Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   !Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (https://www.trojaner-board.de/115847-trojaner-tr-atraps-gen2-tr-sirefef-ag-35-a.html)

Pfefferminz8 27.05.2012 19:38
!Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35
 
Hallo, kann mir bitte jemande helfen
Antivira meldet peramnent zwei Funde
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35
nicht löschbar...

Quelle:'C:\Users\user\AppData\Local\{e270155b-82c3-f8d5-9d5f-5a98c59effe6}\U\800000cb.@'

Was soll ich jetzt tun, kenn mich mit PCs nicht so gut aus. Danke für eure Hilfe im Voraus.

Viele Grüße

Psychotic 28.05.2012 12:26
Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:

An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?

Pfefferminz8 28.05.2012 14:52
alwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.05.27.04

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [Administrator]

27.05.2012 21:13:25
mbam-log-2012-05-27 (22-41-25).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 375355
Laufzeit: 1 Stunde(n), 27 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\user\AppData\Local\{e270155b-82c3-f8d5-9d5f-5a98c59effe6}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Users\user\AppData\Local\{e270155b-82c3-f8d5-9d5f-5a98c59effe6}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\Users\user\AppData\Local\{e270155b-82c3-f8d5-9d5f-5a98c59effe6}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\Users\user\AppData\Local\{e270155b-82c3-f8d5-9d5f-5a98c59effe6}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)

Sorry, aber ich weiss nicht, ob das jetzt richtig ist? Was soll ich weiter tun. Bitte um erklärung. Ich versteh es nicht ganz!

Danke

Psychotic 28.05.2012 15:13
Schritt 1: defogger


Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.



Schritt 2: OTL (custom)



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
atapi.sys
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread



Schritt 3: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.



Schritt 4: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

Pfefferminz8 28.05.2012 15:52
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,01% Memory free
4,00 Gb Paging File | 2,99 Gb Available in Paging File | 74,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 185,25 Gb Free Space | 62,15% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 3,78 Gb Free Space | 0,81% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.05.28 16:31:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.01.26 16:08:56 | 003,665,752 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2012.01.18 11:44:32 | 002,057,048 | ---- | M] (Tobit.Software) -- C:\Programme\Tobit Radio.fx\Client\rfx-tray.exe
PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.20 22:37:59 | 013,623,048 | ---- | M] (AVM Software Inc.) -- C:\Programme\Paltalk Messenger\paltalk.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008.09.23 15:39:10 | 003,356,160 | ---- | M] (Alexander Miehlke Softwareentwicklung) -- C:\Programme\TraXEx\TraXEx.exe
PRC - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007.04.09 13:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe
PRC - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (No Company Name) ==========

MOD - [2012.01.26 13:39:32 | 009,560,576 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Client\tobitclt.dll
MOD - [2012.01.26 12:13:36 | 000,215,552 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Client\rfx-client$.ger
MOD - [2011.01.20 22:38:03 | 000,048,368 | ---- | M] () -- C:\Programme\Paltalk Messenger\ctrlkey.dll
MOD - [2008.03.17 15:48:04 | 000,432,504 | ---- | M] () -- C:\Programme\TraXEx\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.05.05 11:43:13 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.04 19:03:55 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.26 16:08:56 | 003,665,752 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.02.18 16:49:44 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.09 16:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.04.07 18:05:00 | 000,204,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.03.25 11:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 12:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009.09.28 00:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 00:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2008.07.26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 15:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008.07.26 15:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.02.22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008.02.22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008.02.22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007.04.18 09:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007.04.12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007.04.12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007.04.12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007.04.12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007.04.12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007.04.12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007.04.12 09:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007.04.12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007.04.12 09:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007.04.12 09:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007.04.10 07:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007.04.10 06:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007.04.10 05:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007.04.10 05:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007.04.10 05:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007.04.10 05:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2007.04.10 05:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007.04.10 05:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007.04.10 05:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007.04.10 05:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=afafe18c-caf0-435d-9b23-34096dd0a995&apn_sauid=0E256564-66BB-47BB-A638-984BE0B8307B
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.28 11:03:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.28 17:43:11 | 000,000,000 | ---D | M]

[2011.01.29 16:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.05.27 22:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\xirp23cp.default\extensions
[2012.05.21 18:36:39 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\xirp23cp.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012.05.27 22:56:33 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\xirp23cp.default\extensions\toolbar@ask.com
[2012.05.27 22:56:33 | 000,002,344 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xirp23cp.default\searchplugins\askcom.xml
[2010.12.08 16:47:52 | 000,000,927 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xirp23cp.default\searchplugins\conduit.xml
[2012.05.28 11:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.10 16:44:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========


O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Program Files\TraXEx\Integration\TraXEx Internet Explorer.lnk ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Program Files\TraXEx\Integration\TraXEx Löschautomat.lnk ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56EE9D36-DD94-4181-A3EA-1942B0C98698}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66ADCF25-A7C6-4EEE-914F-D56F5E652EFE}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8818A463-1011-4E17-9CC0-8519B3EC5DFE}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFE59144-7C81-44A1-9CB4-05FAAE1B869D}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1cf894b9-2bb0-11e0-9164-0019db35692d}\Shell - "" = AutoRun
O33 - MountPoints2\{1cf894b9-2bb0-11e0-9164-0019db35692d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{218c86dc-2259-11e0-8fc4-0019db35692d}\Shell - "" = AutoRun
O33 - MountPoints2\{218c86dc-2259-11e0-8fc4-0019db35692d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{218c86f8-2259-11e0-8fc4-0019db35692d}\Shell - "" = AutoRun
O33 - MountPoints2\{218c86f8-2259-11e0-8fc4-0019db35692d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{218c8704-2259-11e0-8fc4-0019db35692d}\Shell - "" = AutoRun
O33 - MountPoints2\{218c8704-2259-11e0-8fc4-0019db35692d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c6400789-2651-11e0-b85f-0019db35692d}\Shell - "" = AutoRun
O33 - MountPoints2\{c6400789-2651-11e0-b85f-0019db35692d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.05.28 16:31:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.05.28 15:50:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\EurekaLog
[2012.05.27 22:58:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Avira
[2012.05.27 22:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.27 22:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.05.27 22:56:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\APN
[2012.05.27 22:55:58 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.27 22:55:58 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.27 22:55:58 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.05.27 22:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.05.27 20:40:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012.05.27 20:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.27 20:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.27 20:40:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.27 20:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.27 19:53:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.05.27 19:53:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.05.27 19:31:16 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\DriverGenius
[2012.05.04 19:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.05.04 19:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.04 19:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.02 18:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.05.02 18:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.05.02 18:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

