Trojaner-Board - Dos Angriffe und Lan Access, verschafft sich da jemand Zugriff zu meinem Netzwerk?

Guten Morgen Schrauber! Und vielen Dank für deine Schnelle Antwort / Reaktion.

Hier die FRST.txt:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2013

Ran by Jan (administrator) on JAN-PC on 23-10-2013 10:01:48

Running from C:\Users\Jan\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Valve Corporation) D:\Spiele\Steam\Steam.exe

(Spotify Ltd) C:\Users\Jan\AppData\Roaming\Spotify\spotify.exe

(Spotify Ltd) C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Curse) C:\Users\Jan\AppData\Local\Apps\2.0\LAOOPQ4K.YLQ\BZY550B9.H2N\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2-ui.exe

(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

() C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(Mozilla Corporation) D:\Programme\Morzilla\firefox.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)

HKCU\...\Run: [Steam] - D:\Spiele\Steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)

HKCU\...\Run: [Spotify] - C:\Users\Jan\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-13] (Spotify Ltd)

HKCU\...\Run: [Spotify Web Helper] - C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-13] (Spotify Ltd)

HKCU\...\Policies\Explorer: [DisallowRun] 1

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [RoccatKone+] - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE [552960 2011-07-12] (ROCCAT GmbH)

Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDBB73F50B396CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 

FireFox:

========

FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xxjozu3t.default

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Extension: pricealarm - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xxjozu3t.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM

FF Extension: Spartipps von SparPilot.com - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xxjozu3t.default\Extensions\sparpilot@sparpilot.com

FF Extension: No Name - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xxjozu3t.default\Extensions\{343383e8-c053-40ee-a2a4-317fff6209b2}.xpi

FF Extension: No Name - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xxjozu3t.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi

FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Morzilla\firefox.exe
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)

S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)

R2 Hamachi2Svc; D:\Programme\Hamachi\hamachi-2.exe [2746704 2013-10-01] (LogMeIn Inc.)

S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-12] ()

R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [428032 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-11] (Avira Operations GmbH & Co. KG)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-23 10:01 - 2013-10-23 10:01 - 00000000 ____D C:\FRST

2013-10-23 10:00 - 2013-10-23 10:00 - 102541796 _____ C:\Windows\SysWOW64\츓›

2013-10-23 10:00 - 2013-10-23 10:00 - 01954682 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe

2013-10-23 00:47 - 2013-10-23 00:47 - 00007609 _____ C:\Users\Jan\AppData\Local\Resmon.ResmonCfg

2013-10-19 15:44 - 2013-10-19 15:44 - 00000273 _____ C:\h2-key-120-296-117

2013-10-19 15:44 - 2013-10-19 15:44 - 00000017 _____ C:\h2-sta-120-296-117

2013-10-19 15:42 - 2013-10-23 09:59 - 00188824 _____ C:\h2-engine.log

2013-10-19 15:42 - 2013-10-23 09:59 - 00001465 _____ C:\h2-engine.cfg.bak

2013-10-19 15:42 - 2013-10-23 09:59 - 00001465 _____ C:\h2-engine.cfg

2013-10-19 15:42 - 2013-10-23 09:59 - 00000442 _____ C:\h2-engine.ini.bak

2013-10-19 15:42 - 2013-10-23 09:59 - 00000442 _____ C:\h2-engine.ini

2013-10-19 15:42 - 2013-10-19 15:43 - 00000122 _____ C:\h2-engine.id.bak

2013-10-19 15:42 - 2013-10-19 15:43 - 00000122 _____ C:\h2-engine.id

2013-10-19 15:42 - 2013-10-19 15:42 - 00001430 _____ C:\h2-client.key

2013-10-19 15:42 - 2013-10-19 15:42 - 00000263 _____ C:\h2-server.key

2013-10-19 15:38 - 2013-10-21 16:01 - 00181934 _____ C:\Windows\PFRO.log

2013-10-19 15:33 - 2013-10-19 15:33 - 00000000 ____D C:\Users\Jan\AppData\Local\Tempe68c2ce54fd4e7b56e75b8967b83f29b

2013-10-19 15:27 - 2013-10-19 15:27 - 00000000 ____D C:\Users\Jan\AppData\Local\LogMeIn

2013-10-19 15:27 - 2013-10-19 15:27 - 00000000 ____D C:\ProgramData\LogMeIn

2013-10-19 15:26 - 2013-10-23 09:59 - 00000000 ____D C:\Users\Jan\AppData\Local\LogMeIn Hamachi

2013-10-19 15:26 - 2013-10-19 15:26 - 00000634 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

2013-10-17 16:17 - 2013-10-17 16:17 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA

2013-10-16 23:01 - 2013-10-16 23:01 - 00000209 _____ C:\Users\Jan\Desktop\Terraria.url

2013-10-13 03:01 - 2013-10-13 03:01 - 00000000 ____D C:\ProgramData\id Software

2013-10-12 20:58 - 2013-10-12 20:58 - 00485905 _____ C:\Users\Jan\Desktop\terraria-server.zip

2013-10-12 20:56 - 2013-10-12 20:56 - 00000000 ____D C:\Users\Jan\Downloads\Terraria

