Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojanerbefall nach Öffnen eines gezipten Mail-Anhangs (https://www.trojaner-board.de/136740-trojanerbefall-offnen-gezipten-mail-anhangs.html)

andparch 17.06.2013 10:43
Trojanerbefall nach Öffnen eines gezipten Mail-Anhangs
 
Hallo,
ich habe vor 3 Tagen doofer Weise den Anhang einer mail (gezipte Datei) geöffnet und mir Trojaner eingefangen. Mein Antivirus Premium hat 4 Trojaner entdeckt, in die Quarantäne geschickt, die ich dann gelöscht habe. Auch das Programm malwarebytes Anti-malware hat diese aufgespürt und entfernt. Ich weiß aber nun nicht, ob mein Laptop tatsächlich sauber ist. Ich traue micht deshalb nicht online banking etc. durchzuführen. Kann mir bitte jemand von euch Profis helfen? Danke.

MfG
andreas parchmann

schrauber 17.06.2013 10:51
Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

andparch 17.06.2013 11:12
Hallo,

danke, geht ja schnell hier. Hier nun die FRST Ergebnisse.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2013 01
Ran by Andreas (administrator) on 17-06-2013 12:04:49
Running from C:\Users\Andreas\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKCU\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [423144 2013-04-27] (BillP Studios)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-06] (Avira Operations GmbH & Co. KG)
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-06] (Acresso Corporation)
HKU\UpdatusUser\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\UpdatusUser\...\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKU\UpdatusUser\...\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup [44544 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/br/ie9_startpage
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: GMX Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -  No File
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - GMX Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: haufereader - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: haufereader - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{BB278452-0C5B-43B2-A317-F02F6C9A75DD}: [NameServer]193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\x3fl6gny.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @ei.TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Extension: TVU Web Player - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\x3fl6gny.default\Extensions\firefox@tvunetworks.com
FF Extension: speedanalysis02 - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\x3fl6gny.default\Extensions\speedanalysis02@SpeedAnalysis.com.xpi