========== Files - Modified Within 30 Days ==========

[2012.05.28 16:31:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.05.28 16:30:23 | 000,000,000 | ---- | M] () -- C:\Users\user\defogger_reenable
[2012.05.28 16:30:11 | 000,050,477 | ---- | M] () -- C:\Users\user\Desktop\Defogger.exe
[2012.05.28 16:05:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.28 15:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.28 11:05:01 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.28 11:03:35 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.28 10:15:11 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.28 10:15:11 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.28 10:04:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.28 10:04:37 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.28 00:59:58 | 000,030,120 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000000-00000000-00000009-00001102-00000004-00511102}.rfx
[2012.05.28 00:59:58 | 000,030,120 | ---- | M] () -- C:\Windows\System32\BMXState-{00000000-00000000-00000009-00001102-00000004-00511102}.rfx
[2012.05.28 00:59:58 | 000,027,408 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000000-00000000-00000009-00001102-00000004-00511102}.rfx
[2012.05.28 00:59:58 | 000,027,408 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000000-00000000-00000009-00001102-00000004-00511102}.rfx
[2012.05.28 00:59:58 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000000-00000000-00000009-00001102-00000004-00511102}.rfx
[2012.05.27 22:56:43 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.27 20:40:20 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.13 11:35:13 | 000,336,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.12 22:39:22 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.12 22:39:22 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.12 22:39:22 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.12 22:39:22 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.04 19:04:46 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.05.04 19:04:46 | 000,002,040 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

========== Files Created - No Company Name ==========

[2012.05.28 16:30:23 | 000,000,000 | ---- | C] () -- C:\Users\user\defogger_reenable
[2012.05.28 16:30:11 | 000,050,477 | ---- | C] () -- C:\Users\user\Desktop\Defogger.exe
[2012.05.27 22:56:43 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.27 20:40:20 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.02 18:59:33 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.05.02 18:59:33 | 000,002,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.05.02 18:59:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011.07.12 20:53:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.07.12 20:50:42 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.05.22 16:44:03 | 000,000,182 | ---- | C] () -- C:\Windows\System32\EBPPORT.DAT
[2011.03.06 14:11:42 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2011.02.20 14:57:52 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.02.20 14:57:52 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.02.20 14:57:52 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.02.20 14:57:52 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.02.20 14:57:52 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.02.20 14:57:52 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.02.20 14:57:52 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.02.20 14:57:52 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.02.20 14:57:52 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.02.20 14:57:52 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.02.20 14:57:52 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.02.20 14:57:52 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.02.20 14:57:52 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.02.20 14:57:52 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.02.20 14:57:52 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.02.20 14:57:52 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.02.20 14:57:52 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.02.20 14:57:52 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.02.20 14:57:52 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.02.20 14:55:21 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX400DEFGIPS.ini
[2011.01.29 16:46:46 | 000,304,944 | ---- | C] () -- C:\Program Files\SoftonicDownloader_fuer_mozilla-firefox.exe
[2011.01.29 16:25:13 | 059,398,824 | ---- | C] () -- C:\Program Files\avira_antivir_personal_de.exe
[2011.01.29 16:17:41 | 000,063,641 | ---- | C] () -- C:\Program Files\download.php

========== LOP Check ==========

[2010.02.20 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BitZipper
[2012.05.28 15:50:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EurekaLog
[2012.04.12 15:53:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2011.02.25 22:16:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Paltalk
[2011.07.12 20:58:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
[2011.12.27 15:42:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SecondLife
[2011.08.21 13:49:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Simfy
[2010.02.18 15:32:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SystemUp
[2010.02.17 23:56:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\T-Online
[2011.03.06 14:12:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tobit
[2012.05.27 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2011.02.15 20:26:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ulead Systems
[2012.04.07 11:39:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2011.02.14 19:14:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.02.17 17:37:09 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.04.13 19:14:42 | 000,000,000 | ---D | M] -- C:\Christin
[2012.05.28 10:04:36 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.07.12 21:03:41 | 000,000,000 | ---D | M] -- C:\ConvertTemp
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.02.17 17:49:43 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.02.15 14:00:39 | 000,000,000 | ---D | M] -- C:\Intel
[2010.02.17 17:57:26 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.05.28 00:52:24 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.05.27 22:52:19 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.02.17 17:49:43 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.02.17 17:49:43 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.05.28 16:39:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.02.17 17:45:47 | 000,000,000 | R--D | M] -- C:\Users
[2012.05.27 19:53:17 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >
[2011.01.29 16:30:36 | 059,398,824 | ---- | M] () -- C:\Program Files\avira_antivir_personal_de.exe
[2011.01.29 16:47:04 | 000,304,944 | ---- | M] () -- C:\Program Files\SoftonicDownloader_fuer_mozilla-firefox.exe

