Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojan:Win32/Mashigoom (https://www.trojaner-board.de/132429-trojan-win32-mashigoom.html)

Ryugan 18.03.2013 22:42
Trojan:Win32/Mashigoom
 
Guten Abend,
ich bin neu hier und durch Google auf euch gestoßen.
Ich habe eine Frage und zwar, ich habe mir so ein ganz tolles Produkt

"SpyHunter" herruntergeladen, es bietet einen gratis Suchlauf an, aber die Funde dann zu beheben bedarf es dann der Bezahlversion. Dieses Programm findet bei mir den Trojan "Mashigoom".
Ich habe bei google.de nachgeschaut und gesucht, da "SpyHunter" bei mir das einzige Programm war, das diesen Vierus gefunden hat. Alle Seiten die sich mit diesem Virus beschäftigt haben, haben mir ebenfalls das Programm "SpyHunter" als ultimative Lösung angeboten. Jetzt frage ich mich natürlich, ist das eine ernste Bedrohung, oder Panikmache, damit man sich die Vollversion des Programmes kauft.

Als kleine Ergänzung noch, mein Englisch ist nicht besonders gut, von daher, konnte ich mit den englischsprachigen Webseiten nicht so besonders viel anfangen...

Danke schonmal im Vorraus für eure Hilfe!
Gruß Ryugan

aharonov 18.03.2013 23:38
Hallo Ryugan,

Zitat:
Jetzt frage ich mich natürlich, ist das eine ernste Bedrohung, oder Panikmache, damit man sich die Vollversion des Programmes kauft.
Der SpyHunter ist Mist und gehört auf der Stelle deinstalliert.
Wenn du deinen Rechner auf Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.

aharonov 21.03.2013 15:21
Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

Ryugan 22.03.2013 16:14
Entschuldige bitte meine verspätete Antwort, aber bei mir waren die letzten Tage sehr stressig...
OTL
Code:
OTL logfile created on: 19.03.2013 10:15:56 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Ryugan Akuma\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,18% Memory free
8,00 Gb Paging File | 6,68 Gb Available in Paging File | 83,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 865,54 Gb Total Space | 103,18 Gb Free Space | 11,92% Space Free | Partition Type: NTFS
 
