.exe durch Doppelklick.
  • Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
    Bestätige das ggfs. mit Y(es).
    Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
  • Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.
Hier findest Du eine ausführlichere Anleitung.

3.
Datensicherung:
► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
- Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen
- Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall!
- Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren!

4.
-> Anleitung: Neuaufsetzen des Systems + Absicherung
-> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7

5.
- Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...:
- die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten

Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung
Absolut empfehlenswerter Scanner:
Zitat:
Eset Online Scanner (NOD32)
Panda-Aktivscan
Symantec Security Check
Die Online-Scanner sind alle reine On-Demand-Scanner. Sie durchsuchen einzelne Dateien oder Verzeichnisse, wahlweise die gesamte Festplatte, haben keinen Hintergrundwächter oder andere residente Prozesse. Dadurch verbrauchen sie ausser Festplattenspeicher keine Resourcen und man kann beliebig viele gleichzeitig installieren. Die Online-Scanner sind gut geeignet um sich eine zweite Meinung einzuholen.

6.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

gruß
kira


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131