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-27 14:46:15

< >

< End of report >

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 28.05.2012 16:33:50 - Run 1
OTL by OldTimer - Version 3.2.43.2    Folder = C:\Users\user\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,01% Memory free
4,00 Gb Paging File | 2,99 Gb Available in Paging File | 74,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 185,25 Gb Free Space | 62,15% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 3,78 Gb Free Space | 0,81% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C9949BB-1690-42BE-9FA8-558D5D173EC1}" = lport=139 | protocol=6 | dir=in | app=system |
"{0FFE2811-146F-4370-B5FC-B5C70FB74801}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{198D567A-2475-4226-B729-435C177D5862}" = lport=138 | protocol=17 | dir=in | app=system |
"{23D45738-9917-4020-9092-35857389F707}" = lport=137 | protocol=17 | dir=in | app=system |
"{2C6254FE-BBEA-4BD6-9E7C-80F25C1A4AA9}" = rport=137 | protocol=17 | dir=out | app=system |
"{2DC71A7C-B3E4-4657-BCE7-DBDFA2FBF818}" = rport=445 | protocol=6 | dir=out | app=system |
"{3203B2C5-B851-4E8A-89D0-D417389E2CBE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{419EB139-A925-4D2D-BC44-CF4B4C7CA07D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57251442-FF0D-4B2C-8F86-DA0928E532DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B75B317-E7BA-4436-A75A-2161CB484F72}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{71098A36-ABA5-42D4-ABBE-2CDEE047CC8E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8335F7ED-F152-45A2-845A-1DF804EFD35E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{89E778FE-22BF-4142-86FA-E438CFDE77B5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D7204FC-4FE7-4977-966F-E9AA4A49C4D0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{99E99645-9145-43AF-863F-2232A7D5DB4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A646A94-DE1F-4678-9BF3-8702B44FEC10}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE8C8488-4BFD-4D60-A425-12B02325383E}" = lport=445 | protocol=6 | dir=in | app=system |
"{BEE6F05C-2C5E-4736-9CCD-6081AFBDC307}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D45D87AA-B99D-48E8-B724-29BF533AA990}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6032D73-EFFE-4288-9595-CB40B597980E}" = rport=139 | protocol=6 | dir=out | app=system |
"{DA57CED8-12AF-4284-9BD0-6192099AC5C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1415BC4-26E3-41AC-9724-E0609257D370}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F8846EC1-62F6-4BF2-9BD2-B74A7EF25DA6}" = rport=138 | protocol=17 | dir=out | app=system |
"{F9AC3F16-456A-4A01-8BE8-92711FA5FFC6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9C82DE1-0735-4E23-8F7D-662B695DFB9A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019D33BB-14D9-414A-BBC5-FF5FF8AC38B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{084DD54C-2F83-4F16-A955-EAE06B4A8606}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{145D3AC6-C957-48B2-8F97-A649425E817D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{18D59516-FCFD-4DE0-94E1-FE372E6B73FE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1DBCF16B-9750-4E4B-BB0A-A44B422A589F}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{1EF2FFF3-265B-4B8C-B214-19D9CC3F5781}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{204DBF5B-76F6-4343-A6BB-75FE845C8C00}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3F7A2682-2E94-40E8-8925-B4A89D540C01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4EDB25F6-CAC7-49AC-9F3C-6AAEED0A505F}" = protocol=6 | dir=out | app=system |
"{59AD8B57-8357-440C-A9A7-B509FECF4553}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{63EBBD38-1FA4-4956-A658-02CFE2729F3B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EDE0F65-F504-40DB-811D-A39D360E1F54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C756E04-034C-480D-8BC8-FD5B7896776C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99C395F0-ADBF-4B91-AB71-C1651B28A356}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{9B368AF0-A182-42BB-B950-FD3BDF2055B5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A293F40D-56B0-49FE-9ADB-9BA27792F23C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A86DE3AE-568F-424C-B292-03363A0D211C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4450E0F-59DA-4D18-B59B-A0942D1067D1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B94D5FC6-F7E8-41B3-937F-F03AEF8833A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C1AC7FA9-43B4-4F50-91B1-FBDA6B93FEE5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C82D8969-9157-45D6-AD7A-4640BA0C8CA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9EB6AB8-E6F6-47F8-B3EF-2DA3FE1FC593}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D1A0E3C6-9501-4874-A8DB-20AF9F752FE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4483A94-E560-4F27-80A9-CA1A50A0BEDB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D7FD4227-2748-4FC1-A488-AAC25B8E32EB}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{F14622AF-9A4C-4535-A2EA-887E5DAD842E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F2A9CF85-744A-4F04-A3BB-537EC791D1CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCA173A5-36B0-417C-B217-4046B9260E35}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{517E97C1-4008-4BFC-A1A5-70710CE5C564}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{655075FE-679A-43F4-8528-D572C4B81FD1}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"TCP Query User{980F9F51-5FF5-41AA-BD82-10E8990A54A5}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{BE630F74-B68F-4FA7-8A6B-275EE70F59BF}C:\program files\secondlifebetaviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifebetaviewer\slvoice.exe |
"TCP Query User{CA16CED8-8065-4767-8DDB-68BA0839358E}C:\windows\temp\navbrowser.exe" = protocol=6 | dir=in | app=c:\windows\temp\navbrowser.exe |
"TCP Query User{D6113947-C70A-4A19-8880-8923DA2BFFD6}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"TCP Query User{EBE6F6C2-9EB3-4C46-A7EA-5A8B2EE85085}C:\program files\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer\slvoice.exe |
"TCP Query User{EDFBC7D7-B646-465A-909A-B40C49530367}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F1FB659D-E09D-4A1F-9229-C78BAD891944}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{1ED68FF0-BC69-4FF2-8596-385E8F9433EF}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{20D3500C-1E16-4F96-AD57-BA4128A44511}C:\program files\secondlifebetaviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifebetaviewer\slvoice.exe |
"UDP Query User{34518992-6DA0-4567-B942-B6E22FA0EA98}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{46D0BD94-50DB-4934-AF62-47FEFEFAD103}C:\windows\temp\navbrowser.exe" = protocol=17 | dir=in | app=c:\windows\temp\navbrowser.exe |
"UDP Query User{72B5F848-6222-4D93-9182-F9301395E1AC}C:\program files\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer\slvoice.exe |
"UDP Query User{7B85AB4B-4F06-4835-AF89-49C997EC0CAD}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{86B5134F-768D-4AF5-9B06-B0E958206740}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{C39EDF8B-B988-4906-ABD4-347C74B9C88A}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{CC6A351D-AF76-4A85-8242-BC019B07CA30}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37D67C45-8484-4398-B5C1-3CAE19FDDF22}" = EPSON PRINT Image Framer Tool1.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCDB8D9-A18E-4B51-A90A-78510AC20DD3}" = Photo Express LE

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7f78e001-8ad7-41e4-80e4-267e798ff88d}" = Nero 9
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8BACBCEC-FB19-4A38-B0A1-7621A4D2726D}" = Schulkartei 6
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{B4C40A0E-14C9-1E1F-2AEC-ABF96EA3FB51}" = simfy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3EC9E5A-27BA-4834-828E-5D7A77CDE964}" = Samsung PC Studio 3
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"conduitEngine" = Conduit Engine
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch
"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"LiveUpdate" = LiveUpdate
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"Norton Commander" = Norton Commander
"NVIDIA Drivers" = NVIDIA Drivers
"PalTalk8.2" = Paltalk Messenger
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SecondLifeViewer" = SecondLifeViewer (remove only)
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Simfy" = simfy
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Tobit Radio.fx Server" = Radio.fx
"Total Zip_is1" = Total Zip 1.0
"TraXEx_is1" = TraXEx 3.2
"TuneUp Utilities" = TuneUp Utilities
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.05.2012 13:06:30 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 12.0.0.4493,
 Zeitstempel: 0x4f920759  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49caf  Ausnahmecode: 0xc0000029  Fehleroffset: 0x0008df89  ID des fehlerhaften
 Prozesses: 0xcc4  Startzeit der fehlerhaften Anwendung: 0x01cd3c2afaba861b  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 4d66f64b-a81e-11e1-a00e-0019db35692d
 