2013-10-12 13:55 - 2013-10-12 13:57 - 00000000 ____D C:\Users\Jan\AppData\Roaming\AgeOfBooty

2013-10-12 13:53 - 2013-10-12 13:53 - 00017437 _____ C:\Windows\DirectX.log

2013-10-12 13:53 - 2013-10-12 13:53 - 00000000 __RHD C:\Users\Jan\AppData\Roaming\SecuROM

2013-10-12 13:53 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll

2013-10-12 13:53 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll

2013-10-12 13:53 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll

2013-10-12 11:09 - 2013-10-12 11:09 - 00000208 _____ C:\Users\Jan\Desktop\Age of Booty.url

2013-10-09 22:16 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-10-09 22:16 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-10-09 22:16 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-10-09 22:16 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-10-09 22:16 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-10-09 22:16 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-10-09 22:16 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-10-09 22:16 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-10-09 22:16 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-10-09 22:16 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-10-09 22:16 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-10-09 22:16 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-10-09 22:16 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-10-09 22:16 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-09 22:16 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-09 22:16 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-09 22:16 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-09 22:16 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-09 22:16 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-09 22:16 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-09 22:16 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-09 22:16 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-09 22:16 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-09 22:16 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-09 22:16 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-09 22:16 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-09 22:16 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-09 22:16 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-09 22:16 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-10-09 22:16 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-09 22:16 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-10-09 22:04 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-09 22:04 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-09 22:04 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 22:04 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 22:04 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-09 22:04 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-09 22:04 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-09 22:04 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2013-10-09 22:04 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-09 22:04 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-09 22:04 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-09 22:04 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-09 22:04 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-09 22:04 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-09 22:04 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 22:04 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2013-10-09 22:04 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2013-10-09 22:04 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2013-10-09 22:04 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-09 22:04 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-10-09 22:04 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-10-09 22:04 - 2012-11-29 00:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys

2013-10-09 22:04 - 2012-11-29 00:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll

2013-10-09 22:04 - 2012-11-29 00:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

2013-10-06 02:20 - 2013-10-23 09:59 - 00004368 _____ C:\Windows\setupact.log

2013-10-06 02:20 - 2013-10-06 02:20 - 00000000 _____ C:\Windows\setuperr.log

2013-10-06 02:16 - 2013-10-06 02:18 - 00000000 ____D C:\AdwCleaner

2013-10-06 02:16 - 2013-10-06 02:16 - 00000485 _____ C:\DelFix.txt

2013-10-06 02:16 - 2013-10-06 02:16 - 00000000 ____D C:\Windows\ERUNT

2013-10-06 01:44 - 2013-10-06 01:44 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-06 01:44 - 2013-10-06 01:44 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Malwarebytes

2013-10-06 01:44 - 2013-10-06 01:44 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-06 01:44 - 2013-10-06 01:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-06 01:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 

==================== One Month Modified Files and Folders =======
 

2013-10-23 10:01 - 2013-10-23 10:01 - 00000000 ____D C:\FRST

2013-10-23 10:00 - 2013-10-23 10:00 - 102541796 _____ C:\Windows\SysWOW64\츓›

2013-10-23 10:00 - 2013-10-23 10:00 - 01954682 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe

2013-10-23 09:59 - 2013-10-19 15:42 - 00188824 _____ C:\h2-engine.log

2013-10-23 09:59 - 2013-10-19 15:42 - 00001465 _____ C:\h2-engine.cfg.bak

2013-10-23 09:59 - 2013-10-19 15:42 - 00001465 _____ C:\h2-engine.cfg

2013-10-23 09:59 - 2013-10-19 15:42 - 00000442 _____ C:\h2-engine.ini.bak

2013-10-23 09:59 - 2013-10-19 15:42 - 00000442 _____ C:\h2-engine.ini

2013-10-23 09:59 - 2013-10-19 15:26 - 00000000 ____D C:\Users\Jan\AppData\Local\LogMeIn Hamachi

2013-10-23 09:59 - 2013-10-06 02:20 - 00004368 _____ C:\Windows\setupact.log

2013-10-23 09:59 - 2013-09-22 21:05 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Spotify

2013-10-23 09:59 - 2013-08-11 21:34 - 00000000 ____D C:\Users\Jan\AppData\Local\Deployment

2013-10-23 09:59 - 2013-08-11 18:34 - 00000000 ____D C:\ProgramData\NVIDIA

2013-10-23 09:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-23 01:26 - 2013-08-26 00:23 - 00000000 ____D C:\Users\Jan\AppData\Roaming\TS3Client

2013-10-23 01:26 - 2013-08-11 18:27 - 01146416 _____ C:\Windows\WindowsUpdate.log

2013-10-23 00:47 - 2013-10-23 00:47 - 00007609 _____ C:\Users\Jan\AppData\Local\Resmon.ResmonCfg

2013-10-22 15:27 - 2009-07-14 06:45 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-22 15:27 - 2009-07-14 06:45 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-22 15:26 - 2009-07-14 19:58 - 00699416 _____ C:\Windows\system32\perfh007.dat

2013-10-22 15:26 - 2009-07-14 19:58 - 00149556 _____ C:\Windows\system32\perfc007.dat