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [371768 2013-05-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [562744 2013-05-06] (Avira Operations GmbH & Co. KG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-03-28] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S3 TuneUp.Defrag; %SystemRoot%\System32\TuneUpDefragService.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-21] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [116264 2009-05-25] (MCCI Corporation)
S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [19496 2009-05-25] (MCCI Corporation)
S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [158760 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [139304 2009-05-25] (MCCI Corporation)
S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [34856 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [135208 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [151592 2009-05-25] (MCCI Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-17 11:59 - 2013-06-17 11:59 - 01926844 ____A (Farbar) C:\Users\Andreas\Downloads\FRST64(1).exe
2013-06-17 11:53 - 2013-06-17 11:53 - 00000000 ____A C:\Users\Andreas\defogger_reenable
2013-06-17 11:51 - 2013-06-17 11:47 - 00050477 ____A C:\Users\Andreas\Downloads\Defogger.exe
2013-06-17 11:51 - 2013-06-17 11:20 - 05079999 ____A (Swearware) C:\Users\Andreas\Downloads\ComboFix.exe
2013-06-17 11:47 - 2013-06-17 11:47 - 00050477 ____A C:\Users\Andreas\Desktop\Defogger.exe
2013-06-17 11:19 - 2013-06-17 11:20 - 05079999 ____A (Swearware) C:\Users\Andreas\Desktop\ComboFix.exe
2013-06-17 11:19 - 2013-06-17 11:15 - 00602112 ____A (OldTimer Tools) C:\Users\Andreas\Desktop\OTL.exe
2013-06-17 11:15 - 2013-06-17 11:15 - 00602112 ____A (OldTimer Tools) C:\Users\Andreas\Downloads\OTL.exe
2013-06-17 11:07 - 2013-06-17 11:07 - 00000000 ____D C:\FRST
2013-06-17 11:01 - 2013-06-17 11:06 - 01926844 ____A (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2013-06-17 10:43 - 2013-06-17 10:43 - 00107616 ____A C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-15 23:24 - 2013-06-17 10:37 - 00000168 ____A C:\Windows\setupact.log
2013-06-15 23:24 - 2013-06-15 23:24 - 00401184 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-15 23:24 - 2013-06-15 23:24 - 00000842 ____A C:\Windows\PFRO.log
2013-06-15 23:24 - 2013-06-15 23:24 - 00000000 ____A C:\Windows\setuperr.log
2013-06-15 00:03 - 2013-06-15 00:03 - 00001419 ____A C:\AdwCleaner[S4].txt
2013-06-15 00:03 - 2013-06-15 00:03 - 00001357 ____A C:\AdwCleaner[R6].txt
2013-06-13 20:58 - 2013-06-15 22:35 - 00000000 ____D C:\ProgramData\Norton
2013-06-12 19:56 - 2013-06-12 19:56 - 00028870 ____A C:\ComboFix.txt
2013-06-12 18:35 - 2013-06-12 18:36 - 00001273 ____A C:\AdwCleaner[S3].txt
2013-06-12 18:35 - 2013-06-12 18:35 - 00001210 ____A C:\AdwCleaner[R5].txt
2013-06-12 18:31 - 2013-06-12 19:56 - 00000000 ____D C:\Qoobox
2013-06-12 18:31 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-12 18:31 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-12 18:31 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-12 18:31 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-12 18:31 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-12 18:31 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-12 18:31 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-12 18:31 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-12 18:18 - 2013-06-12 18:19 - 00001176 ____A C:\AdwCleaner[R4].txt
2013-06-12 18:07 - 2013-06-12 18:10 - 00011264 __ASH C:\Users\Andreas\AppData\Roaming\Thumbs.db
2013-06-11 19:52 - 2013-06-11 19:52 - 00001090 ____A C:\AdwCleaner[S2].txt
2013-06-11 19:52 - 2013-06-11 19:52 - 00001027 ____A C:\AdwCleaner[R3].txt
2013-06-11 18:11 - 2013-06-12 18:48 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Oazgurynj
2013-06-11 00:02 - 2013-02-22 08:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-11 00:02 - 2013-02-22 08:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-11 00:02 - 2013-02-22 05:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-11 00:02 - 2013-02-22 05:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-11 00:02 - 2013-02-22 05:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-11 00:01 - 2013-02-22 08:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-11 00:01 - 2013-02-22 08:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-11 00:01 - 2013-02-22 08:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-11 00:01 - 2013-02-22 08:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-11 00:01 - 2013-02-22 08:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-11 00:01 - 2013-02-22 08:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-11 00:01 - 2013-02-22 08:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-11 00:01 - 2013-02-22 08:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-11 00:01 - 2013-02-22 08:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 00:01 - 2013-02-22 08:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-11 00:01 - 2013-02-22 08:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-11 00:01 - 2013-02-22 08:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-11 00:01 - 2013-02-22 08:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-11 00:01 - 2013-02-22 08:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-11 00:01 - 2013-02-22 06:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-11 00:01 - 2013-02-22 05:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-11 00:01 - 2013-02-22 05:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-11 00:01 - 2013-02-22 05:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-11 00:01 - 2013-02-22 05:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-11 00:01 - 2013-02-22 05:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-11 00:01 - 2013-02-22 05:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-11 00:01 - 2013-02-22 05:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-11 00:01 - 2013-02-22 05:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-11 00:01 - 2013-02-22 05:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-11 00:01 - 2013-02-22 05:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-11 00:01 - 2013-02-22 05:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-11 00:01 - 2013-02-22 05:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-10 23:45 - 2013-06-10 23:45 - 00000000 ____D C:\_OTL
2013-06-10 22:50 - 2013-06-10 23:12 - 00000000 ____D C:\Windows\erdnt
2013-06-10 22:14 - 2013-06-12 18:56 - 00000000 ____D C:\JRT
2013-06-10 22:14 - 2013-06-10 22:14 - 00000000 ____D C:\Windows\ERUNT
2013-06-10 22:11 - 2013-06-10 22:11 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-10 22:11 - 2013-06-10 22:11 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-10 22:11 - 2013-06-10 22:11 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-10 22:11 - 2013-06-10 22:11 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-10 21:52 - 2013-06-10 22:01 - 00018058 ____A C:\AdwCleaner[S1].txt
2013-06-10 21:52 - 2013-06-10 21:52 - 00018055 ____A C:\AdwCleaner[R2].txt
2013-06-10 21:48 - 2013-06-10 21:48 - 00017994 ____A C:\AdwCleaner[R1].txt
2013-06-10 21:41 - 2013-06-10 21:41 - 00000000 ____D C:\Users\Andreas\AppData\Local\Secunia PSI
2013-06-10 21:36 - 2013-06-10 21:36 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-10 21:32 - 2013-02-12 17:37 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-10 21:31 - 2013-04-12 16:36 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-06-10 21:31 - 2013-03-01 05:32 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-10 21:31 - 2013-02-12 17:42 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-10 21:31 - 2013-02-12 17:31 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-10 21:31 - 2013-02-12 17:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-10 21:31 - 2013-02-12 17:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-10 21:31 - 2013-02-12 15:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-10 21:30 - 2013-03-19 08:19 - 05497688 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-10 21:30 - 2013-03-19 07:54 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-06-10 21:30 - 2013-03-19 07:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-06-10 21:30 - 2013-03-19 07:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-06-10 21:30 - 2013-03-19 06:53 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-06-10 21:30 - 2013-03-19 05:19 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-06-10 21:30 - 2013-01-24 07:41 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-06-10 21:11 - 2013-06-10 21:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-10 21:11 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-10 21:05 - 2013-06-10 21:05 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\WinPatrol
2013-06-10 21:05 - 2013-06-10 21:05 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-06-10 20:36 - 2013-06-11 16:37 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\BFD30963
2013-06-10 19:15 - 2013-06-14 00:09 - 00000000 ____D C:\Users\Andreas\Srwrlosbyfn
2013-06-09 13:47 - 2013-06-09 13:47 - 00244609 ____A C:\Users\Andreas\Desktop\Bestellung KH und Protein Riegel für Marv.xps
2013-05-31 15:22 - 2013-05-31 15:23 - 00000000 ____D C:\Users\Andreas\Desktop\CAN Leitfäden
2013-05-24 18:16 - 2013-05-24 18:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-06-17 11:59 - 2013-06-17 11:59 - 01926844 ____A (Farbar) C:\Users\Andreas\Downloads\FRST64(1).exe
2013-06-17 11:53 - 2013-06-17 11:53 - 00000000 ____A C:\Users\Andreas\defogger_reenable
2013-06-17 11:53 - 2011-05-23 16:22 - 00000000 ____D C:\users\Andreas
2013-06-17 11:47 - 2013-06-17 11:51 - 00050477 ____A C:\Users\Andreas\Downloads\Defogger.exe
2013-06-17 11:47 - 2013-06-17 11:47 - 00050477 ____A C:\Users\Andreas\Desktop\Defogger.exe
2013-06-17 11:30 - 2012-11-23 22:29 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-17 11:20 - 2013-06-17 11:51 - 05079999 ____A (Swearware) C:\Users\Andreas\Downloads\ComboFix.exe
2013-06-17 11:20 - 2013-06-17 11:19 - 05079999 ____A (Swearware) C:\Users\Andreas\Desktop\ComboFix.exe
2013-06-17 11:20 - 2012-06-25 12:15 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1485576863-2060095362-526887106-1002UA.job
2013-06-17 11:15 - 2013-06-17 11:19 - 00602112 ____A (OldTimer Tools) C:\Users\Andreas\Desktop\OTL.exe
2013-06-17 11:15 - 2013-06-17 11:15 - 00602112 ____A (OldTimer Tools) C:\Users\Andreas\Downloads\OTL.exe
2013-06-17 11:07 - 2013-06-17 11:07 - 00000000 ____D C:\FRST
2013-06-17 11:06 - 2013-06-17 11:01 - 01926844 ____A (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2013-06-17 10:45 - 2009-07-14 06:45 - 00010016 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-17 10:45 - 2009-07-14 06:45 - 00010016 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-17 10:43 - 2013-06-17 10:43 - 00107616 ____A C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-17 10:38 - 2012-02-03 19:47 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-17 10:37 - 2013-06-15 23:24 - 00000168 ____A C:\Windows\setupact.log
2013-06-17 10:37 - 2012-06-21 15:03 - 00000306 ____A C:\Windows\Tasks\TNYCTYUAB.job
2013-06-17 10:37 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-17 00:26 - 2011-04-30 11:18 - 01813286 ____A C:\Windows\WindowsUpdate.log
2013-06-16 20:53 - 2012-08-09 19:44 - 00000000 ____D C:\Users\Andreas\Desktop\Torhüter
2013-06-15 23:24 - 2013-06-15 23:24 - 00401184 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-15 23:24 - 2013-06-15 23:24 - 00000842 ____A C:\Windows\PFRO.log
2013-06-15 23:24 - 2013-06-15 23:24 - 00000000 ____A C:\Windows\setuperr.log
2013-06-15 22:35 - 2013-06-13 20:58 - 00000000 ____D C:\ProgramData\Norton
2013-06-15 00:03 - 2013-06-15 00:03 - 00001419 ____A C:\AdwCleaner[S4].txt
2013-06-15 00:03 - 2013-06-15 00:03 - 00001357 ____A C:\AdwCleaner[R6].txt
2013-06-14 07:24 - 2011-04-30 13:42 - 00001634 ____A C:\Windows\System32\ServiceFilter.ini
2013-06-14 00:09 - 2013-06-10 19:15 - 00000000 ____D C:\Users\Andreas\Srwrlosbyfn
2013-06-13 20:56 - 2012-04-11 15:03 - 00000000 ____D C:\Users\Andreas\Desktop\Praxisanleiter
2013-06-13 17:08 - 2011-05-24 20:47 - 00000000 ____D C:\Users\Andreas\AppData\Local\Windows Live
2013-06-12 19:56 - 2013-06-12 19:56 - 00028870 ____A C:\ComboFix.txt
2013-06-12 19:56 - 2013-06-12 18:31 - 00000000 ____D C:\Qoobox
2013-06-12 19:46 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-12 19:17 - 2013-04-02 23:40 - 00000000 ____D C:\Users\Andreas\Desktop\Avira bis 2015
2013-06-12 18:56 - 2013-06-10 22:14 - 00000000 ____D C:\JRT
2013-06-12 18:54 - 2011-05-23 23:08 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Skype
2013-06-12 18:48 - 2013-06-11 18:11 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Oazgurynj
2013-06-12 18:36 - 2013-06-12 18:35 - 00001273 ____A C:\AdwCleaner[S3].txt
2013-06-12 18:35 - 2013-06-12 18:35 - 00001210 ____A C:\AdwCleaner[R5].txt
2013-06-12 18:19 - 2013-06-12 18:18 - 00001176 ____A C:\AdwCleaner[R4].txt
2013-06-12 18:10 - 2013-06-12 18:07 - 00011264 __ASH C:\Users\Andreas\AppData\Roaming\Thumbs.db
2013-06-12 18:07 - 2009-08-04 12:40 - 00361126 ____A C:\Windows\System32\perfh00D.dat
2013-06-12 18:07 - 2009-08-04 12:40 - 00073354 ____A C:\Windows\System32\perfc00D.dat
2013-06-12 18:07 - 2009-08-04 12:34 - 00563312 ____A C:\Windows\System32\perfh008.dat
2013-06-12 18:07 - 2009-08-04 12:34 - 00095386 ____A C:\Windows\System32\perfc008.dat
2013-06-12 18:07 - 2009-08-04 12:28 - 00688874 ____A C:\Windows\System32\prfh0816.dat
2013-06-12 18:07 - 2009-08-04 12:28 - 00138816 ____A C:\Windows\System32\prfc0816.dat
2013-06-12 18:07 - 2009-08-04 12:22 - 00389086 ____A C:\Windows\System32\prfh0404.dat
2013-06-12 18:07 - 2009-08-04 12:22 - 00110648 ____A C:\Windows\System32\prfc0404.dat
2013-06-12 18:07 - 2009-08-04 12:15 - 00701528 ____A C:\Windows\System32\perfh013.dat
2013-06-12 18:07 - 2009-08-04 12:15 - 00138094 ____A C:\Windows\System32\perfc013.dat
2013-06-12 18:07 - 2009-08-04 12:09 - 00699566 ____A C:\Windows\System32\perfh010.dat
2013-06-12 18:07 - 2009-08-04 12:09 - 00132426 ____A C:\Windows\System32\perfc010.dat
2013-06-12 18:07 - 2009-08-04 12:03 - 00704516 ____A C:\Windows\System32\perfh00C.dat
2013-06-12 18:07 - 2009-08-04 12:03 - 00135236 ____A C:\Windows\System32\perfc00C.dat
2013-06-12 18:07 - 2009-08-04 11:57 - 00703528 ____A C:\Windows\System32\perfh00A.dat
2013-06-12 18:07 - 2009-08-04 11:57 - 00142870 ____A C:\Windows\System32\perfc00A.dat
2013-06-12 18:07 - 2009-08-04 11:51 - 00664868 ____A C:\Windows\System32\perfh007.dat
2013-06-12 18:07 - 2009-08-04 11:51 - 00135004 ____A C:\Windows\System32\perfc007.dat
2013-06-12 18:07 - 2009-07-14 07:13 - 07291496 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 17:15 - 2012-11-20 21:07 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:15 - 2011-08-20 21:25 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 00:11 - 2009-07-14 04:34 - 00000550 ____A C:\Windows\win.ini
2013-06-12 00:06 - 2011-06-09 00:03 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 19:55 - 2011-04-30 13:42 - 00002680 ____A C:\Windows\System32\AutoRunFilter.ini
2013-06-11 19:52 - 2013-06-11 19:52 - 00001090 ____A C:\AdwCleaner[S2].txt
2013-06-11 19:52 - 2013-06-11 19:52 - 00001027 ____A C:\AdwCleaner[R3].txt
2013-06-11 16:37 - 2013-06-10 20:36 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\BFD30963
2013-06-11 00:08 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-10 23:45 - 2013-06-10 23:45 - 00000000 ____D C:\_OTL
2013-06-10 23:14 - 2009-07-14 05:20 - 00000000 ___RD C:\users\Default
2013-06-10 23:12 - 2013-06-10 22:50 - 00000000 ____D C:\Windows\erdnt
2013-06-10 22:14 - 2013-06-10 22:14 - 00000000 ____D C:\Windows\ERUNT
2013-06-10 22:11 - 2013-06-10 22:11 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-10 22:11 - 2013-06-10 22:11 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-10 22:11 - 2013-06-10 22:11 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-10 22:11 - 2013-06-10 22:11 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-10 22:11 - 2013-01-12 22:40 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-10 22:11 - 2011-10-14 19:46 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-10 22:11 - 2011-10-14 19:30 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-10 22:01 - 2013-06-10 21:52 - 00018058 ____A C:\AdwCleaner[S1].txt
2013-06-10 21:52 - 2013-06-10 21:52 - 00018055 ____A C:\AdwCleaner[R2].txt
2013-06-10 21:48 - 2013-06-10 21:48 - 00017994 ____A C:\AdwCleaner[R1].txt
2013-06-10 21:41 - 2013-06-10 21:41 - 00000000 ____D C:\Users\Andreas\AppData\Local\Secunia PSI
2013-06-10 21:36 - 2013-06-10 21:36 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-10 21:11 - 2013-06-10 21:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-10 21:05 - 2013-06-10 21:05 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\WinPatrol
2013-06-10 21:05 - 2013-06-10 21:05 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-06-10 12:20 - 2012-06-25 12:15 - 00001076 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1485576863-2060095362-526887106-1002Core.job
2013-06-09 13:47 - 2013-06-09 13:47 - 00244609 ____A C:\Users\Andreas\Desktop\Bestellung KH und Protein Riegel für Marv.xps
2013-06-09 12:15 - 2011-09-21 14:11 - 00932352 __ASH C:\Users\Andreas\Desktop\Thumbs.db
2013-06-05 10:57 - 2012-10-13 00:04 - 00000000 ____D C:\Users\Andreas\Desktop\Facharbeit Marvin 2013
2013-05-31 16:31 - 2012-12-27 20:10 - 00000000 ____D C:\Users\Andreas\Desktop\Lokalisation HTC Marv Handy
2013-05-31 15:23 - 2013-05-31 15:22 - 00000000 ____D C:\Users\Andreas\Desktop\CAN Leitfäden
2013-05-31 15:22 - 2013-02-25 18:13 - 00000000 ____D C:\Users\Andreas\Desktop\Steuersachen 2013
2013-05-25 16:22 - 2012-07-17 00:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-24 18:16 - 2013-05-24 18:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-04 17:36