Error - 27.05.2012 13:41:11 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.104:5353    4 user-PC.local.
 Addr 192.168.2.104
 
Error - 27.05.2012 13:41:11 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename    4 user-PC.local.
 Addr 192.168.2.106
 
Error - 27.05.2012 13:41:11 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname user-PC.local already in use; will try user-PC-2.local
 instead
 
Error - 27.05.2012 14:08:59 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.104:5353    4 user-PC.local.
 Addr 192.168.2.104
 
Error - 27.05.2012 14:08:59 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename    4 user-PC.local.
 Addr 192.168.2.106
 
Error - 27.05.2012 14:08:59 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname user-PC.local already in use; will try user-PC-2.local
 instead
 
Error - 27.05.2012 18:50:45 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneUpUtilitiesService32.exe, Version:
 12.0.3500.13, Zeitstempel: 0x4f7d71ad  Name des fehlerhaften Moduls: ntdll.dll, Version:
 6.1.7600.16915, Zeitstempel: 0x4ec49caf  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f963
ID
 des fehlerhaften Prozesses: 0x790  Startzeit der fehlerhaften Anwendung: 0x01cd3c4aa2bab502
Pfad
 der fehlerhaften Anwendung: C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 64ad2b01-a84e-11e1-8460-0019db35692d
 
Error - 27.05.2012 18:51:55 | Computer Name = user-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren
 werden.
 
Error - 28.05.2012 10:26:36 | Computer Name = user-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\loadstreet\total
 zip\BZSHLEXTLOADER.EXE".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 27.05.2012 13:41:13 | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Der Name "USER-PC        :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.106  registriert werden. Der Computer mit IP-Adresse 192.168.2.104
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 27.05.2012 14:07:57 | Computer Name = user-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 27.05.2012 14:08:58 | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.106  registriert werden. Der Computer mit IP-Adresse 192.168.2.104
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 27.05.2012 14:09:01 | Computer Name = user-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{56EE9D36-DD94-4181-A3EA-1942B0C98698} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 27.05.2012 14:09:01 | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Der Name "USER-PC        :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.106  registriert werden. Der Computer mit IP-Adresse 192.168.2.104
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 27.05.2012 15:10:19 | Computer Name = user-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 27.05.2012 16:43:04 | Computer Name = user-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 27.05.2012 16:51:35 | Computer Name = user-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 27.05.2012 18:41:41 | Computer Name = user-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 27.05.2012 18:59:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
 