2013-10-22 15:26 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-22 15:20 - 2013-09-22 21:05 - 00000000 ____D C:\Users\Jan\AppData\Local\Spotify

2013-10-21 21:24 - 2013-08-11 18:59 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Skype

2013-10-21 16:01 - 2013-10-19 15:38 - 00181934 _____ C:\Windows\PFRO.log

2013-10-20 21:25 - 2013-08-11 18:39 - 01593956 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-10-20 17:06 - 2013-09-02 18:25 - 00000000 ____D C:\Users\Jan\AppData\Local\PMB Files

2013-10-20 17:06 - 2013-09-02 18:25 - 00000000 ____D C:\ProgramData\PMB Files

2013-10-20 10:48 - 2013-08-11 18:27 - 00000000 ___RD C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-10-20 10:33 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-19 15:44 - 2013-10-19 15:44 - 00000273 _____ C:\h2-key-120-296-117

2013-10-19 15:44 - 2013-10-19 15:44 - 00000017 _____ C:\h2-sta-120-296-117

2013-10-19 15:43 - 2013-10-19 15:42 - 00000122 _____ C:\h2-engine.id.bak

2013-10-19 15:43 - 2013-10-19 15:42 - 00000122 _____ C:\h2-engine.id

2013-10-19 15:42 - 2013-10-19 15:42 - 00001430 _____ C:\h2-client.key

2013-10-19 15:42 - 2013-10-19 15:42 - 00000263 _____ C:\h2-server.key

2013-10-19 15:33 - 2013-10-19 15:33 - 00000000 ____D C:\Users\Jan\AppData\Local\Tempe68c2ce54fd4e7b56e75b8967b83f29b

2013-10-19 15:27 - 2013-10-19 15:27 - 00000000 ____D C:\Users\Jan\AppData\Local\LogMeIn

2013-10-19 15:27 - 2013-10-19 15:27 - 00000000 ____D C:\ProgramData\LogMeIn

2013-10-19 15:26 - 2013-10-19 15:26 - 00000634 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

2013-10-17 16:17 - 2013-10-17 16:17 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA

2013-10-16 23:01 - 2013-10-16 23:01 - 00000209 _____ C:\Users\Jan\Desktop\Terraria.url

2013-10-16 23:01 - 2013-08-12 02:32 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2013-10-14 08:53 - 2013-08-11 19:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-14 08:53 - 2013-08-11 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-10-13 03:01 - 2013-10-13 03:01 - 00000000 ____D C:\ProgramData\id Software

2013-10-12 20:58 - 2013-10-12 20:58 - 00485905 _____ C:\Users\Jan\Desktop\terraria-server.zip

2013-10-12 20:56 - 2013-10-12 20:56 - 00000000 ____D C:\Users\Jan\Downloads\Terraria

2013-10-12 20:56 - 2013-08-11 18:27 - 00000000 ____D C:\Users\Jan

2013-10-12 13:57 - 2013-10-12 13:55 - 00000000 ____D C:\Users\Jan\AppData\Roaming\AgeOfBooty

2013-10-12 13:53 - 2013-10-12 13:53 - 00017437 _____ C:\Windows\DirectX.log

2013-10-12 13:53 - 2013-10-12 13:53 - 00000000 __RHD C:\Users\Jan\AppData\Roaming\SecuROM

2013-10-12 11:09 - 2013-10-12 11:09 - 00000208 _____ C:\Users\Jan\Desktop\Age of Booty.url

2013-10-10 11:33 - 2013-08-11 18:21 - 00000000 ____D C:\Windows\Panther

2013-10-10 11:33 - 2009-07-14 06:45 - 00274464 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-06 02:20 - 2013-10-06 02:20 - 00000000 _____ C:\Windows\setuperr.log

2013-10-06 02:18 - 2013-10-06 02:16 - 00000000 ____D C:\AdwCleaner

2013-10-06 02:16 - 2013-10-06 02:16 - 00000485 _____ C:\DelFix.txt

2013-10-06 02:16 - 2013-10-06 02:16 - 00000000 ____D C:\Windows\ERUNT

2013-10-06 01:44 - 2013-10-06 01:44 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-06 01:44 - 2013-10-06 01:44 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Malwarebytes

2013-10-06 01:44 - 2013-10-06 01:44 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-06 01:44 - 2013-10-06 01:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-01 22:58 - 2013-08-11 19:04 - 00000000 ____D C:\Users\Jan\AppData\Local\Mozilla