==================== End Of Log ====================
--- --- ---


Code:
OTL Extras logfile created on: 17.06.2013 11:54:29 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Andreas\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 54,75% Memory free
11,83 Gb Paging File | 9,16 Gb Available in Paging File | 77,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 84,56 Gb Free Space | 56,74% Space Free | Partition Type: NTFS
Drive D: | 425,64 Gb Total Space | 380,71 Gb Free Space | 89,44% Space Free | Partition Type: NTFS
Drive E: | 630,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ANDREAS-PC44 | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1485576863-2060095362-526887106-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06CFF941-9025-4B35-87E4-132B1F1F9247}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0B428D37-0744-4006-A2E2-25DC29D8F874}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{135A67E6-9714-4498-9335-F42F4D112DC9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{15BE0FA7-DEDB-46C4-A411-498B91EFF4D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1780A5D4-98CF-4932-AE4E-E5A7B936B20D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{210AA974-619D-4027-A61E-D0BE05BA0CE8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{21C6854E-1DCA-4007-8A8A-05A655EFCEF8}" = rport=138 | protocol=17 | dir=out | app=system |
"{259A8293-371B-4D91-AB8D-DE2D902ECB9D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{263F5ACC-B9D9-4A40-9A5D-7FB917D31AA0}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2878EFC4-AD33-49B9-9764-9C5BAD7E5C99}" = lport=445 | protocol=6 | dir=in | app=system |
"{2F7CB6AF-DACA-417D-8893-88A03B7961DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DDA452A-4DC4-46FB-B9FD-6D8FE83B94E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E03C594-FBBF-45E3-8E3A-3DB5A1C3899C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42639DEB-9FEF-4C5F-A084-3B1523AE7DAE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4670C3F6-CADF-4EA3-A2DB-4B0A035DA4E6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D1357F3-8F58-4826-B679-2CA4C5C618BE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5B825936-E320-4624-AB7A-1541D9887C97}" = lport=138 | protocol=17 | dir=in | app=system |
"{63AA7F98-AC37-4EA0-9051-ADE13248F69E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D228C1C-6D8A-4B5D-9D19-1740A8DF2EC2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{74BBFC29-70B7-413D-93FE-CB6D122609DD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8170C26D-BADF-4ED0-9874-6C26B7DCDD4A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8BACE71B-4810-47DB-9C4C-CBC1772922CA}" = lport=139 | protocol=6 | dir=in | app=system |
"{926D7B91-E09B-4C2A-B4F6-00B9FE413E16}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{944C14EA-C082-44E9-955D-F200F4C25FC2}" = rport=137 | protocol=17 | dir=out | app=system |
"{9C31FCB9-EFEE-4927-824A-CC36611B0E65}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA8B1E90-2685-4B5E-8FA5-DA6DEB305B14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF5C8932-C5FB-486C-9D89-5AF56B79E2A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B0A62E92-0919-4532-808E-F23E75891B6D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B0C16BB8-CF01-48CA-A937-E2B20A117B99}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B65965C5-1213-4996-89E3-E1E8EC5FB6C5}" = lport=137 | protocol=17 | dir=in | app=system |
"{BE3459B1-E756-4972-8A93-FE6F8E6E02E9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C7B95B7F-B28C-4F29-88BF-E2F89896629D}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{C8466699-3097-447D-95FC-E00CBFC10E7F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D107366F-34F9-4747-AF80-8D297627ABF5}" = rport=445 | protocol=6 | dir=out | app=system |
"{D44D32A0-9C08-4B1F-8659-07D46E60D55E}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{D463F188-3EB4-4981-86FB-8670041FFAF0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D49C0D78-EAB7-4387-9A5A-E98B15F98408}" = rport=2869 | protocol=6 | dir=out | app=system |
"{DBD4A77B-4C1E-4904-BFC5-3BA8069A9FFE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E54EB349-D154-4DC9-AFEA-6751265EB90B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E6B3DB47-6EEE-4F7C-BEAF-7EF219421F02}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E7DBBE06-8962-4D84-A8E4-55C3145C9206}" = rport=139 | protocol=6 | dir=out | app=system |
"{F084A771-C0E5-4B2C-9F6C-C6D9AC48A70C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F153CA84-B8E0-40EC-9770-8B62DBE266F8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4AB0774-D33F-433A-BCF9-E309D9C04793}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FCE02B01-A580-483D-AD1C-7213DF1D3A2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055BEE96-414C-48AD-88AD-94A780DD36CE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2CA24AEA-5A0A-443B-8669-D25A3A02FB27}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2F0FE4C5-8A58-4ACB-A0BE-EAF1AA15A367}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3A649E69-EDEF-49B4-8DD2-65E0AFBD7F43}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3BC841ED-DC7D-46F9-8923-1883CBA44710}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{45B17C05-369A-48E1-88CA-07F49EAC533F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4B71296A-2996-4849-9DEA-46BD3E881828}" = protocol=17 | dir=in | app=d:\exe\s4_main.exe |
"{53B17BB3-26F9-417D-960D-498BD54C7439}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5863A230-05BB-453E-8463-347136A246C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{60AADF4E-3730-4786-9ABF-6DC28749660E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A8648E5-380E-4A7F-8254-DBE0274EA970}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6E8AF695-0E6F-4257-82CD-A712CEE40E41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F09352C-6CF2-4F93-AA0D-AB9DFAEDE24D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{725818BC-A435-4482-897C-8C866FE184F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7C7B734F-D128-4677-8BF0-567C9AEF9C0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E887366-DAD8-462F-B60E-BFA4DCDE476D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{81DF3D55-3721-47AE-BEE7-D01115407D39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{874B802B-5C2A-4FEC-A41F-E7B8D41CEB73}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8A8BDB7C-D334-479E-AD22-47F41E4146DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A9A8B65-6703-4E12-BBF7-E8240A4D7E52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A95C4A0F-C048-4411-A03F-18AB997B1AFB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B6D10CEC-74F1-41BD-A362-802868CEA892}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{BB4A9717-D105-4006-94F3-4260AAE59F2E}" = protocol=6 | dir=out | app=system |
"{D585F064-6702-44C5-A711-CE62596D4451}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7910224-372E-450A-B7C6-EB4772FB0AB7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DF4AC741-64A6-4114-8C0E-840E2E57DEBB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F45D0459-E5A5-4EED-944A-3EBDC53FA4D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5877627-7439-4AE5-BF7A-15EAA07B385D}" = protocol=6 | dir=in | app=d:\exe\s4_main.exe |
"TCP Query User{0F8B028B-62A2-4DBA-A0BE-86CB7A5F523F}C:\program files (x86)\sony\media go\mediago.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\media go\mediago.exe |
"TCP Query User{380E47EF-C414-41CF-ACB0-5309FA0B55BA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{4731B345-3C61-4FFE-94D5-828CD348F9AB}C:\program files (x86)\sony\media go\mediago.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\media go\mediago.exe |
"TCP Query User{47B5A019-DB4E-4CFA-A515-78698DAFA6D6}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{5A7CA932-EE6F-429A-B5E7-53A63D74F2A2}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{8751244A-9BEA-48F6-AC4E-F8B8A1F4F476}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{9AD1FBE7-0430-49EC-91CB-D3B34877AF50}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{12261D0F-B525-4276-A9C7-9FB2A9AE7262}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{1FE1C813-961C-4151-A0BC-B4BABF1DA5F0}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{443EE8EB-7D37-4FE7-A9BB-70CE377984D4}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{79EB5F90-53BB-4F2D-8109-24FC47DA8EC1}C:\program files (x86)\sony\media go\mediago.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\media go\mediago.exe |
"UDP Query User{AE8521A8-A89B-4061-BEE5-E857311AC4C1}C:\program files (x86)\sony\media go\mediago.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\media go\mediago.exe |
"UDP Query User{CF808650-74E2-47C8-97CD-BCC7CF01AB58}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{F58DF4D1-1BE4-43D4-B34C-F6544870705F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2500_series" = Canon iP2500 series
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = PTP
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBC019AB-8349-42A2-AF5A-A8B759722E2F}" = Windows Live UX Platform Language Pack
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF344785-0900-471E-B9F5-6F28C89AF638}" = TAXMAN Bibliothek 2012
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F289D934-2224-473B-B57E-0040D2693F83}" = TAXMAN 2013
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_K Series_ENG" = AsusScr_K Series_ENG
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Canon iP2500 series Benutzerregistrierung" = Canon iP2500 series Benutzerregistrierung
"DivX Setup" = DivX-Setup
"ESI[tronic] DEMO_BV" = ESI[tronic] DEMO_BV
"GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SopCast" = SopCast 3.4.0
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WinLiveSuite" = Windows Live Essentials
"Yenka" = Yenka
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1485576863-2060095362-526887106-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.06.2013 13:10:42 | Computer Name = Andreas-PC44 | Source = VSS | ID = 13
Description =
 
Error - 16.06.2013 13:10:42 | Computer Name = Andreas-PC44 | Source = VSS | ID = 12292
Description =
 
Error - 16.06.2013 15:15:55 | Computer Name = Andreas-PC44 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Sony\Media Go\MediaGo.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST" in Zeile  3.  Die im Manifest gefundene
 Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.  Verweis:
 Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".  Definition:
 Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 16.06.2013 15:16:23 | Computer Name = Andreas-PC44 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Sony\Media Go\MediaGo.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST" in Zeile  3.  Die im Manifest gefundene
 Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.  Verweis:
 Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".  Definition:
 Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 16.06.2013 18:25:23 | Computer Name = Andreas-PC44 | Source = VSS | ID = 13
Description =
 
Error - 16.06.2013 18:25:23 | Computer Name = Andreas-PC44 | Source = VSS | ID = 12292
Description =
 
Error - 16.06.2013 18:25:23 | Computer Name = Andreas-PC44 | Source = VSS | ID = 8193
Description =
 
Error - 16.06.2013 18:25:23 | Computer Name = Andreas-PC44 | Source = System Restore | ID = 8193
Description =
 
Error - 17.06.2013 05:12:02 | Computer Name = Andreas-PC44 | Source = VSS | ID = 13
Description =
 
Error - 17.06.2013 05:12:02 | Computer Name = Andreas-PC44 | Source = VSS | ID = 12292
Description =
 
[ System Events ]
Error - 17.06.2013 04:37:47 | Computer Name = Andreas-PC44 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet:  %%1053
 
Error - 17.06.2013 04:37:47 | Computer Name = Andreas-PC44 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 17.06.2013 04:39:24 | Computer Name = Andreas-PC44 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 17.06.2013 04:40:25 | Computer Name = Andreas-PC44 | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 17.06.2013 04:40:25 | Computer Name = Andreas-PC44 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 17.06.2013 05:05:21 | Computer Name = Andreas-PC44 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WerSvc erreicht.
 
Error - 17.06.2013 05:05:51 | Computer Name = Andreas-PC44 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WerSvc erreicht.
 
Error - 17.06.2013 05:06:21 | Computer Name = Andreas-PC44 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WerSvc erreicht.
 