< End of report >
--- --- ---

Pfefferminz8 28.05.2012 15:55
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 28.05.2012 16:33:50 - Run 1
OTL by OldTimer - Version 3.2.43.2    Folder = C:\Users\user\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,01% Memory free
4,00 Gb Paging File | 2,99 Gb Available in Paging File | 74,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 185,25 Gb Free Space | 62,15% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 3,78 Gb Free Space | 0,81% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C9949BB-1690-42BE-9FA8-558D5D173EC1}" = lport=139 | protocol=6 | dir=in | app=system |
"{0FFE2811-146F-4370-B5FC-B5C70FB74801}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{198D567A-2475-4226-B729-435C177D5862}" = lport=138 | protocol=17 | dir=in | app=system |
"{23D45738-9917-4020-9092-35857389F707}" = lport=137 | protocol=17 | dir=in | app=system |
"{2C6254FE-BBEA-4BD6-9E7C-80F25C1A4AA9}" = rport=137 | protocol=17 | dir=out | app=system |
"{2DC71A7C-B3E4-4657-BCE7-DBDFA2FBF818}" = rport=445 | protocol=6 | dir=out | app=system |
"{3203B2C5-B851-4E8A-89D0-D417389E2CBE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{419EB139-A925-4D2D-BC44-CF4B4C7CA07D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57251442-FF0D-4B2C-8F86-DA0928E532DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B75B317-E7BA-4436-A75A-2161CB484F72}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{71098A36-ABA5-42D4-ABBE-2CDEE047CC8E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8335F7ED-F152-45A2-845A-1DF804EFD35E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{89E778FE-22BF-4142-86FA-E438CFDE77B5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D7204FC-4FE7-4977-966F-E9AA4A49C4D0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{99E99645-9145-43AF-863F-2232A7D5DB4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A646A94-DE1F-4678-9BF3-8702B44FEC10}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE8C8488-4BFD-4D60-A425-12B02325383E}" = lport=445 | protocol=6 | dir=in | app=system |
"{BEE6F05C-2C5E-4736-9CCD-6081AFBDC307}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D45D87AA-B99D-48E8-B724-29BF533AA990}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6032D73-EFFE-4288-9595-CB40B597980E}" = rport=139 | protocol=6 | dir=out | app=system |
"{DA57CED8-12AF-4284-9BD0-6192099AC5C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1415BC4-26E3-41AC-9724-E0609257D370}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F8846EC1-62F6-4BF2-9BD2-B74A7EF25DA6}" = rport=138 | protocol=17 | dir=out | app=system |
"{F9AC3F16-456A-4A01-8BE8-92711FA5FFC6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9C82DE1-0735-4E23-8F7D-662B695DFB9A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019D33BB-14D9-414A-BBC5-FF5FF8AC38B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{084DD54C-2F83-4F16-A955-EAE06B4A8606}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{145D3AC6-C957-48B2-8F97-A649425E817D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{18D59516-FCFD-4DE0-94E1-FE372E6B73FE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1DBCF16B-9750-4E4B-BB0A-A44B422A589F}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{1EF2FFF3-265B-4B8C-B214-19D9CC3F5781}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{204DBF5B-76F6-4343-A6BB-75FE845C8C00}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3F7A2682-2E94-40E8-8925-B4A89D540C01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4EDB25F6-CAC7-49AC-9F3C-6AAEED0A505F}" = protocol=6 | dir=out | app=system |
"{59AD8B57-8357-440C-A9A7-B509FECF4553}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{63EBBD38-1FA4-4956-A658-02CFE2729F3B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EDE0F65-F504-40DB-811D-A39D360E1F54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C756E04-034C-480D-8BC8-FD5B7896776C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99C395F0-ADBF-4B91-AB71-C1651B28A356}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{9B368AF0-A182-42BB-B950-FD3BDF2055B5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A293F40D-56B0-49FE-9ADB-9BA27792F23C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A86DE3AE-568F-424C-B292-03363A0D211C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4450E0F-59DA-4D18-B59B-A0942D1067D1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B94D5FC6-F7E8-41B3-937F-F03AEF8833A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C1AC7FA9-43B4-4F50-91B1-FBDA6B93FEE5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C82D8969-9157-45D6-AD7A-4640BA0C8CA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9EB6AB8-E6F6-47F8-B3EF-2DA3FE1FC593}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D1A0E3C6-9501-4874-A8DB-20AF9F752FE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4483A94-E560-4F27-80A9-CA1A50A0BEDB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D7FD4227-2748-4FC1-A488-AAC25B8E32EB}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{F14622AF-9A4C-4535-A2EA-887E5DAD842E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F2A9CF85-744A-4F04-A3BB-537EC791D1CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCA173A5-36B0-417C-B217-4046B9260E35}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{517E97C1-4008-4BFC-A1A5-70710CE5C564}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{655075FE-679A-43F4-8528-D572C4B81FD1}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"TCP Query User{980F9F51-5FF5-41AA-BD82-10E8990A54A5}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{BE630F74-B68F-4FA7-8A6B-275EE70F59BF}C:\program files\secondlifebetaviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifebetaviewer\slvoice.exe |
"TCP Query User{CA16CED8-8065-4767-8DDB-68BA0839358E}C:\windows\temp\navbrowser.exe" = protocol=6 | dir=in | app=c:\windows\temp\navbrowser.exe |
"TCP Query User{D6113947-C70A-4A19-8880-8923DA2BFFD6}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"TCP Query User{EBE6F6C2-9EB3-4C46-A7EA-5A8B2EE85085}C:\program files\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer\slvoice.exe |
"TCP Query User{EDFBC7D7-B646-465A-909A-B40C49530367}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F1FB659D-E09D-4A1F-9229-C78BAD891944}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{1ED68FF0-BC69-4FF2-8596-385E8F9433EF}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{20D3500C-1E16-4F96-AD57-BA4128A44511}C:\program files\secondlifebetaviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifebetaviewer\slvoice.exe |
"UDP Query User{34518992-6DA0-4567-B942-B6E22FA0EA98}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{46D0BD94-50DB-4934-AF62-47FEFEFAD103}C:\windows\temp\navbrowser.exe" = protocol=17 | dir=in | app=c:\windows\temp\navbrowser.exe |
"UDP Query User{72B5F848-6222-4D93-9182-F9301395E1AC}C:\program files\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer\slvoice.exe |
"UDP Query User{7B85AB4B-4F06-4835-AF89-49C997EC0CAD}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{86B5134F-768D-4AF5-9B06-B0E958206740}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{C39EDF8B-B988-4906-ABD4-347C74B9C88A}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{CC6A351D-AF76-4A85-8242-BC019B07CA30}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37D67C45-8484-4398-B5C1-3CAE19FDDF22}" = EPSON PRINT Image Framer Tool1.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCDB8D9-A18E-4B51-A90A-78510AC20DD3}" = Photo Express LE

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7f78e001-8ad7-41e4-80e4-267e798ff88d}" = Nero 9
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8BACBCEC-FB19-4A38-B0A1-7621A4D2726D}" = Schulkartei 6
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{B4C40A0E-14C9-1E1F-2AEC-ABF96EA3FB51}" = simfy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3EC9E5A-27BA-4834-828E-5D7A77CDE964}" = Samsung PC Studio 3
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"conduitEngine" = Conduit Engine
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch
"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"LiveUpdate" = LiveUpdate
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"Norton Commander" = Norton Commander
"NVIDIA Drivers" = NVIDIA Drivers
"PalTalk8.2" = Paltalk Messenger
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SecondLifeViewer" = SecondLifeViewer (remove only)
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Simfy" = simfy
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Tobit Radio.fx Server" = Radio.fx
"Total Zip_is1" = Total Zip 1.0
"TraXEx_is1" = TraXEx 3.2
"TuneUp Utilities" = TuneUp Utilities
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.05.2012 13:06:30 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 12.0.0.4493,
 Zeitstempel: 0x4f920759  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49caf  Ausnahmecode: 0xc0000029  Fehleroffset: 0x0008df89  ID des fehlerhaften
 Prozesses: 0xcc4  Startzeit der fehlerhaften Anwendung: 0x01cd3c2afaba861b  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 4d66f64b-a81e-11e1-a00e-0019db35692d
 
Error - 27.05.2012 13:41:11 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.104:5353    4 user-PC.local.
 Addr 192.168.2.104
 
Error - 27.05.2012 13:41:11 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename    4 user-PC.local.
 Addr 192.168.2.106
 
Error - 27.05.2012 13:41:11 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname user-PC.local already in use; will try user-PC-2.local
 instead
 
Error - 27.05.2012 14:08:59 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.104:5353    4 user-PC.local.
 Addr 192.168.2.104
 
Error - 27.05.2012 14:08:59 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename    4 user-PC.local.
 Addr 192.168.2.106
 
Error - 27.05.2012 14:08:59 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname user-PC.local already in use; will try user-PC-2.local
 instead
 
Error - 27.05.2012 18:50:45 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneUpUtilitiesService32.exe, Version:
 12.0.3500.13, Zeitstempel: 0x4f7d71ad  Name des fehlerhaften Moduls: ntdll.dll, Version:
 6.1.7600.16915, Zeitstempel: 0x4ec49caf  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f963
ID
 des fehlerhaften Prozesses: 0x790  Startzeit der fehlerhaften Anwendung: 0x01cd3c4aa2bab502
Pfad
 der fehlerhaften Anwendung: C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 64ad2b01-a84e-11e1-8460-0019db35692d
 
Error - 27.05.2012 18:51:55 | Computer Name = user-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren
 werden.
 