2013-09-23 09:38 - 2013-08-11 19:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-23 09:38 - 2013-08-11 19:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-23 01:28 - 2013-10-09 22:16 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-23 01:28 - 2013-10-09 22:16 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-23 01:27 - 2013-10-09 22:16 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-23 01:27 - 2013-10-09 22:16 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-23 01:27 - 2013-10-09 22:16 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-23 01:27 - 2013-10-09 22:16 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-23 01:27 - 2013-10-09 22:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-23 01:27 - 2013-10-09 22:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-23 01:27 - 2013-10-09 22:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-09-23 01:27 - 2013-10-09 22:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-09-23 01:27 - 2013-10-09 22:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-09-23 01:27 - 2013-10-09 22:16 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-23 01:27 - 2013-10-09 22:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-09-23 00:55 - 2013-10-09 22:16 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-23 00:55 - 2013-10-09 22:16 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-23 00:55 - 2013-10-09 22:16 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-09-23 00:54 - 2013-10-09 22:16 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-23 00:54 - 2013-10-09 22:16 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-23 00:54 - 2013-10-09 22:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-23 00:54 - 2013-10-09 22:16 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-23 00:54 - 2013-10-09 22:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-23 00:54 - 2013-10-09 22:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-23 00:54 - 2013-10-09 22:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-23 00:54 - 2013-10-09 22:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-09-23 00:54 - 2013-10-09 22:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-09-23 00:54 - 2013-10-09 22:16 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-23 00:54 - 2013-10-09 22:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
 

Some content of TEMP:

====================

C:\Users\Jan\AppData\Local\Temp\dotnetfx45_full_x86_x64.exe

C:\Users\Jan\AppData\Local\Temp\drm_dyndata_7390006.dll

C:\Users\Jan\AppData\Local\Temp\Quarantine.exe

C:\Users\Jan\AppData\Local\Temp\sdanircmdc.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-12 10:09
 

==================== End Of Log ============================

--- --- ---

Hier die Addition.txt:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2013

Ran by Jan at 2013-10-23 10:02:12

Running from C:\Users\Jan\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)

Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)

Age of Booty (x32)

Alliance of Valiant Arms (x32)

AMD USB Filter Driver (x32 Version: 1.0.11.86)

Apple Application Support (x32 Version: 2.3.4)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (x32 Version: 2.1.3.127)

ATI Catalyst Install Manager (Version: 3.0.736.0)

Avira Free Antivirus (x32 Version: 13.0.0.4052)

Battlefield 3™ (x32 Version: 1.6.0.0)

Battlelog Web Plugins (x32 Version: 2.1.7)

Call of Duty: Black Ops II - Multiplayer (x32)

Call of Duty: Black Ops II - Zombies (x32)

Call of Duty: Black Ops II (x32)

CCleaner (Version: 4.04)

concept/design onlineTV 8 (x32 Version: 8.5.0.0)

Curse Client (HKCU Version: 5.1.1.792)

ESN Sonar (x32 Version: 0.70.4)

GeForce Experience NvStream Client Components (Version: 0.1.87)

Guild Wars 2 (x32)

Hitman: Absolution (x32)

Hotline Miami (x32)

iTunes (Version: 10.7.0.21)

Java 7 Update 25 (x32 Version: 7.0.250)

Java Auto Updater (x32 Version: 2.1.9.5)

League of Legends (x32 Version: 3.0.1)

LogMeIn Hamachi (x32 Version: 2.2.0.58)

Magic 2014  (x32)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)

Microsoft .NET Framework 4.5 (Version: 4.5.50709)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)

Mozilla Firefox 23.0 (x86 de) (x32 Version: 23.0)

Mozilla Firefox 24.0 (x86 de) (HKCU Version: 24.0)

Mozilla Maintenance Service (x32 Version: 23.0)

NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)

NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)

NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1)

NVIDIA Grafiktreiber 320.49 (Version: 320.49)

NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)

NVIDIA Install Application (Version: 2.1002.133.902)

NVIDIA PhysX (x32 Version: 9.13.0604)

NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)

NVIDIA Systemsteuerung 320.49 (Version: 320.49)

NVIDIA Update 8.3.14 (Version: 8.3.14)

NVIDIA Update Components (Version: 8.3.14)

NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)

OpenAL (x32)

Origin (x32 Version: 9.3.1.4482)

Pando Media Booster (x32 Version: 2.6.0.7)

Prime World: Defenders (x32)

PunkBuster Services (x32 Version: 0.991)

Quake Live Mozilla Plugin (x32 Version: 1.0.520)

Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)

ROCCAT Kone[+] Mouse Driver (x32)

Saints Row IV (x32)

Saints Row: The Third (x32)

SHIELD Streaming (Version: 1.05.28)

ShootMania Storm (x32)

Skype™ 6.1 (x32 Version: 6.1.129)

Sleeping Dogs™ (x32)

Spotify (HKCU Version: 0.9.4.185.g7545a404)

StarCraft II (x32 Version: 2.0.11.26825)

Steam (x32 Version: 1.0.0.0)

TeamSpeak 3 Client (Version: 3.0.11)

Terraria (x32)

To the Moon (x32)

Torchlight II (x32)

Trine (x32)

Trine 2 (x32)

World of Warcraft (x32 Version: 5.3.0.17128)
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {357D4EDF-E332-4BA9-A50A-FAA32AE18C67} - System32\Tasks\CCleanerSkipUAC => D:\Programme\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
 

==================== Loaded Modules (whitelisted) =============
 

2013-08-11 21:35 - 2013-08-11 21:35 - 00014848 _____ () C:\Users\Jan\AppData\Local\Apps\2.0\LAOOPQ4K.YLQ\BZY550B9.H2N\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.WowDb.dll