Error - 17.06.2013 05:55:06 | Computer Name = Andreas-PC44 | Source = ipnathlp | ID = 31004
Description =
 
Error - 17.06.2013 05:55:06 | Computer Name = Andreas-PC44 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
 
< End of report >
MfG
Andreas

schrauber 17.06.2013 11:20
Hi,

wer hat denn da schon am System rumgefingert mit Combofix und co?

andparch 17.06.2013 11:29
Hallo,

berechtigte Frage. Ich war das natürlich. Was nun?

Gruß
Andreas

schrauber 17.06.2013 11:57
Ich muss nur wissen ob da nicht noch ein anderer Helfer eines anderen Boards dran rum macht :).

Ab jetzt dann Finger weg von dem System ;)


Combofix löschen.
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

andparch 17.06.2013 12:25
Hallo,

hier die Ergebnisse von Combofix: Es gab aber eine Meldung das die Registry gesperrt wird. Hatte Avira und Malwarebyte deaktiviert.

Code:
ComboFix 13-06-17.01 - Andreas 17.06.2013  13:14:06.3.8 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.6056.3492 [GMT 2:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-17 bis 2013-06-17  ))))))))))))))))))))))))))))))
.
.
2013-06-17 11:18 . 2013-06-17 11:18        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-06-17 11:18 . 2013-06-17 11:18        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-17 09:07 . 2013-06-17 09:07        --------        d-----w-        C:\FRST
2013-06-15 21:18 . 2013-05-13 23:48        9460464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1ED2C31-DF78-40E8-A0A3-744A9683DE6B}\mpengine.dll
2013-06-13 19:23 . 2013-06-15 20:29        --------        d-----w-        c:\program files (x86)\Common Files\Symantec Shared
2013-06-13 18:58 . 2013-06-15 20:35        --------        d-----w-        c:\programdata\Norton
2013-06-11 16:11 . 2013-06-12 16:48        --------        d-----w-        c:\users\Andreas\AppData\Roaming\Oazgurynj
2013-06-10 22:02 . 2013-02-22 06:12        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2013-06-10 22:02 . 2013-02-22 03:31        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-06-10 22:02 . 2013-02-22 07:04        182896        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll
2013-06-10 22:02 . 2013-02-22 06:18        996352        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-10 22:02 . 2013-02-22 06:13        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2013-06-10 22:02 . 2013-02-22 04:10        149616        ----a-w-        c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-10 22:02 . 2013-02-22 03:36        768512        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-10 22:02 . 2013-02-22 03:34        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-06-10 21:45 . 2013-06-10 21:45        --------        d-----w-        C:\_OTL
2013-06-10 20:14 . 2013-06-10 20:14        --------        d-----w-        c:\windows\ERUNT
2013-06-10 20:14 . 2013-06-12 16:56        --------        d-----w-        C:\JRT
2013-06-10 20:11 . 2013-06-10 20:11        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-10 19:41 . 2013-06-10 19:41        --------        d-----w-        c:\users\Andreas\AppData\Local\Secunia PSI
2013-06-10 19:36 . 2013-06-10 19:36        --------        d-----w-        c:\program files (x86)\Secunia
2013-06-10 19:32 . 2013-02-12 15:37        3138048        ----a-w-        c:\windows\system32\mstscax.dll
2013-06-10 19:31 . 2013-02-12 15:13        2691072        ----a-w-        c:\windows\SysWow64\mstscax.dll
2013-06-10 19:31 . 2013-02-12 15:31        158208        ----a-w-        c:\windows\system32\aaclient.dll
2013-06-10 19:31 . 2013-02-12 15:07        131072        ----a-w-        c:\windows\SysWow64\aaclient.dll
2013-06-10 19:31 . 2013-02-12 15:42        44032        ----a-w-        c:\windows\system32\tsgqec.dll
2013-06-10 19:31 . 2013-02-12 13:59        36864        ----a-w-        c:\windows\SysWow64\tsgqec.dll
2013-06-10 19:31 . 2013-03-01 03:32        3150848        ----a-w-        c:\windows\system32\win32k.sys
2013-06-10 19:31 . 2013-04-12 14:36        1653096        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-06-10 19:30 . 2013-01-24 05:41        223752        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2013-06-10 19:30 . 2013-03-19 06:19        5497688        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-06-10 19:30 . 2013-03-19 05:54        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-06-10 19:30 . 2013-03-19 05:06        3958120        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-06-10 19:30 . 2013-03-19 05:06        3902312        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-06-10 19:30 . 2013-03-19 03:19        112640        ----a-w-        c:\windows\system32\smss.exe
2013-06-10 19:30 . 2013-03-19 04:53        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-06-10 19:11 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-06-10 19:11 . 2013-06-10 19:11        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-10 19:05 . 2013-06-10 19:05        --------        d-----w-        c:\users\Andreas\AppData\Roaming\WinPatrol
2013-06-10 19:05 . 2013-06-10 19:05        --------        d-----w-        c:\program files (x86)\BillP Studios
2013-06-10 18:36 . 2013-06-11 14:37        --------        d-----w-        c:\users\Andreas\AppData\Roaming\BFD30963
2013-06-10 17:15 . 2013-06-13 22:09        --------        d-----w-        c:\users\Andreas\Srwrlosbyfn
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 15:15 . 2012-11-20 19:07        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 15:15 . 2011-08-20 19:25        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 22:06 . 2011-06-08 22:03        75825640        ----a-w-        c:\windows\system32\MRT.exe
2013-06-10 20:11 . 2013-01-12 20:40        866720        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-06-10 20:11 . 2011-10-14 17:30        788896        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-05-06 13:33 . 2013-05-06 13:34        83160        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-05-02 06:05 . 2010-06-24 18:33        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2011-05-24 18:19        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-09 15:30 . 2011-04-30 11:45        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2013-04-03 11:02 . 2012-01-27 19:15        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-04-03 11:02 . 2012-01-27 19:15        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-04-03 11:02 . 2012-02-04 14:47        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-03-28 16:36 . 2013-03-28 16:39        28672        ----a-w-        c:\windows\system32\drivers\ew_juextctrl.sys
2013-03-28 16:36 . 2013-03-28 16:39        98816        ----a-w-        c:\windows\system32\drivers\ew_jucdcacm.sys
2013-03-28 16:36 . 2013-03-28 16:39        86016        ----a-w-        c:\windows\system32\drivers\ew_jubusenum.sys
2013-03-28 16:36 . 2013-03-28 16:39        69632        ----a-w-        c:\windows\system32\drivers\ew_jucdcecm.sys
2013-03-28 16:36 . 2013-03-28 16:39        415744        ----a-w-        c:\windows\system32\drivers\ewusbwwan.sys
2013-03-28 16:36 . 2013-03-28 16:39        22016        ----a-w-        c:\windows\system32\drivers\ew_hwupgrade.sys
2013-03-28 16:36 . 2013-03-28 16:39        212992        ----a-w-        c:\windows\system32\drivers\ew_juwwanecm.sys
2013-03-28 16:36 . 2013-03-28 16:39        13952        ----a-w-        c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-03-28 16:36 . 2013-03-28 16:39        117248        ----a-w-        c:\windows\system32\drivers\ew_hwusbdev.sys
2013-03-28 16:36 . 2013-03-28 16:39        1001472        ----a-w-        c:\windows\system32\drivers\mod7700.sys
2013-03-28 16:36 . 2013-03-28 16:39        1490656        ----a-w-        c:\windows\system32\WdfCoInstaller01007.dll
2013-03-28 16:36 . 2013-03-28 16:39        1490656        ----a-w-        c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-03-28 16:36 . 2013-03-28 16:39        32768        ----a-w-        c:\windows\system32\drivers\ewdcsc.sys
2013-03-28 16:36 . 2013-03-28 16:39        222464        ----a-w-        c:\windows\system32\drivers\ewusbmdm.sys
2013-03-21 12:30 . 2013-03-21 12:30        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-03-21 12:30 . 2013-03-21 12:30        130016        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-03-21 12:30 . 2013-03-21 12:30        100712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-06 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"ATKMEDIA"=c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
"Wireless Console 3"=c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1029bus.sys [x]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1029mdfl.sys [x]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1029mdm.sys [x]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1029mgmt.sys [x]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1029nd5.sys [x]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1029obex.sys [x]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1029unic.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-20 15:15]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 10:22]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 10:22]
.
2013-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1485576863-2060095362-526887106-1002Core.job
- c:\users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 19:54]
.
2013-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1485576863-2060095362-526887106-1002UA.job
- c:\users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 19:54]
.
2013-06-17 c:\windows\Tasks\TNYCTYUAB.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://go.gmx.net/br/ie9_startpage
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{46BB8659-DF41-489B-A8AD-A4AA35C6C20B}\64259445A51224F6870264F6E60275C414E40273237303: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{BB278452-0C5B-43B2-A317-F02F6C9A75DD}: NameServer = 193.189.244.206 193.189.244.225
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\x3fl6gny.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1485576863-2060095362-526887106-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c3,c8,64,a2,5f,e9,b6,3f,20,f0,75,fb,10,27,ff,27,2d,1f,09,c9,ce,3f,a3,
  c1,03,c8,04,1e,e0,b5,86,3b,59,ef,66,9c,f6,ab,db,33,79,6b,cd,91,5e,19,80,86,\
"??"=hex:7e,45,d9,11,83,11,2b,42,be,37,75,6d,5b,42,ea,90
.
[HKEY_USERS\S-1-5-21-1485576863-2060095362-526887106-1002\Software\SecuROM\License information*]
"datasecu"=hex:e0,21,ec,9a,af,8d,c8,e2,f0,23,4a,b0,a6,8d,cd,d9,fa,8f,17,58,2d,
  64,f5,9d,90,4c,a9,19,52,6f,a4,60,a8,0c,9b,c0,08,43,d7,09,9a,88,06,33,8d,42,\
"rkeysecu"=hex:c3,c6,14,18,75,95,3e,19,39,35,d7,1b,06,94,ab,10
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-17  13:20:45
ComboFix-quarantined-files.txt  2013-06-17 11:20
ComboFix2.txt  2013-06-12 17:56
.
Vor Suchlauf: 21 Verzeichnis(se), 90.864.451.584 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 90.552.893.440 Bytes frei
.
- - End Of File - - 5EE8CD4F93D2A88B65537E991EC4F5E0
D41D8CD98F00B204E9800998ECF8427E
Gruß
Andreas

schrauber 17.06.2013 12:54
Zitat:
Es gab aber eine Meldung das die Registry gesperrt wird
Nach dem Lauf von Combofix? Das ist normal, einfach rebooten :)

Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    Folder::
    c:\users\Andreas\AppData\Roaming\Oazgurynj
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

andparch 17.06.2013 14:05
Hallo,

hier die Ergebnisse vom erneuten Scan mit Combofix:
Code:
ComboFix 13-06-17.01 - Andreas 17.06.2013  14:53:25.4.8 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.6056.4218 [GMT 2:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Andreas\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andreas\AppData\Roaming\Oazgurynj
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-17 bis 2013-06-17  ))))))))))))))))))))))))))))))
.
.
2013-06-17 12:59 . 2013-06-17 12:59        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-06-17 12:59 . 2013-06-17 12:59        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-17 09:07 . 2013-06-17 09:07        --------        d-----w-        C:\FRST
2013-06-15 21:18 . 2013-05-13 23:48        9460464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1ED2C31-DF78-40E8-A0A3-744A9683DE6B}\mpengine.dll
2013-06-13 19:23 . 2013-06-15 20:29        --------        d-----w-        c:\program files (x86)\Common Files\Symantec Shared
2013-06-13 18:58 . 2013-06-15 20:35        --------        d-----w-        c:\programdata\Norton
2013-06-10 22:02 . 2013-02-22 06:12        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2013-06-10 22:02 . 2013-02-22 03:31        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-06-10 22:02 . 2013-02-22 07:04        182896        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll
2013-06-10 22:02 . 2013-02-22 06:18        996352        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-10 22:02 . 2013-02-22 06:13        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2013-06-10 22:02 . 2013-02-22 04:10        149616        ----a-w-        c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-10 22:02 . 2013-02-22 03:36        768512        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-10 22:02 . 2013-02-22 03:34        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-06-10 21:45 . 2013-06-10 21:45        --------        d-----w-        C:\_OTL
2013-06-10 20:14 . 2013-06-10 20:14        --------        d-----w-        c:\windows\ERUNT
2013-06-10 20:14 . 2013-06-12 16:56        --------        d-----w-        C:\JRT
2013-06-10 20:11 . 2013-06-10 20:11        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-10 19:41 . 2013-06-10 19:41        --------        d-----w-        c:\users\Andreas\AppData\Local\Secunia PSI
2013-06-10 19:36 . 2013-06-10 19:36        --------        d-----w-        c:\program files (x86)\Secunia
2013-06-10 19:32 . 2013-02-12 15:37        3138048        ----a-w-        c:\windows\system32\mstscax.dll
2013-06-10 19:31 . 2013-02-12 15:13        2691072        ----a-w-        c:\windows\SysWow64\mstscax.dll
2013-06-10 19:31 . 2013-02-12 15:31        158208        ----a-w-        c:\windows\system32\aaclient.dll
2013-06-10 19:31 . 2013-02-12 15:07        131072        ----a-w-        c:\windows\SysWow64\aaclient.dll
2013-06-10 19:31 . 2013-02-12 15:42        44032        ----a-w-        c:\windows\system32\tsgqec.dll
2013-06-10 19:31 . 2013-02-12 13:59        36864        ----a-w-        c:\windows\SysWow64\tsgqec.dll
2013-06-10 19:31 . 2013-03-01 03:32        3150848        ----a-w-        c:\windows\system32\win32k.sys
2013-06-10 19:31 . 2013-04-12 14:36        1653096        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-06-10 19:30 . 2013-01-24 05:41        223752        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2013-06-10 19:30 . 2013-03-19 06:19        5497688        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-06-10 19:30 . 2013-03-19 05:54        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-06-10 19:30 . 2013-03-19 05:06        3958120        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-06-10 19:30 . 2013-03-19 05:06        3902312        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-06-10 19:30 . 2013-03-19 03:19        112640        ----a-w-        c:\windows\system32\smss.exe
2013-06-10 19:30 . 2013-03-19 04:53        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-06-10 19:11 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-06-10 19:11 . 2013-06-10 19:11        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-10 19:05 . 2013-06-10 19:05        --------        d-----w-        c:\users\Andreas\AppData\Roaming\WinPatrol
2013-06-10 19:05 . 2013-06-10 19:05        --------        d-----w-        c:\program files (x86)\BillP Studios
2013-06-10 18:36 . 2013-06-11 14:37        --------        d-----w-        c:\users\Andreas\AppData\Roaming\BFD30963
2013-06-10 17:15 . 2013-06-13 22:09        --------        d-----w-        c:\users\Andreas\Srwrlosbyfn
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 15:15 . 2012-11-20 19:07        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 15:15 . 2011-08-20 19:25        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 22:06 . 2011-06-08 22:03        75825640        ----a-w-        c:\windows\system32\MRT.exe
2013-06-10 20:11 . 2013-01-12 20:40        866720        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-06-10 20:11 . 2011-10-14 17:30        788896        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-05-06 13:33 . 2013-05-06 13:34        83160        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-05-02 06:05 . 2010-06-24 18:33        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2011-05-24 18:19        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-09 15:30 . 2011-04-30 11:45        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2013-04-03 11:02 . 2012-01-27 19:15        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-04-03 11:02 . 2012-01-27 19:15        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-04-03 11:02 . 2012-02-04 14:47        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-03-28 16:36 . 2013-03-28 16:39        28672        ----a-w-        c:\windows\system32\drivers\ew_juextctrl.sys
2013-03-28 16:36 . 2013-03-28 16:39        98816        ----a-w-        c:\windows\system32\drivers\ew_jucdcacm.sys
2013-03-28 16:36 . 2013-03-28 16:39        86016        ----a-w-        c:\windows\system32\drivers\ew_jubusenum.sys
2013-03-28 16:36 . 2013-03-28 16:39        69632        ----a-w-        c:\windows\system32\drivers\ew_jucdcecm.sys
2013-03-28 16:36 . 2013-03-28 16:39        415744        ----a-w-        c:\windows\system32\drivers\ewusbwwan.sys
2013-03-28 16:36 . 2013-03-28 16:39        22016        ----a-w-        c:\windows\system32\drivers\ew_hwupgrade.sys
2013-03-28 16:36 . 2013-03-28 16:39        212992        ----a-w-        c:\windows\system32\drivers\ew_juwwanecm.sys
2013-03-28 16:36 . 2013-03-28 16:39        13952        ----a-w-        c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-03-28 16:36 . 2013-03-28 16:39        117248        ----a-w-        c:\windows\system32\drivers\ew_hwusbdev.sys
2013-03-28 16:36 . 2013-03-28 16:39        1001472        ----a-w-        c:\windows\system32\drivers\mod7700.sys
2013-03-28 16:36 . 2013-03-28 16:39        1490656        ----a-w-        c:\windows\system32\WdfCoInstaller01007.dll
2013-03-28 16:36 . 2013-03-28 16:39        1490656        ----a-w-        c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-03-28 16:36 . 2013-03-28 16:39        32768        ----a-w-        c:\windows\system32\drivers\ewdcsc.sys
2013-03-28 16:36 . 2013-03-28 16:39        222464        ----a-w-        c:\windows\system32\drivers\ewusbmdm.sys
2013-03-21 12:30 . 2013-03-21 12:30        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-03-21 12:30 . 2013-03-21 12:30        130016        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-03-21 12:30 . 2013-03-21 12:30        100712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-06 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"ATKMEDIA"=c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
"Wireless Console 3"=c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1029bus.sys [x]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1029mdfl.sys [x]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1029mdm.sys [x]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1029mgmt.sys [x]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1029nd5.sys [x]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1029obex.sys [x]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1029unic.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-20 15:15]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 10:22]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 10:22]
.
2013-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1485576863-2060095362-526887106-1002Core.job
- c:\users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 19:54]
.
2013-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1485576863-2060095362-526887106-1002UA.job
- c:\users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 19:54]
.
2013-06-17 c:\windows\Tasks\TNYCTYUAB.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://go.gmx.net/br/ie9_startpage
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{46BB8659-DF41-489B-A8AD-A4AA35C6C20B}\64259445A51224F6870264F6E60275C414E40273237303: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{BB278452-0C5B-43B2-A317-F02F6C9A75DD}: NameServer = 193.189.244.206 193.189.244.225
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\x3fl6gny.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
  89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
  d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
  43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
  1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
  36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
  72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
  9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
  aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
  aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
  d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
  f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4f,9c,9e,30,54,a1,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,93,a5,32,40,04,23,46,a2,35,47,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,93,a5,32,40,04,23,46,a2,35,47,\
.
[HKEY_USERS\S-1-5-21-1485576863-2060095362-526887106-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c3,c8,64,a2,5f,e9,b6,3f,20,f0,75,fb,10,27,ff,27,2d,1f,09,c9,ce,3f,a3,
  c1,03,c8,04,1e,e0,b5,86,3b,59,ef,66,9c,f6,ab,db,33,79,6b,cd,91,5e,19,80,86,\
"??"=hex:7e,45,d9,11,83,11,2b,42,be,37,75,6d,5b,42,ea,90
.
[HKEY_USERS\S-1-5-21-1485576863-2060095362-526887106-1002\Software\SecuROM\License information*]
"datasecu"=hex:e0,21,ec,9a,af,8d,c8,e2,f0,23,4a,b0,a6,8d,cd,d9,fa,8f,17,58,2d,
  64,f5,9d,90,4c,a9,19,52,6f,a4,60,a8,0c,9b,c0,08,43,d7,09,9a,88,06,33,8d,42,\
"rkeysecu"=hex:c3,c6,14,18,75,95,3e,19,39,35,d7,1b,06,94,ab,10
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-17  15:01:47
ComboFix-quarantined-files.txt  2013-06-17 13:01
ComboFix2.txt  2013-06-17 11:20
ComboFix3.txt  2013-06-12 17:56
.
Vor Suchlauf: 21 Verzeichnis(se), 90.789.761.024 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 90.701.029.376 Bytes frei
.
- - End Of File - - FBE08A6C0DA61C7825AEB736BF2EC70E
D41D8CD98F00B204E9800998ECF8427E
Gruß
Andreas

Hallo,

hier die Ergebnisse vom erneuten Scan mit Combofix:

[CODE]ComboFix 13-06-17.01 - Andreas 17.06.2013 14:53:25.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.6056.4218 [GMT 2:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Andreas\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andreas\AppData\Roaming\Oazgurynj
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-17 bis 2013-06-17 ))))))))))))))))))))))))))))))
.
.
2013-06-17 12:59 . 2013-06-17 12:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-17 12:59 . 2013-06-17 12:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-17 09:07 . 2013-06-17 09:07 -------- d-----w- C:\FRST
2013-06-15 21:18 . 2013-05-13 23:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1ED2C31-DF78-40E8-A0A3-744A9683DE6B}\mpengine.dll
2013-06-13 19:23 . 2013-06-15 20:29 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-06-13 18:58 . 2013-06-15 20:35 -------- d-----w- c:\programdata\Norton
2013-06-10 22:02 . 2013-02-22 06:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-10 22:02 . 2013-02-22 03:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-10 22:02 . 2013-02-22 07:04 182896 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-10 22:02 . 2013-02-22 06:18 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-10 22:02 . 2013-02-22 06:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-10 22:02 . 2013-02-22 04:10 149616 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-10 22:02 . 2013-02-22 03:36 768512 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-10 22:02 . 2013-02-22 03:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-10 21:45 . 2013-06-10 21:45 -------- d-----w- C:\_OTL
2013-06-10 20:14 . 2013-06-10 20:14 -------- d-----w- c:\windows\ERUNT
2013-06-10 20:14 . 2013-06-12 16:56 -------- d-----w- C:\JRT
2013-06-10 20:11 . 2013-06-10 20:11 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-10 19:41 . 2013-06-10 19:41 -------- d-----w- c:\users\Andreas\AppData\Local\Secunia PSI
2013-06-10 19:36 . 2013-06-10 19:36 -------- d-----w- c:\program files (x86)\Secunia
2013-06-10 19:32 . 2013-02-12 15:37 3138048 ----a-w- c:\windows\system32\mstscax.dll
2013-06-10 19:31 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-06-10 19:31 . 2013-02-12 15:31 158208 ----a-w- c:\windows\system32\aaclient.dll
2013-06-10 19:31 . 2013-02-12 15:07 131072 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-06-10 19:31 . 2013-02-12 15:42 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-06-10 19:31 . 2013-02-12 13:59 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-06-10 19:31 . 2013-03-01 03:32 3150848 ----a-w- c:\windows\system32\win32k.sys
2013-06-10 19:31 . 2013-04-12 14:36 1653096 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-06-10 19:30 . 2013-01-24 05:41 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-06-10 19:30 . 2013-03-19 06:19 5497688 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-10 19:30 . 2013-03-19 05:54 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-06-10 19:30 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-06-10 19:30 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-06-10 19:30 . 2013-03-19 03:19 112640 ----a-w- c:\windows\system32\smss.exe
2013-06-10 19:30 . 2013-03-19 04:53 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-06-10 19:11 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-10 19:11 . 2013-06-10 19:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-10 19:05 . 2013-06-10 19:05 -------- d-----w- c:\users\Andreas\AppData\Roaming\WinPatrol
2013-06-10 19:05 . 2013-06-10 19:05 -------- d-----w- c:\program files (x86)\BillP Studios
2013-06-10 18:36 . 2013-06-11 14:37 -------- d-----w- c:\users\Andreas\AppData\Roaming\BFD30963
2013-06-10 17:15 . 2013-06-13 22:09 -------- d-----w- c:\users\Andreas\Srwrlosbyfn
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 15:15 . 2012-11-20 19:07 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 15:15 . 2011-08-20 19:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 22:06 . 2011-06-08 22:03 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-10 20:11 . 2013-01-12 20:40 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-10 20:11 . 2011-10-14 17:30 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-06 13:33 . 2013-05-06 13:34 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 06:05 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2011-05-24 18:19 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-09 15:30 . 2011-04-30 11:45 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-04-03 11:02 . 2012-01-27 19:15 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-04-03 11:02 . 2012-01-27 19:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-04-03 11:02 . 2012-02-04 14:47 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-03-28 16:36 . 2013-03-28 16:39 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2013-03-28 16:36 . 2013-03-28 16:39 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2013-03-28 16:36 . 2013-03-28 16:39 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2013-03-28 16:36 . 2013-03-28 16:39 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2013-03-28 16:36 . 2013-03-28 16:39 415744 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2013-03-28 16:36 . 2013-03-28 16:39 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2013-03-28 16:36 . 2013-03-28 16:39 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2013-03-28 16:36 . 2013-03-28 16:39 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-03-28 16:36 . 2013-03-28 16:39 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2013-03-28 16:36 . 2013-03-28 16:39 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2013-03-28 16:36 . 2013-03-28 16:39 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-03-28 16:36 . 2013-03-28 16:39 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-03-28 16:36 . 2013-03-28 16:39 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-03-28 16:36 . 2013-03-28 16:39 222464 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-03-21 12:30 . 2013-03-21 12:30 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-21 12:30 . 2013-03-21 12:30 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-21 12:30 . 2013-03-21 12:30 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-06 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"ATKMEDIA"=c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
"Wireless Console 3"=c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1029bus.sys [x]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1029mdfl.sys [x]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1029mdm.sys [x]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1029mgmt.sys [x]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1029nd5.sys [x]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1029obex.sys [x]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1029unic.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-20 15:15]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 10:22]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 10:22]
.
2013-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1485576863-2060095362-526887106-1002Core.job
- c:\users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 19:54]
.
2013-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1485576863-2060095362-526887106-1002UA.job
- c:\users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 19:54]
.
2013-06-17 c:\windows\Tasks\TNYCTYUAB.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://go.gmx.net/br/ie9_startpage
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{46BB8659-DF41-489B-A8AD-A4AA35C6C20B}\64259445A51224F6870264F6E60275C414E40273237303: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{BB278452-0C5B-43B2-A317-F02F6C9A75DD}: NameServer = 193.189.244.206 193.189.244.225
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\x3fl6gny.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4f,9c,9e,30,54,a1,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,93,a5,32,40,04,23,46,a2,35,47,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,93,a5,32,40,04,23,46,a2,35,47,\
.
[HKEY_USERS\S-1-5-21-1485576863-2060095362-526887106-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c3,c8,64,a2,5f,e9,b6,3f,20,f0,75,fb,10,27,ff,27,2d,1f,09,c9,ce,3f,a3,
c1,03,c8,04,1e,e0,b5,86,3b,59,ef,66,9c,f6,ab,db,33,79,6b,cd,91,5e,19,80,86,\
"??"=hex:7e,45,d9,11,83,11,2b,42,be,37,75,6d,5b,42,ea,90
.
[HKEY_USERS\S-1-5-21-1485576863-2060095362-526887106-1002\Software\SecuROM\License information*]
"datasecu"=hex:e0,21,ec,9a,af,8d,c8,e2,f0,23,4a,b0,a6,8d,cd,d9,fa,8f,17,58,2d,
64,f5,9d,90,4c,a9,19,52,6f,a4,60,a8,0c,9b,c0,08,43,d7,09,9a,88,06,33,8d,42,\
"rkeysecu"=hex:c3,c6,14,18,75,95,3e,19,39,35,d7,1b,06,94,ab,10
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-17 15:01:47
ComboFix-quarantined-files.txt 2013-06-17 13:01
ComboFix2.txt 2013-06-17 11:20
ComboFix3.txt 2013-06-12 17:56
.
Vor Suchlauf: 21 Verzeichnis(se), 90.789.761.024 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 90.701.029.376 Bytes frei
.
- - End Of File - - FBE08A6C0DA61C7825AEB736BF2EC70E
D41D8CD98F00B204E9800998ECF8427E
[CODE]

schrauber 17.06.2013 16:40
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

andparch 17.06.2013 18:50
Hallo,

die ersten Ergebnisse:

Code:
# AdwCleaner v2.303 - Datei am 17/06/2013 um 19:22:32 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Andreas - ANDREAS-PC44
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andreas\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\x3fl6gny.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [17994 octets] - [10/06/2013 21:48:12]
AdwCleaner[R2].txt - [18055 octets] - [10/06/2013 21:52:02]
AdwCleaner[R3].txt - [1027 octets] - [11/06/2013 19:52:30]
AdwCleaner[R4].txt - [1176 octets] - [12/06/2013 18:18:53]
AdwCleaner[R5].txt - [1210 octets] - [12/06/2013 18:35:44]
AdwCleaner[R6].txt - [1357 octets] - [15/06/2013 00:03:07]
AdwCleaner[S1].txt - [18058 octets] - [10/06/2013 21:52:25]
AdwCleaner[S2].txt - [1090 octets] - [11/06/2013 19:52:48]
AdwCleaner[S3].txt - [1273 octets] - [12/06/2013 18:35:55]
AdwCleaner[S4].txt - [1419 octets] - [15/06/2013 00:03:44]
AdwCleaner[S5].txt - [1322 octets] - [17/06/2013 19:22:32]

########## EOF - C:\AdwCleaner[S5].txt - [1382 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Andreas on 17.06.2013 at 19:31:58,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\x3fl6gny.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.06.2013 at 19:34:37,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gruß
Andreas

schrauber 17.06.2013 19:08
Dann weiter :)

andparch 17.06.2013 21:04
Hallo,

Code:
# AdwCleaner v2.303 - Datei am 17/06/2013 um 19:22:32 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Andreas - ANDREAS-PC44
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andreas\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\x3fl6gny.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [17994 octets] - [10/06/2013 21:48:12]
AdwCleaner[R2].txt - [18055 octets] - [10/06/2013 21:52:02]
AdwCleaner[R3].txt - [1027 octets] - [11/06/2013 19:52:30]
AdwCleaner[R4].txt - [1176 octets] - [12/06/2013 18:18:53]
AdwCleaner[R5].txt - [1210 octets] - [12/06/2013 18:35:44]
AdwCleaner[R6].txt - [1357 octets] - [15/06/2013 00:03:07]
AdwCleaner[S1].txt - [18058 octets] - [10/06/2013 21:52:25]
AdwCleaner[S2].txt - [1090 octets] - [11/06/2013 19:52:48]
AdwCleaner[S3].txt - [1273 octets] - [12/06/2013 18:35:55]
AdwCleaner[S4].txt - [1419 octets] - [15/06/2013 00:03:44]
AdwCleaner[S5].txt - [1322 octets] - [17/06/2013 19:22:32]

########## EOF - C:\AdwCleaner[S5].txt - [1382 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Andreas on 17.06.2013 at 19:31:58,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\x3fl6gny.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.06.2013 at 19:34:37,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ee1a1647a2b5e34d9cccac7ba902956e
# engine=14097
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-17 05:57:52
# local_time=2013-06-17 07:57:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 23120 123121722 0 0
# scanned=1478
# found=0
# cleaned=0
# scan_time=46
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ee1a1647a2b5e34d9cccac7ba902956e
# engine=14097
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-17 07:56:04
# local_time=2013-06-17 09:56:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 30212 123128814 0 0
# scanned=363492
# found=0
# cleaned=0
# scan_time=7067
Gruß
Andreas

Hallo,

das Erbgebnis von Security Check.