Error - 28.05.2012 10:26:36 | Computer Name = user-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\loadstreet\total
 zip\BZSHLEXTLOADER.EXE".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 27.05.2012 13:41:13 | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Der Name "USER-PC        :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.106  registriert werden. Der Computer mit IP-Adresse 192.168.2.104
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 27.05.2012 14:07:57 | Computer Name = user-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 27.05.2012 14:08:58 | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.106  registriert werden. Der Computer mit IP-Adresse 192.168.2.104
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 27.05.2012 14:09:01 | Computer Name = user-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{56EE9D36-DD94-4181-A3EA-1942B0C98698} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 27.05.2012 14:09:01 | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Der Name "USER-PC        :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.106  registriert werden. Der Computer mit IP-Adresse 192.168.2.104
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 27.05.2012 15:10:19 | Computer Name = user-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 27.05.2012 16:43:04 | Computer Name = user-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 27.05.2012 16:51:35 | Computer Name = user-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 27.05.2012 18:41:41 | Computer Name = user-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 27.05.2012 18:59:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
 
< End of report >
--- --- ---


So und nun gab es Probleme bei Schritt 3
Schritt 3: aswMBR, hab alles so wie es da stand ausgeführt. Beim scannen blieb der PC hängen und hat sich von alleine heruntergefahren. Nun geht das Internet nicht mehr und PC läuft viel langsamer. ( Bin mit Laptop online)

Was soll ich nun tun?

Psychotic 28.05.2012 23:27
Lade die Datei in folgender Anleitung auf einen USB-Stick und führe sie am infizierten Rechner gemäß Anleitung aus. Poste das Log dann hier!


Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

Pfefferminz8 29.05.2012 11:30
Hallo,

Internet funktioniert wieder. Haben Antivira aktualisiert. TR/Trash.Gen wird gefunden.

TdssKille durchgeführt

Wie gehts weiter?Danke!

Psychotic 29.05.2012 11:37
Starte aswMBR erneut. Wenn du gefragt wirst, ob du unter Verwendunge der avast!-Signaturen scannen willst, wähle Nein und scanne den Rechner erneut.

Pfefferminz8 29.05.2012 12:36
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-29 13:04:40
-----------------------------
13:04:40.295 OS Version: Windows 6.1.7601 Service Pack 1
13:04:40.296 Number of processors: 2 586 0x604
13:04:40.299 ComputerName: USER-PC UserName: user
13:05:13.541 Initialize success
13:05:24.500 AVAST engine defs: 12052800
13:06:53.412 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:06:53.417 Disk 0 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
13:06:53.437 Disk 0 MBR read successfully
13:06:53.442 Disk 0 MBR scan
13:06:53.486 Disk 0 Windows 7 default MBR code
13:06:53.515 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
13:06:53.547 Disk 0 scanning sectors +625139712
13:06:53.635 Disk 0 scanning C:\Windows\system32\drivers
13:07:15.198 Service scanning
13:07:49.515 Modules scanning
13:08:10.083 Disk 0 trace - called modules:
13:08:10.119 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS viaide.sys PCIIDEX.SYS atapi.sys
13:08:10.129 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a6dac8]
13:08:10.140 3 CLASSPNP.SYS[8919e59e] -> nt!IofCallDriver -> [0x85977918]
13:08:10.154 5 ACPI.sys[88c453d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ca3908]
13:08:11.725 AVAST engine scan C:\Windows
13:08:17.174 AVAST engine scan C:\Windows\system32
13:13:47.000 AVAST engine scan C:\Windows\system32\drivers
13:14:13.324 AVAST engine scan C:\Users\user
13:31:34.769 AVAST engine scan C:\ProgramData
13:32:46.614 Scan finished successfully
13:33:51.817 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
13:33:51.828 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