2013-08-11 21:35 - 2013-08-11 21:35 - 00035840 _____ () C:\Users\Jan\AppData\Local\Apps\2.0\LAOOPQ4K.YLQ\BZY550B9.H2N\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.Advertising.dll

2013-08-11 21:35 - 2013-08-11 21:35 - 00099840 _____ () C:\Users\Jan\AppData\Local\Apps\2.0\LAOOPQ4K.YLQ\BZY550B9.H2N\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.CMOD2.dll

2013-08-11 18:34 - 2013-08-11 18:34 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-07-01 08:20 - 2013-08-22 00:18 - 00687104 _____ () D:\Spiele\Steam\SDL2.dll

2013-07-26 14:46 - 2013-10-09 04:19 - 01121704 _____ () D:\Spiele\Steam\bin\chromehtml.DLL

2013-07-15 14:32 - 2013-09-11 00:20 - 20625832 _____ () D:\Spiele\Steam\bin\libcef.dll

2013-06-14 15:49 - 2013-06-15 01:49 - 01100800 _____ () D:\Spiele\Steam\bin\avcodec-53.dll

2013-06-14 15:49 - 2013-06-15 01:49 - 00124416 _____ () D:\Spiele\Steam\bin\avutil-51.dll

2013-06-14 15:49 - 2013-06-15 01:49 - 00192000 _____ () D:\Spiele\Steam\bin\avformat-53.dll

2013-09-22 21:05 - 2013-10-13 11:00 - 34604032 _____ () C:\Users\Jan\AppData\Roaming\Spotify\Data\libcef.dll

2013-08-23 00:31 - 2010-06-22 13:50 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll

2013-09-24 11:23 - 2013-10-13 11:00 - 00747008 _____ () C:\Users\Jan\AppData\Roaming\Spotify\Data\libglesv2.dll

2013-09-24 11:23 - 2013-10-13 11:00 - 00137216 _____ () C:\Users\Jan\AppData\Roaming\Spotify\Data\libegl.dll

2013-09-23 09:38 - 2013-09-23 09:38 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

2013-10-01 09:04 - 2013-10-01 09:04 - 03279768 _____ () D:\Programme\Morzilla\mozjs.dll
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (10/21/2013 03:28:22 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921

Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00001487

ID des fehlerhaften Prozesses: 0xe20

Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0

Pfad der fehlerhaften Anwendung: avnotify.exe1

Pfad des fehlerhaften Moduls: avnotify.exe2

Berichtskennung: avnotify.exe3
 

Error: (10/20/2013 05:07:18 PM) (Source: SkypeUpdate) (User: )

Description: File C:\Windows\TEMP\SKY37E.tmp has invalid signature.
 

Error: (10/12/2013 08:59:32 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: TerrariaServer.exe, Version: 1.0.4.0, Zeitstempel: 0x4f158688

Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116

Ausnahmecode: 0xe0434352

Fehleroffset: 0x0000c41f

ID des fehlerhaften Prozesses: 0xc08

Startzeit der fehlerhaften Anwendung: 0xTerrariaServer.exe0

Pfad der fehlerhaften Anwendung: TerrariaServer.exe1

Pfad des fehlerhaften Moduls: TerrariaServer.exe2

Berichtskennung: TerrariaServer.exe3
 

Error: (10/12/2013 08:59:31 PM) (Source: .NET Runtime) (User: )

Description: Anwendung: TerrariaServer.exe

Frameworkversion: v4.0.30319

Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.

Ausnahmeinformationen: System.IO.FileNotFoundException

Stapel:

   bei Terraria.ProgramServer.Main(System.String[])
 

Error: (10/12/2013 08:58:15 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (10/12/2013 08:58:14 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (10/12/2013 08:58:12 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (10/12/2013 08:58:10 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (10/11/2013 03:03:09 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6006
 

Error: (10/11/2013 03:03:09 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6006
 
 

System errors:

=============

Error: (10/23/2013 09:59:55 AM) (Source: WMPNetworkSvc) (User: )

Description: 0x80070422
 

Error: (10/23/2013 09:59:55 AM) (Source: WMPNetworkSvc) (User: )

Description: 0x80070422
 

Error: (10/22/2013 09:56:33 PM) (Source: volsnap) (User: )

Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 

Error: (10/22/2013 03:20:42 PM) (Source: WMPNetworkSvc) (User: )

Description: 0x80070422
 

Error: (10/22/2013 03:20:42 PM) (Source: WMPNetworkSvc) (User: )

Description: 0x80070422
 

Error: (10/21/2013 04:02:01 PM) (Source: WMPNetworkSvc) (User: )

Description: 0x80070422
 

Error: (10/21/2013 04:02:01 PM) (Source: WMPNetworkSvc) (User: )

Description: 0x80070422
 

Error: (10/21/2013 03:28:23 PM) (Source: WMPNetworkSvc) (User: )

Description: 0x80070422
 

Error: (10/21/2013 03:28:23 PM) (Source: WMPNetworkSvc) (User: )

Description: 0x80070422
 

Error: (10/21/2013 03:28:21 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
 
 

Microsoft Office Sessions:

=========================

Error: (10/21/2013 03:28:22 PM) (Source: Application Error)(User: )

Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487e2001cece6160643cd0C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exea7527067-3a54-11e3-bd4e-00241d8e0e9e
 