Code:
UNSUPPORTED OPERATING SYSTEM! ABORTED!
Gruß
Andreas

Hallo,

nun nochmal das Ergebnis von FRST. War mein Laptop noch infiziert? Kann ich denn nun wieder ohne Bedenken das Internet / Online Banking nutzen?

Danke schon mal für die Hilfe. Super Sache von euch.


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2013 01
Ran by Andreas (administrator) on 17-06-2013 22:15:30
Running from C:\Users\Andreas\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKCU\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [423144 2013-04-27] (BillP Studios)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-06] (Avira Operations GmbH & Co. KG)
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-06] (Acresso Corporation)
HKU\UpdatusUser\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\UpdatusUser\...\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKU\UpdatusUser\...\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup [44544 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/br/ie9_startpage
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: GMX Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -  No File
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - GMX Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: haufereader - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: haufereader - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{BB278452-0C5B-43B2-A317-F02F6C9A75DD}: [NameServer]193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\x3fl6gny.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @ei.TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Extension: TVU Web Player - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\x3fl6gny.default\Extensions\firefox@tvunetworks.com
FF Extension: speedanalysis02 - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\x3fl6gny.default\Extensions\speedanalysis02@SpeedAnalysis.com.xpi

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [371768 2013-05-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [562744 2013-05-06] (Avira Operations GmbH & Co. KG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-03-28] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S3 TuneUp.Defrag; %SystemRoot%\System32\TuneUpDefragService.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-21] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [116264 2009-05-25] (MCCI Corporation)
S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [19496 2009-05-25] (MCCI Corporation)
S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [158760 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [139304 2009-05-25] (MCCI Corporation)
S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [34856 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [135208 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [151592 2009-05-25] (MCCI Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-17 22:11 - 2013-06-17 22:11 - 00890839 ____A C:\Users\Andreas\Desktop\SecurityCheck.exe
2013-06-17 19:29 - 2013-06-17 19:29 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Andreas\Desktop\JRT.exe
2013-06-17 19:22 - 2013-06-17 19:23 - 00001451 ____A C:\AdwCleaner[S5].txt
2013-06-17 19:22 - 2013-06-17 19:22 - 00000000 ____D C:\Users\Andreas\AppData\Local\CrashDumps
2013-06-17 19:21 - 2013-06-17 19:21 - 00648201 ____A C:\Users\Andreas\Desktop\adwcleaner.exe
2013-06-17 15:01 - 2013-06-17 15:01 - 00028615 ____A C:\ComboFix.txt
2013-06-17 11:59 - 2013-06-17 11:59 - 01926844 ____A (Farbar) C:\Users\Andreas\Downloads\FRST64(1).exe
2013-06-17 11:53 - 2013-06-17 11:53 - 00000000 ____A C:\Users\Andreas\defogger_reenable
2013-06-17 11:51 - 2013-06-17 11:47 - 00050477 ____A C:\Users\Andreas\Downloads\Defogger.exe
2013-06-17 11:47 - 2013-06-17 11:47 - 00050477 ____A C:\Users\Andreas\Desktop\Defogger.exe
2013-06-17 11:19 - 2013-06-17 11:15 - 00602112 ____A (OldTimer Tools) C:\Users\Andreas\Desktop\OTL.exe
2013-06-17 11:15 - 2013-06-17 11:15 - 00602112 ____A (OldTimer Tools) C:\Users\Andreas\Downloads\OTL.exe
2013-06-17 11:07 - 2013-06-17 11:07 - 00000000 ____D C:\FRST
2013-06-17 11:01 - 2013-06-17 11:06 - 01926844 ____A (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2013-06-17 10:43 - 2013-06-17 10:43 - 00107616 ____A C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-15 23:24 - 2013-06-17 19:24 - 00001940 ____A C:\Windows\PFRO.log
2013-06-15 23:24 - 2013-06-17 19:24 - 00000280 ____A C:\Windows\setupact.log
2013-06-15 23:24 - 2013-06-15 23:24 - 00401184 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-15 23:24 - 2013-06-15 23:24 - 00000000 ____A C:\Windows\setuperr.log
2013-06-15 00:03 - 2013-06-15 00:03 - 00001419 ____A C:\AdwCleaner[S4].txt
2013-06-15 00:03 - 2013-06-15 00:03 - 00001357 ____A C:\AdwCleaner[R6].txt
2013-06-13 20:58 - 2013-06-15 22:35 - 00000000 ____D C:\ProgramData\Norton
2013-06-12 18:35 - 2013-06-12 18:36 - 00001273 ____A C:\AdwCleaner[S3].txt
2013-06-12 18:35 - 2013-06-12 18:35 - 00001210 ____A C:\AdwCleaner[R5].txt
2013-06-12 18:31 - 2013-06-17 15:01 - 00000000 ____D C:\Qoobox
2013-06-12 18:31 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-12 18:31 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-12 18:31 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-12 18:31 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-12 18:31 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-12 18:31 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-12 18:31 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-12 18:31 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-12 18:18 - 2013-06-12 18:19 - 00001176 ____A C:\AdwCleaner[R4].txt
2013-06-12 18:07 - 2013-06-12 18:10 - 00011264 __ASH C:\Users\Andreas\AppData\Roaming\Thumbs.db
2013-06-11 19:52 - 2013-06-11 19:52 - 00001090 ____A C:\AdwCleaner[S2].txt
2013-06-11 19:52 - 2013-06-11 19:52 - 00001027 ____A C:\AdwCleaner[R3].txt
2013-06-11 00:02 - 2013-02-22 08:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-11 00:02 - 2013-02-22 08:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-11 00:02 - 2013-02-22 05:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-11 00:02 - 2013-02-22 05:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-11 00:02 - 2013-02-22 05:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-11 00:01 - 2013-02-22 08:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-11 00:01 - 2013-02-22 08:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-11 00:01 - 2013-02-22 08:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-11 00:01 - 2013-02-22 08:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-11 00:01 - 2013-02-22 08:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-11 00:01 - 2013-02-22 08:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-11 00:01 - 2013-02-22 08:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-11 00:01 - 2013-02-22 08:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-11 00:01 - 2013-02-22 08:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 00:01 - 2013-02-22 08:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-11 00:01 - 2013-02-22 08:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-11 00:01 - 2013-02-22 08:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-11 00:01 - 2013-02-22 08:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-11 00:01 - 2013-02-22 08:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-11 00:01 - 2013-02-22 06:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-11 00:01 - 2013-02-22 05:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-11 00:01 - 2013-02-22 05:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-11 00:01 - 2013-02-22 05:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-11 00:01 - 2013-02-22 05:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-11 00:01 - 2013-02-22 05:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-11 00:01 - 2013-02-22 05:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-11 00:01 - 2013-02-22 05:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-11 00:01 - 2013-02-22 05:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-11 00:01 - 2013-02-22 05:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-11 00:01 - 2013-02-22 05:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-11 00:01 - 2013-02-22 05:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-11 00:01 - 2013-02-22 05:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-10 23:45 - 2013-06-10 23:45 - 00000000 ____D C:\_OTL
2013-06-10 22:50 - 2013-06-10 23:12 - 00000000 ____D C:\Windows\erdnt
2013-06-10 22:14 - 2013-06-17 19:31 - 00000000 ____D C:\JRT
2013-06-10 22:14 - 2013-06-10 22:14 - 00000000 ____D C:\Windows\ERUNT
2013-06-10 22:11 - 2013-06-10 22:11 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-10 22:11 - 2013-06-10 22:11 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-10 22:11 - 2013-06-10 22:11 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-10 22:11 - 2013-06-10 22:11 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-10 21:52 - 2013-06-10 22:01 - 00018058 ____A C:\AdwCleaner[S1].txt
2013-06-10 21:52 - 2013-06-10 21:52 - 00018055 ____A C:\AdwCleaner[R2].txt
2013-06-10 21:48 - 2013-06-10 21:48 - 00017994 ____A C:\AdwCleaner[R1].txt
2013-06-10 21:41 - 2013-06-10 21:41 - 00000000 ____D C:\Users\Andreas\AppData\Local\Secunia PSI
2013-06-10 21:36 - 2013-06-10 21:36 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-10 21:32 - 2013-02-12 17:37 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-10 21:31 - 2013-04-12 16:36 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-06-10 21:31 - 2013-03-01 05:32 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-10 21:31 - 2013-02-12 17:42 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-10 21:31 - 2013-02-12 17:31 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-10 21:31 - 2013-02-12 17:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-10 21:31 - 2013-02-12 17:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-10 21:31 - 2013-02-12 15:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-10 21:30 - 2013-03-19 08:19 - 05497688 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-10 21:30 - 2013-03-19 07:54 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-06-10 21:30 - 2013-03-19 07:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-06-10 21:30 - 2013-03-19 07:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-06-10 21:30 - 2013-03-19 06:53 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-06-10 21:30 - 2013-03-19 05:19 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-06-10 21:30 - 2013-01-24 07:41 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-06-10 21:11 - 2013-06-10 21:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-10 21:11 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-10 21:05 - 2013-06-10 21:05 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\WinPatrol