Psychotic 29.05.2012 12:39
Schritt 1: Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Pfefferminz8 29.05.2012 15:14
Combofix Logfile:
Code:
ComboFix 12-05-28.05 - user 29.05.2012  15:08:48.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.2046.1070 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET1C04.tmp
c:\windows\system32\SET261C.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-28 bis 2012-05-29  ))))))))))))))))))))))))))))))
.
.
2012-05-29 13:35 . 2012-05-29 13:36        --------        d-----w-        c:\users\user\AppData\Local\temp
2012-05-29 13:35 . 2012-05-29 13:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-29 07:55 . 2012-05-29 07:55        --------        d-----w-        c:\programdata\NVIDIA Corporation
2012-05-29 07:55 . 2012-05-29 07:56        --------        d-----w-        c:\program files\NVIDIA Corporation
2012-05-29 07:55 . 2012-05-29 07:55        --------        d-----w-        c:\windows\LastGood
2012-05-28 21:45 . 2012-05-28 21:45        --------        d-----w-        c:\windows\system32\SPReview
2012-05-28 21:43 . 2012-05-28 21:43        --------        d-----w-        c:\windows\system32\EventProviders
2012-05-28 20:16 . 2012-05-28 20:16        --------        d-----w-        c:\users\user\AppData\Roaming\Avira
2012-05-28 20:14 . 2012-04-27 08:20        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-28 20:14 . 2012-04-24 22:32        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-28 20:14 . 2012-04-16 19:17        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-05-28 20:14 . 2012-05-28 20:14        --------        d-----w-        c:\program files\Avira
2012-05-28 13:50 . 2012-05-29 10:31        --------        d-----w-        c:\users\user\AppData\Roaming\EurekaLog
2012-05-27 20:56 . 2012-05-28 20:14        --------        d-----w-        c:\program files\Ask.com
2012-05-27 20:56 . 2012-05-27 20:56        --------        d-----w-        c:\users\user\AppData\Local\APN
2012-05-27 18:40 . 2012-05-27 18:40        --------        d-----w-        c:\users\user\AppData\Roaming\Malwarebytes
2012-05-27 18:40 . 2012-05-27 18:40        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-27 18:40 . 2012-05-28 18:48        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-05-27 17:53 . 2012-05-27 17:53        --------        d-sh--w-        c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-05-27 17:53 . 2012-05-27 17:53        --------        d--h--w-        c:\programdata\Common Files
2012-05-25 14:52 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DD359CB-1D2B-4B05-9FB7-C33B70549BA7}\mpengine.dll
2012-05-12 17:04 . 2012-03-31 04:30        1221632        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 17:04 . 2012-03-31 04:29        936960        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 17:04 . 2012-03-31 04:29        989184        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 17:04 . 2010-11-20 12:17        1785344        ----a-w-        c:\program files\Windows Journal\Journal.exe
2012-05-12 17:04 . 2012-03-31 04:29        969216        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 17:04 . 2012-03-30 10:23        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-12 17:04 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-12 17:04 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-12 17:04 . 2012-03-31 02:36        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-05-12 17:04 . 2012-03-17 07:27        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-12 17:04 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-04 17:04 . 2012-05-28 18:48        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-05-04 17:03 . 2012-05-04 17:03        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 17:03 . 2012-05-04 17:03        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-02 16:59 . 2012-05-28 18:48        --------        d-----w-        c:\programdata\McAfee Security Scan
2012-05-02 16:59 . 2012-05-02 16:59        --------        d-----w-        c:\programdata\McAfee
2012-05-02 16:59 . 2012-05-02 16:59        --------        d-----w-        c:\program files\McAfee Security Scan
2012-05-02 16:59 . 2012-05-05 09:43        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-02 16:59 . 2012-05-05 09:43        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-28 21:55 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2012-03-09 21:55 . 2012-03-09 21:55        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-03-09 21:55 . 2012-03-09 21:55        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-03-09 21:55 . 2012-03-09 21:55        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-03-09 21:55 . 2012-03-09 21:55        161792        ----a-w-        c:\windows\system32\msls31.dll
2012-03-09 21:55 . 2012-03-09 21:55        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-03-09 21:55 . 2012-03-09 21:55        86528        ----a-w-        c:\windows\system32\iesysprep.dll
2012-03-09 21:55 . 2012-03-09 21:55        74752        ----a-w-        c:\windows\system32\iesetup.dll
2012-03-09 21:55 . 2012-03-09 21:55        63488        ----a-w-        c:\windows\system32\tdc.ocx
2012-03-09 21:55 . 2012-03-09 21:55        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-03-09 21:55 . 2012-03-09 21:55        367104        ----a-w-        c:\windows\system32\html.iec
2012-03-09 21:55 . 2012-03-09 21:55        35840        ----a-w-        c:\windows\system32\imgutil.dll
2012-03-09 21:55 . 2012-03-09 21:55        23552        ----a-w-        c:\windows\system32\licmgr10.dll
2012-03-09 21:55 . 2012-03-09 21:55        152064        ----a-w-        c:\windows\system32\wextract.exe
2012-03-09 21:55 . 2012-03-09 21:55        150528        ----a-w-        c:\windows\system32\iexpress.exe
2012-03-09 21:55 . 2012-03-09 21:55        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-03-09 21:55 . 2012-03-09 21:55        11776        ----a-w-        c:\windows\system32\mshta.exe
2012-03-09 21:55 . 2012-03-09 21:55        101888        ----a-w-        c:\windows\system32\admparse.dll
2012-03-01 05:46 . 2012-04-13 10:04        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-13 10:04        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-13 10:04        159232        ----a-w-        c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 10:04        5120        ----a-w-        c:\windows\system32\wmi.dll
2011-01-29 14:47 . 2011-01-29 14:46        304944        ----a-w-        c:\program files\SoftonicDownloader_fuer_mozilla-firefox.exe
2011-01-29 14:30 . 2011-01-29 14:25        59398824        ----a-w-        c:\program files\avira_antivir_personal_de.exe
2012-05-04 17:03 . 2011-04-08 14:58        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58        3913000        ----a-w-        c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-11-13 20:58        3913000        ----a-w-        c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 18:20        1514152        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rfxsrvtray"="c:\program files\Tobit Radio.fx\Client\rfx-tray.exe" [2012-01-18 2057048]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
TraXEx 3.2.lnk - c:\program files\TraXEx\TraXEx.exe [2010-2-18 3356160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-07 204800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2012-01-26 3665752]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-01 1043784]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 63616]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 42023135
*NewlyCreated* - ASWMBR
*Deregistered* - 42023135
*Deregistered* - aswMBR
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 09:43]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-07 20:17]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-07 20:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - c:\program files\TraXEx\Integration\TraXEx Internet Explorer.lnk
IE: {{8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - c:\program files\TraXEx\Integration\TraXEx Löschautomat.lnk
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{66ADCF25-A7C6-4EEE-914F-D56F5E652EFE}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{8818A463-1011-4E17-9CC0-8519B3EC5DFE}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{FFE59144-7C81-44A1-9CB4-05FAAE1B869D}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xirp23cp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=7187416B-212F-4958-A3C1-E49D78BBB3C2&apn_ptnrs=^ABT&apn_sauid=A7A4DCC2-0D5F-4DC5-8888-6DEC199E573A&apn_dtid=^YYYYYY^YY^DE&&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-TaskTray - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-29  16:08:09
ComboFix-quarantined-files.txt  2012-05-29 14:08
.
Vor Suchlauf: 8 Verzeichnis(se), 202.606.211.072 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 202.870.394.880 Bytes frei
.
- - End Of File - - C32533B44A22A2C7096BF4B22E53EBF5
--- --- ---

Psychotic 30.05.2012 10:00
Schritt 1: Software deinstallieren

  • Klicke Start-->Systemsteuerung.
  • Öffne Programme und Funktionen.
  • Suche und deinstalliere folgende Einträge:
    Zitat:
    Ask Toolbar
    Skype Toolbars
    softonic-de3 Toolbar
    Avira SearchFree Toolbar plus Web Protection Updater
    McAfee Security scan plus
  • Schließe das Fenster.



Schritt 2: CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
CLEARJAVACACHE::
Extra::
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.