Error: (10/20/2013 05:07:18 PM) (Source: SkypeUpdate)(User: )

Description: C:\Windows\TEMP\SKY37E.tmp
 

Error: (10/12/2013 08:59:32 PM) (Source: Application Error)(User: )

Description: TerrariaServer.exe1.0.4.04f158688KERNELBASE.dll6.1.7601.1822951fb1116e04343520000c41fc0801cec77d2f03dc6cC:\Users\Jan\AppData\Local\Temp\Temp1_terraria-server.zip\TerrariaServer.exeC:\Windows\syswow64\KERNELBASE.dll6d43b86d-3370-11e3-be7c-00241d8e0e9e
 

Error: (10/12/2013 08:59:31 PM) (Source: .NET Runtime)(User: )

Description: Anwendung: TerrariaServer.exe

Frameworkversion: v4.0.30319

Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.

Ausnahmeinformationen: System.IO.FileNotFoundException

Stapel:

   bei Terraria.ProgramServer.Main(System.String[])
 

Error: (10/12/2013 08:58:15 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Jan\Downloads\SoftonicDownloader_for_terraria.exe
 

Error: (10/12/2013 08:58:14 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Jan\Downloads\SoftonicDownloader_for_terraria.exe
 

Error: (10/12/2013 08:58:12 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Jan\Downloads\SoftonicDownloader_for_terraria.exe
 

Error: (10/12/2013 08:58:10 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Jan\Downloads\SoftonicDownloader_for_terraria.exe
 

Error: (10/11/2013 03:03:09 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6006
 

Error: (10/11/2013 03:03:09 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6006
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 38%

Total physical RAM: 6140.16 MB

Available physical RAM: 3769.65 MB

Total Pagefile: 12278.5 MB

Available Pagefile: 9395.31 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:59.53 GB) (Free:24.64 GB) NTFS

Drive d: (Programme) (Fixed) (Total:1397.26 GB) (Free:1241.79 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: E64D524C)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 1397 GB) (Disk ID: F287EE26)

Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS)
 

==================== End Of Log ============================

Nochmal vielen Dank für die schnelle Hilfe!

MfG Jan

Hey Schrauber,

Beim Ausführen von Combofix gab es soweit keine Probleme außer das Avira trotz deaktiviertem scanner die Meldung " Es wurde ein Zugriff auf die Registery gesperrt" anzeigte. Hoffe das hat den Scan nicht beeinträchtigt.

Hier der Log:

Code:

ComboFix 13-10-23.02 - Jan 23.10.2013  17:46:43.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6140.4974 [GMT 2:00]

ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-09-23 bis 2013-10-23  ))))))))))))))))))))))))))))))

.

.

2013-10-23 15:50 . 2013-10-23 15:50        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2013-10-23 15:50 . 2013-10-23 15:50        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-10-23 08:01 . 2013-10-23 08:01        --------        d-----w-        C:\FRST

2013-10-19 13:33 . 2013-10-19 13:33        --------        d-----w-        c:\users\Jan\AppData\Local\Tempe68c2ce54fd4e7b56e75b8967b83f29b

2013-10-19 13:27 . 2013-10-19 13:27        --------        d-----w-        c:\users\Jan\AppData\Local\LogMeIn

2013-10-19 13:27 . 2013-10-19 13:27        --------        d-----w-        c:\programdata\LogMeIn

2013-10-19 13:26 . 2013-10-23 13:20        --------        d-----w-        c:\users\Jan\AppData\Local\LogMeIn Hamachi

2013-10-17 14:17 . 2013-10-17 14:17        --------        d-----w-        c:\program files (x86)\Microsoft XNA

2013-10-13 01:01 . 2013-10-13 01:01        --------        d-----w-        c:\programdata\id Software

2013-10-12 11:55 . 2013-10-12 11:57        --------        d-----w-        c:\users\Jan\AppData\Roaming\AgeOfBooty

2013-10-12 11:53 . 2013-10-12 11:53        --------        d--h--r-        c:\users\Jan\AppData\Roaming\SecuROM

2013-10-12 11:53 . 2008-07-12 06:18        540688        ----a-w-        c:\windows\system32\d3dx10_39.dll

2013-10-12 11:53 . 2008-07-12 06:18        1942552        ----a-w-        c:\windows\system32\D3DCompiler_39.dll

2013-10-12 11:53 . 2008-07-12 06:18        4992520        ----a-w-        c:\windows\system32\D3DX9_39.dll

2013-10-09 20:04 . 2013-07-04 12:50        633856        ----a-w-        c:\windows\system32\comctl32.dll

2013-10-06 00:16 . 2013-10-06 00:18        --------        d-----w-        C:\AdwCleaner

2013-10-06 00:16 . 2013-10-06 00:16        --------        d-----w-        c:\windows\ERUNT

2013-10-05 23:44 . 2013-10-05 23:44        --------        d-----w-        c:\users\Jan\AppData\Roaming\Malwarebytes

2013-10-05 23:44 . 2013-10-05 23:44        --------        d-----w-        c:\programdata\Malwarebytes