2013-06-10 21:05 - 2013-06-10 21:05 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-06-10 20:36 - 2013-06-11 16:37 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\BFD30963
2013-06-10 19:15 - 2013-06-14 00:09 - 00000000 ____D C:\Users\Andreas\Srwrlosbyfn
2013-06-09 13:47 - 2013-06-09 13:47 - 00244609 ____A C:\Users\Andreas\Desktop\Bestellung KH und Protein Riegel für Marv.xps
2013-05-31 15:22 - 2013-05-31 15:23 - 00000000 ____D C:\Users\Andreas\Desktop\CAN Leitfäden
2013-05-24 18:16 - 2013-05-24 18:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-06-17 22:11 - 2013-06-17 22:11 - 00890839 ____A C:\Users\Andreas\Desktop\SecurityCheck.exe
2013-06-17 21:30 - 2012-11-23 22:29 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-17 21:20 - 2012-06-25 12:15 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1485576863-2060095362-526887106-1002UA.job
2013-06-17 19:33 - 2012-06-21 15:03 - 00000306 ____A C:\Windows\Tasks\TNYCTYUAB.job
2013-06-17 19:32 - 2009-07-14 06:45 - 00010016 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-17 19:32 - 2009-07-14 06:45 - 00010016 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-17 19:31 - 2013-06-10 22:14 - 00000000 ____D C:\JRT
2013-06-17 19:29 - 2013-06-17 19:29 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Andreas\Desktop\JRT.exe
2013-06-17 19:25 - 2012-02-03 19:47 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-17 19:24 - 2013-06-15 23:24 - 00001940 ____A C:\Windows\PFRO.log
2013-06-17 19:24 - 2013-06-15 23:24 - 00000280 ____A C:\Windows\setupact.log
2013-06-17 19:24 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-17 19:23 - 2013-06-17 19:22 - 00001451 ____A C:\AdwCleaner[S5].txt
2013-06-17 19:23 - 2011-04-30 11:18 - 01843742 ____A C:\Windows\WindowsUpdate.log
2013-06-17 19:22 - 2013-06-17 19:22 - 00000000 ____D C:\Users\Andreas\AppData\Local\CrashDumps
2013-06-17 19:21 - 2013-06-17 19:21 - 00648201 ____A C:\Users\Andreas\Desktop\adwcleaner.exe
2013-06-17 15:01 - 2013-06-17 15:01 - 00028615 ____A C:\ComboFix.txt
2013-06-17 15:01 - 2013-06-12 18:31 - 00000000 ____D C:\Qoobox
2013-06-17 14:59 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-17 14:52 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-17 12:26 - 2012-04-11 15:03 - 00000000 ____D C:\Users\Andreas\Desktop\Praxisanleiter
2013-06-17 12:20 - 2012-06-25 12:15 - 00001076 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1485576863-2060095362-526887106-1002Core.job
2013-06-17 11:59 - 2013-06-17 11:59 - 01926844 ____A (Farbar) C:\Users\Andreas\Downloads\FRST64(1).exe
2013-06-17 11:53 - 2013-06-17 11:53 - 00000000 ____A C:\Users\Andreas\defogger_reenable
2013-06-17 11:53 - 2011-05-23 16:22 - 00000000 ____D C:\users\Andreas
2013-06-17 11:47 - 2013-06-17 11:51 - 00050477 ____A C:\Users\Andreas\Downloads\Defogger.exe
2013-06-17 11:47 - 2013-06-17 11:47 - 00050477 ____A C:\Users\Andreas\Desktop\Defogger.exe
2013-06-17 11:15 - 2013-06-17 11:19 - 00602112 ____A (OldTimer Tools) C:\Users\Andreas\Desktop\OTL.exe
2013-06-17 11:15 - 2013-06-17 11:15 - 00602112 ____A (OldTimer Tools) C:\Users\Andreas\Downloads\OTL.exe
2013-06-17 11:07 - 2013-06-17 11:07 - 00000000 ____D C:\FRST
2013-06-17 11:06 - 2013-06-17 11:01 - 01926844 ____A (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2013-06-17 10:43 - 2013-06-17 10:43 - 00107616 ____A C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-16 20:53 - 2012-08-09 19:44 - 00000000 ____D C:\Users\Andreas\Desktop\Torhüter
2013-06-15 23:24 - 2013-06-15 23:24 - 00401184 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-15 23:24 - 2013-06-15 23:24 - 00000000 ____A C:\Windows\setuperr.log
2013-06-15 22:35 - 2013-06-13 20:58 - 00000000 ____D C:\ProgramData\Norton
2013-06-15 00:03 - 2013-06-15 00:03 - 00001419 ____A C:\AdwCleaner[S4].txt
2013-06-15 00:03 - 2013-06-15 00:03 - 00001357 ____A C:\AdwCleaner[R6].txt
2013-06-14 07:24 - 2011-04-30 13:42 - 00001634 ____A C:\Windows\System32\ServiceFilter.ini
2013-06-14 00:09 - 2013-06-10 19:15 - 00000000 ____D C:\Users\Andreas\Srwrlosbyfn
2013-06-13 17:08 - 2011-05-24 20:47 - 00000000 ____D C:\Users\Andreas\AppData\Local\Windows Live
2013-06-12 19:17 - 2013-04-02 23:40 - 00000000 ____D C:\Users\Andreas\Desktop\Avira bis 2015
2013-06-12 18:54 - 2011-05-23 23:08 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Skype
2013-06-12 18:36 - 2013-06-12 18:35 - 00001273 ____A C:\AdwCleaner[S3].txt
2013-06-12 18:35 - 2013-06-12 18:35 - 00001210 ____A C:\AdwCleaner[R5].txt
2013-06-12 18:19 - 2013-06-12 18:18 - 00001176 ____A C:\AdwCleaner[R4].txt
2013-06-12 18:10 - 2013-06-12 18:07 - 00011264 __ASH C:\Users\Andreas\AppData\Roaming\Thumbs.db
2013-06-12 18:07 - 2009-08-04 12:40 - 00361126 ____A C:\Windows\System32\perfh00D.dat
2013-06-12 18:07 - 2009-08-04 12:40 - 00073354 ____A C:\Windows\System32\perfc00D.dat
2013-06-12 18:07 - 2009-08-04 12:34 - 00563312 ____A C:\Windows\System32\perfh008.dat
2013-06-12 18:07 - 2009-08-04 12:34 - 00095386 ____A C:\Windows\System32\perfc008.dat
2013-06-12 18:07 - 2009-08-04 12:28 - 00688874 ____A C:\Windows\System32\prfh0816.dat
2013-06-12 18:07 - 2009-08-04 12:28 - 00138816 ____A C:\Windows\System32\prfc0816.dat
2013-06-12 18:07 - 2009-08-04 12:22 - 00389086 ____A C:\Windows\System32\prfh0404.dat
2013-06-12 18:07 - 2009-08-04 12:22 - 00110648 ____A C:\Windows\System32\prfc0404.dat
2013-06-12 18:07 - 2009-08-04 12:15 - 00701528 ____A C:\Windows\System32\perfh013.dat
2013-06-12 18:07 - 2009-08-04 12:15 - 00138094 ____A C:\Windows\System32\perfc013.dat
2013-06-12 18:07 - 2009-08-04 12:09 - 00699566 ____A C:\Windows\System32\perfh010.dat
2013-06-12 18:07 - 2009-08-04 12:09 - 00132426 ____A C:\Windows\System32\perfc010.dat
2013-06-12 18:07 - 2009-08-04 12:03 - 00704516 ____A C:\Windows\System32\perfh00C.dat
2013-06-12 18:07 - 2009-08-04 12:03 - 00135236 ____A C:\Windows\System32\perfc00C.dat
2013-06-12 18:07 - 2009-08-04 11:57 - 00703528 ____A C:\Windows\System32\perfh00A.dat
2013-06-12 18:07 - 2009-08-04 11:57 - 00142870 ____A C:\Windows\System32\perfc00A.dat
2013-06-12 18:07 - 2009-08-04 11:51 - 00664868 ____A C:\Windows\System32\perfh007.dat
2013-06-12 18:07 - 2009-08-04 11:51 - 00135004 ____A C:\Windows\System32\perfc007.dat
2013-06-12 18:07 - 2009-07-14 07:13 - 07291496 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 17:15 - 2012-11-20 21:07 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:15 - 2011-08-20 21:25 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 00:11 - 2009-07-14 04:34 - 00000550 ____A C:\Windows\win.ini
2013-06-12 00:06 - 2011-06-09 00:03 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 19:55 - 2011-04-30 13:42 - 00002680 ____A C:\Windows\System32\AutoRunFilter.ini
2013-06-11 19:52 - 2013-06-11 19:52 - 00001090 ____A C:\AdwCleaner[S2].txt
2013-06-11 19:52 - 2013-06-11 19:52 - 00001027 ____A C:\AdwCleaner[R3].txt
2013-06-11 16:37 - 2013-06-10 20:36 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\BFD30963
2013-06-11 00:08 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-10 23:45 - 2013-06-10 23:45 - 00000000 ____D C:\_OTL
2013-06-10 23:14 - 2009-07-14 05:20 - 00000000 ___RD C:\users\Default
2013-06-10 23:12 - 2013-06-10 22:50 - 00000000 ____D C:\Windows\erdnt
2013-06-10 22:14 - 2013-06-10 22:14 - 00000000 ____D C:\Windows\ERUNT
2013-06-10 22:11 - 2013-06-10 22:11 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-10 22:11 - 2013-06-10 22:11 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-10 22:11 - 2013-06-10 22:11 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-10 22:11 - 2013-06-10 22:11 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-10 22:11 - 2013-01-12 22:40 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-10 22:11 - 2011-10-14 19:46 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-10 22:11 - 2011-10-14 19:30 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-10 22:01 - 2013-06-10 21:52 - 00018058 ____A C:\AdwCleaner[S1].txt
2013-06-10 21:52 - 2013-06-10 21:52 - 00018055 ____A C:\AdwCleaner[R2].txt
2013-06-10 21:48 - 2013-06-10 21:48 - 00017994 ____A C:\AdwCleaner[R1].txt
2013-06-10 21:41 - 2013-06-10 21:41 - 00000000 ____D C:\Users\Andreas\AppData\Local\Secunia PSI
2013-06-10 21:36 - 2013-06-10 21:36 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-10 21:11 - 2013-06-10 21:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-10 21:05 - 2013-06-10 21:05 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\WinPatrol
2013-06-10 21:05 - 2013-06-10 21:05 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-06-09 13:47 - 2013-06-09 13:47 - 00244609 ____A C:\Users\Andreas\Desktop\Bestellung KH und Protein Riegel für Marv.xps
2013-06-09 12:15 - 2011-09-21 14:11 - 00932352 __ASH C:\Users\Andreas\Desktop\Thumbs.db
2013-06-05 10:57 - 2012-10-13 00:04 - 00000000 ____D C:\Users\Andreas\Desktop\Facharbeit Marvin 2013
2013-05-31 16:31 - 2012-12-27 20:10 - 00000000 ____D C:\Users\Andreas\Desktop\Lokalisation HTC Marv Handy
2013-05-31 15:23 - 2013-05-31 15:22 - 00000000 ____D C:\Users\Andreas\Desktop\CAN Leitfäden
2013-05-31 15:22 - 2013-02-25 18:13 - 00000000 ____D C:\Users\Andreas\Desktop\Steuersachen 2013
2013-05-25 16:22 - 2012-07-17 00:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-24 18:16 - 2013-05-24 18:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-17 14:06

==================== End Of Log ============================
--- --- ---

--- --- ---


Gruß
Andreas

schrauber 18.06.2013 06:40
JUp, alles gut. Aber falls Du noch TAN-Listen nutzt steig um auf CHipTan.


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

andparch 18.06.2013 14:00
Hallo Schrauber,

danke für deine professionelle und schnelle Hilfe.

MfG
Andreas

schrauber 18.06.2013 14:08
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:58 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131