Schritt 3: MBAM


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Pfefferminz8 30.05.2012 12:30
Combofix Logfile:
Code:
ComboFix 12-05-30.02 - user 30.05.2012  12:41:02.2.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.2046.1215 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\user\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-28 bis 2012-05-30  ))))))))))))))))))))))))))))))
.
.
2012-05-30 10:51 . 2012-05-30 10:51        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-29 14:08 . 2012-05-30 10:51        --------        d-----w-        c:\users\user\AppData\Local\temp
2012-05-29 07:55 . 2012-05-29 07:55        --------        d-----w-        c:\programdata\NVIDIA Corporation
2012-05-29 07:55 . 2012-05-29 07:56        --------        d-----w-        c:\program files\NVIDIA Corporation
2012-05-29 07:25 . 2012-01-25 05:32        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-05-29 07:25 . 2012-01-25 05:32        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-05-28 21:45 . 2012-05-28 21:45        --------        d-----w-        c:\windows\system32\SPReview
2012-05-28 21:43 . 2012-05-28 21:43        --------        d-----w-        c:\windows\system32\EventProviders
2012-05-28 20:16 . 2012-05-28 20:16        --------        d-----w-        c:\users\user\AppData\Roaming\Avira
2012-05-28 20:14 . 2012-04-27 08:20        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-28 20:14 . 2012-04-24 22:32        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-28 20:14 . 2012-04-16 19:17        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-05-28 20:14 . 2012-05-28 20:14        --------        d-----w-        c:\program files\Avira
2012-05-28 13:50 . 2012-05-29 10:31        --------        d-----w-        c:\users\user\AppData\Roaming\EurekaLog
2012-05-27 20:56 . 2012-05-30 10:05        --------        d-----w-        c:\program files\Ask.com
2012-05-27 20:56 . 2012-05-27 20:56        --------        d-----w-        c:\users\user\AppData\Local\APN
2012-05-27 18:40 . 2012-05-27 18:40        --------        d-----w-        c:\users\user\AppData\Roaming\Malwarebytes
2012-05-27 18:40 . 2012-05-27 18:40        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-27 18:40 . 2012-05-28 18:48        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-05-27 17:53 . 2012-05-27 17:53        --------        d-sh--w-        c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-05-27 17:53 . 2012-05-27 17:53        --------        d--h--w-        c:\programdata\Common Files
2012-05-25 14:52 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DD359CB-1D2B-4B05-9FB7-C33B70549BA7}\mpengine.dll
2012-05-12 17:04 . 2012-03-31 04:30        1221632        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 17:04 . 2012-03-31 04:29        936960        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 17:04 . 2012-03-31 04:29        989184        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 17:04 . 2010-11-20 12:17        1785344        ----a-w-        c:\program files\Windows Journal\Journal.exe
2012-05-12 17:04 . 2012-03-31 04:29        969216        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 17:04 . 2012-03-30 10:23        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-12 17:04 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-12 17:04 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-12 17:04 . 2012-03-31 02:36        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-05-12 17:04 . 2012-03-17 07:27        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-12 17:04 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-04 17:04 . 2012-05-28 18:48        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-05-04 17:03 . 2012-05-04 17:03        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 17:03 . 2012-05-04 17:03        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-02 16:59 . 2012-05-02 16:59        --------        d-----w-        c:\programdata\McAfee
2012-05-02 16:59 . 2012-05-05 09:43        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-02 16:59 . 2012-05-05 09:43        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-28 21:55 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2012-03-09 21:55 . 2012-03-09 21:55        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-03-09 21:55 . 2012-03-09 21:55        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-03-09 21:55 . 2012-03-09 21:55        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-03-09 21:55 . 2012-03-09 21:55        161792        ----a-w-        c:\windows\system32\msls31.dll
2012-03-09 21:55 . 2012-03-09 21:55        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-03-09 21:55 . 2012-03-09 21:55        86528        ----a-w-        c:\windows\system32\iesysprep.dll
2012-03-09 21:55 . 2012-03-09 21:55        74752        ----a-w-        c:\windows\system32\iesetup.dll
2012-03-09 21:55 . 2012-03-09 21:55        63488        ----a-w-        c:\windows\system32\tdc.ocx
2012-03-09 21:55 . 2012-03-09 21:55        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-03-09 21:55 . 2012-03-09 21:55        367104        ----a-w-        c:\windows\system32\html.iec
2012-03-09 21:55 . 2012-03-09 21:55        35840        ----a-w-        c:\windows\system32\imgutil.dll
2012-03-09 21:55 . 2012-03-09 21:55        23552        ----a-w-        c:\windows\system32\licmgr10.dll
2012-03-09 21:55 . 2012-03-09 21:55        152064        ----a-w-        c:\windows\system32\wextract.exe
2012-03-09 21:55 . 2012-03-09 21:55        150528        ----a-w-        c:\windows\system32\iexpress.exe
2012-03-09 21:55 . 2012-03-09 21:55        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-03-09 21:55 . 2012-03-09 21:55        11776        ----a-w-        c:\windows\system32\mshta.exe
2012-03-09 21:55 . 2012-03-09 21:55        101888        ----a-w-        c:\windows\system32\admparse.dll
2011-01-29 14:47 . 2011-01-29 14:46        304944        ----a-w-        c:\program files\SoftonicDownloader_fuer_mozilla-firefox.exe
2011-01-29 14:30 . 2011-01-29 14:25        59398824        ----a-w-        c:\program files\avira_antivir_personal_de.exe
2012-05-04 17:03 . 2011-04-08 14:58        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rfxsrvtray"="c:\program files\Tobit Radio.fx\Client\rfx-tray.exe" [2012-01-18 2057048]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TraXEx 3.2.lnk - c:\program files\TraXEx\TraXEx.exe [2010-2-18 3356160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-07 204800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2012-01-26 3665752]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-01 1043784]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 63616]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 09:43]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-07 20:17]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-07 20:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - c:\program files\TraXEx\Integration\TraXEx Internet Explorer.lnk
IE: {{8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - c:\program files\TraXEx\Integration\TraXEx Löschautomat.lnk
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{66ADCF25-A7C6-4EEE-914F-D56F5E652EFE}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{8818A463-1011-4E17-9CC0-8519B3EC5DFE}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{FFE59144-7C81-44A1-9CB4-05FAAE1B869D}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xirp23cp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-30  13:19:54
ComboFix-quarantined-files.txt  2012-05-30 11:19
ComboFix2.txt  2012-05-29 14:08
.
Vor Suchlauf: 13 Verzeichnis(se), 198.114.697.216 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 197.724.192.768 Bytes frei
.
- - End Of File - - 83322C1111940EA62C9BD29A337D4176
--- --- ---

Psychotic 30.05.2012 13:05
Fehlt noch MBAM...


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:14 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19