2013-10-05 23:44 . 2013-10-05 23:44        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2013-10-05 23:44 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-23 07:38 . 2013-08-11 17:31        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-23 07:38 . 2013-08-11 17:31        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-09-15 12:55 . 2013-08-12 11:43        290184        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2013-09-15 12:55 . 2013-08-12 04:24        290184        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2013-09-15 12:55 . 2013-08-12 04:24        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2013-09-05 12:54 . 2013-08-11 16:34        105344        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2013-09-01 08:26 . 2013-09-01 08:26        466456        ----a-w-        c:\windows\system32\wrap_oal.dll

2013-09-01 08:26 . 2013-09-01 08:26        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll

2013-09-01 08:26 . 2013-09-01 08:26        122904        ----a-w-        c:\windows\system32\OpenAL32.dll

2013-09-01 08:26 . 2013-09-01 08:26        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll

2013-08-20 13:33 . 2013-09-08 17:51        39200        ----a-w-        c:\windows\system32\drivers\nvvad64v.sys

2013-08-20 13:32 . 2013-09-08 17:51        29984        ----a-w-        c:\windows\system32\nvaudcap64v.dll

2013-08-20 13:32 . 2013-09-08 17:51        28448        ----a-w-        c:\windows\SysWow64\nvaudcap32v.dll

2013-08-20 08:21 . 2013-08-11 16:36        81112        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2013-08-20 08:21 . 2013-08-11 16:34        132088        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2013-08-19 20:30 . 2013-08-19 20:30        867240        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2013-08-19 20:30 . 2013-08-19 20:30        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2013-08-19 20:30 . 2013-08-19 20:30        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-08-15 00:56 . 2013-08-15 00:56        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe

2013-08-15 00:56 . 2013-08-15 00:56        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll

2013-08-15 00:56 . 2013-08-15 00:56        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx

2013-08-15 00:56 . 2013-08-15 00:56        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll

2013-08-15 00:56 . 2013-08-15 00:56        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll

2013-08-15 00:56 . 2013-08-15 00:56        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll

2013-08-15 00:56 . 2013-08-15 00:56        361984        ----a-w-        c:\windows\SysWow64\html.iec

2013-08-15 00:56 . 2013-08-15 00:56        226304        ----a-w-        c:\windows\system32\elshyph.dll

2013-08-15 00:56 . 2013-08-15 00:56        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll

2013-08-15 00:56 . 2013-08-15 00:56        158720        ----a-w-        c:\windows\SysWow64\msls31.dll

2013-08-15 00:56 . 2013-08-15 00:56        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe

2013-08-15 00:56 . 2013-08-15 00:56        138752        ----a-w-        c:\windows\SysWow64\wextract.exe

2013-08-15 00:56 . 2013-08-15 00:56        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2013-08-15 00:56 . 2013-08-15 00:56        12800        ----a-w-        c:\windows\SysWow64\mshta.exe

2013-08-15 00:56 . 2013-08-15 00:56        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll

2013-08-15 00:56 . 2013-08-15 00:56        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe

2013-08-15 00:56 . 2013-08-15 00:56        97280        ----a-w-        c:\windows\system32\mshtmled.dll

2013-08-15 00:56 . 2013-08-15 00:56        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2013-08-15 00:56 . 2013-08-15 00:56        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll

2013-08-15 00:56 . 2013-08-15 00:56        81408        ----a-w-        c:\windows\system32\icardie.dll

2013-08-15 00:56 . 2013-08-15 00:56        77312        ----a-w-        c:\windows\system32\tdc.ocx

2013-08-15 00:56 . 2013-08-15 00:56        762368        ----a-w-        c:\windows\system32\ieapfltr.dll

2013-08-15 00:56 . 2013-08-15 00:56        62976        ----a-w-        c:\windows\system32\pngfilt.dll

2013-08-15 00:56 . 2013-08-15 00:56        599552        ----a-w-        c:\windows\system32\vbscript.dll

2013-08-15 00:56 . 2013-08-15 00:56        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll

2013-08-15 00:56 . 2013-08-15 00:56        51200        ----a-w-        c:\windows\system32\imgutil.dll

2013-08-15 00:56 . 2013-08-15 00:56        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2013-08-15 00:56 . 2013-08-15 00:56        452096        ----a-w-        c:\windows\system32\dxtmsft.dll

2013-08-15 00:56 . 2013-08-15 00:56        441856        ----a-w-        c:\windows\system32\html.iec

2013-08-15 00:56 . 2013-08-15 00:56        281600        ----a-w-        c:\windows\system32\dxtrans.dll

2013-08-15 00:56 . 2013-08-15 00:56        27648        ----a-w-        c:\windows\system32\licmgr10.dll

2013-08-15 00:56 . 2013-08-15 00:56        270848        ----a-w-        c:\windows\system32\iedkcs32.dll

2013-08-15 00:56 . 2013-08-15 00:56        247296        ----a-w-        c:\windows\system32\webcheck.dll

2013-08-15 00:56 . 2013-08-15 00:56        235008        ----a-w-        c:\windows\system32\url.dll

2013-08-15 00:56 . 2013-08-15 00:56        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2013-08-15 00:56 . 2013-08-15 00:56        216064        ----a-w-        c:\windows\system32\msls31.dll

2013-08-15 00:56 . 2013-08-15 00:56        197120        ----a-w-        c:\windows\system32\msrating.dll

2013-08-15 00:56 . 2013-08-15 00:56        173568        ----a-w-        c:\windows\system32\ieUnatt.exe

2013-08-15 00:56 . 2013-08-15 00:56        167424        ----a-w-        c:\windows\system32\iexpress.exe

2013-08-15 00:56 . 2013-08-15 00:56        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl

2013-08-15 00:56 . 2013-08-15 00:56        149504        ----a-w-        c:\windows\system32\occache.dll

2013-08-15 00:56 . 2013-08-15 00:56        144896        ----a-w-        c:\windows\system32\wextract.exe

2013-08-15 00:56 . 2013-08-15 00:56        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2013-08-15 00:56 . 2013-08-15 00:56        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat

2013-08-15 00:56 . 2013-08-15 00:56        13824        ----a-w-        c:\windows\system32\mshta.exe

2013-08-15 00:56 . 2013-08-15 00:56        136192        ----a-w-        c:\windows\system32\iepeers.dll

2013-08-15 00:56 . 2013-08-15 00:56        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll

2013-08-15 00:56 . 2013-08-15 00:56        12800        ----a-w-        c:\windows\system32\msfeedssync.exe

2013-08-15 00:56 . 2013-08-15 00:56        102912        ----a-w-        c:\windows\system32\inseng.dll

2013-08-15 00:56 . 2013-08-15 00:56        68608        ----a-w-        c:\windows\system32\taskhost.exe

2013-08-15 00:55 . 2013-08-15 00:55        9728        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        604160        ----a-w-        c:\windows\SysWow64\d3d10level9.dll

2013-08-15 00:55 . 2013-08-15 00:55        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        522752        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2013-08-15 00:55 . 2013-08-15 00:55        465920        ----a-w-        c:\windows\system32\WMPhoto.dll

2013-08-15 00:55 . 2013-08-15 00:55        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll

2013-08-15 00:55 . 2013-08-15 00:55        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        3928064        ----a-w-        c:\windows\system32\d2d1.dll

2013-08-15 00:55 . 2013-08-15 00:55        364544        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll

2013-08-15 00:55 . 2013-08-15 00:55        363008        ----a-w-        c:\windows\system32\dxgi.dll

2013-08-15 00:55 . 2013-08-15 00:55        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        333312        ----a-w-        c:\windows\system32\d3d10_1core.dll

2013-08-15 00:55 . 2013-08-15 00:55        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        296960        ----a-w-        c:\windows\system32\d3d10core.dll

2013-08-15 00:55 . 2013-08-15 00:55        2776576        ----a-w-        c:\windows\system32\msmpeg2vdec.dll

2013-08-15 00:55 . 2013-08-15 00:55        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll

2013-08-15 00:55 . 2013-08-15 00:55        2560        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-08-15 00:55 . 2013-08-15 00:55        249856        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll

2013-08-15 00:55 . 2013-08-15 00:55        245248        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll

2013-08-15 00:55 . 2013-08-15 00:55        2284544        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll

2013-08-15 00:55 . 2013-08-15 00:55        220160        ----a-w-        c:\windows\SysWow64\d3d10core.dll

2013-08-15 00:55 . 2013-08-15 00:55        207872        ----a-w-        c:\windows\SysWow64\WindowsCodecsExt.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="d:\spiele\Steam\Steam.exe" [2013-10-09 1813928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-20 347192]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2013-8-11 0]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableSecureUIAPath"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programme\Hamachi\hamachi-2.exe;d:\programme\Hamachi\hamachi-2.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xxjozu3t.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - ExtSQL: 2013-10-19 15:41; EFGLQA@78ETGYN-0W7FN789T87.COM; c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xxjozu3t.default\extensions\EFGLQA@78ETGYN-0W7FN789T87.COM

FF - ExtSQL: 2013-10-20 10:36; {343383e8-c053-40ee-a2a4-317fff6209b2}; c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xxjozu3t.default\extensions\{343383e8-c053-40ee-a2a4-317fff6209b2}.xpi

FF - ExtSQL: 2013-10-23 17:02; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xxjozu3t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-10-23 17:05; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xxjozu3t.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2443006632-3408802129-2979337238-1001\Software\SecuROM\License information*]

"datasecu"=hex:b6,7f,74,71,09,7e,46,30,24,e1,bf,c0,6a,80,d1,86,83,52,98,75,4a,

   ea,23,44,56,89,fa,e8,11,69,3e,5d,e8,fa,2a,0c,10,7b,fe,6b,63,dc,5e,93,e4,77,\

"rkeysecu"=hex:09,1d,3b,43,b2,c0,b2,fd,6a,2a,01,a7,e6,87,b4,6f

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-10-23  17:51:26

ComboFix-quarantined-files.txt  2013-10-23 15:51

.

Vor Suchlauf: 9 Verzeichnis(se), 25.998.336.000 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 25.974.530.048 Bytes frei

.

- - End Of File - - C3ADACE1D7196B93E5E9C0D8653642FF

MfG Jan