Computer Name: RYUGANAKUMA-PC | User Name: Ryugan Akuma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.18 22:53:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ryugan Akuma\Downloads\OTL.exe
PRC - [2013.03.07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.03.07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe
PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.24 23:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.05.24 16:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.03.07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.03.07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.03.07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.03.07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.03.07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.03.07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.03.07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.03.07 00:33:20 | 000,263,096 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2013.03.07 00:33:20 | 000,127,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2013.03.07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.03.07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.03.07 00:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013.03.07 00:11:21 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.24 17:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.24 15:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.30 07:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.02.09 10:14:52 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 81 25 7D C2 0B CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
[2013.02.28 21:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Adblock Plus = C:\Users\Ryugan Akuma\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: avast! WebRep = C:\Users\Ryugan Akuma\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92D0EC37-162C-4444-86A1-69F00708FB2F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.07 07:54:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.18 22:01:05 | 000,263,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013.03.18 22:01:02 | 000,127,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013.03.18 22:00:57 | 000,022,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013.03.18 22:00:54 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2013.03.18 21:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013.03.18 21:58:55 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.03.18 21:58:54 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.03.18 21:58:52 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.03.18 21:58:52 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.03.18 21:58:51 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.03.18 21:58:43 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.03.18 21:58:42 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.03.18 21:57:15 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.03.18 21:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.03.18 21:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.03.18 20:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.18 20:50:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013.03.18 20:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.03.18 20:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.03.18 13:20:01 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\Documents\Diablo III
[2013.03.18 12:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2013.03.18 12:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2013.03.18 12:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013.03.18 12:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013.03.18 12:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013.03.07 08:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.01 03:06:50 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.01 03:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.01 03:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.02.28 23:42:55 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\AppData\Roaming\WinRAR
[2013.02.28 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.02.28 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.02.28 21:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.02.28 21:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.26 14:50:21 | 000,000,000 | ---D | C] -- C:\boot-sav
[2013.02.25 23:34:48 | 000,000,000 | ---D | C] -- C:\a
[2013.02.25 22:28:00 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\AppData\Roaming\DAEMON Tools Lite
[2013.02.25 22:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.02.25 22:23:01 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\Desktop\Epica
[2013.02.25 21:47:50 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\Desktop\Nero
[2013.02.25 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\Desktop\Neuer Ordner
[2013.02.23 13:57:50 | 008,151,040 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CMICNFG3.dll
[2013.02.23 13:57:50 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\CMPaOxy.dll
[2013.02.23 13:57:04 | 001,155,072 | ---- | C] (C-Media Inc) -- C:\Windows\SysNative\drivers\cmudax3.sys
[2013.02.23 13:57:04 | 000,036,864 | ---- | C] (C-Media Electronics Ins.) -- C:\Windows\SysNative\cmudax3.dll
[2013.02.23 13:57:03 | 000,000,000 | ---D | C] -- C:\download
[2013.02.21 21:27:41 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.02.21 21:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.02.21 21:17:30 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.02.21 21:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.02.21 21:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.02.21 21:00:26 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\AppData\Local\Windows Live
[2013.02.21 21:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.02.21 20:52:33 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\AppData\Roaming\DSite
[2013.02.21 20:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoConverter
[2013.02.20 19:35:09 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.02.20 19:25:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.02.20 19:24:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2013.02.19 08:44:09 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\AppData\Local\fabi.me
[2013.02.19 08:43:25 | 000,000,000 | -H-D | C] -- C:\Users\Ryugan Akuma\Desktop\.updtmp
[2013.02.19 02:33:29 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\AppData\Roaming\Skype
[2013.02.19 02:33:23 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.19 02:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.19 02:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.19 02:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.19 10:13:16 | 000,000,000 | ---- | M] () -- C:\Users\Ryugan Akuma\defogger_reenable
[2013.03.19 10:12:15 | 000,013,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 10:12:15 | 000,013,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 10:08:42 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.19 10:08:42 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.19 10:08:42 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.19 10:08:42 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.19 10:08:42 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.19 10:04:35 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.19 10:04:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.19 10:04:13 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.19 00:36:58 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.19 00:34:08 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.19 00:20:13 | 001,589,618 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.18 23:39:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.18 23:39:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.18 22:00:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.03.18 21:59:26 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013.03.18 21:21:06 | 000,000,274 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.18 12:32:16 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2013.03.18 08:39:53 | 001,095,306 | ---- | M] () -- C:\Users\Ryugan Akuma\Desktop\darker_than_black_girl_cat_piano_41511_2560x1440.jpg
[2013.03.17 21:28:03 | 002,030,448 | ---- | M] () -- C:\Users\Ryugan Akuma\Documents\IMG_1110.JPG
[2013.03.15 16:36:24 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.03.07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.03.07 00:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.03.07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.03.07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.03.07 00:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.03.07 00:33:20 | 000,263,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013.03.07 00:33:20 | 000,127,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013.03.07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.03.07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.03.07 00:33:20 | 000,022,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013.03.07 00:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.03.07 00:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.03.07 00:11:21 | 000,012,368 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2013.02.28 21:16:21 | 000,002,048 | ---- | M] () -- C:\Users\Ryugan Akuma\Desktop\JDownloader.lnk
[2013.02.26 20:51:01 | 000,000,000 | ---- | M] () -- C:\Users\Ryugan Akuma\Documents\ts3_clientui-win64-1351504843-2013-02-26 20_51_01.536132.dmp
[2013.02.26 18:45:22 | 000,000,000 | ---- | M] () -- C:\Users\Ryugan Akuma\Documents\ts3_clientui-win64-1351504843-2013-02-26 18_45_22.460937.dmp
[2013.02.25 20:16:54 | 000,000,000 | ---- | M] () -- C:\Users\Ryugan Akuma\Documents\ts3_clientui-win64-1351504843-2013-02-25 20_16_54.862804.dmp
[2013.02.23 13:57:50 | 000,000,743 | ---- | M] () -- C:\Windows\Cmicnfg3.ini.imi
[2013.02.23 13:57:50 | 000,000,188 | ---- | M] () -- C:\Windows\Cmicnfg3.ini.cfl
[2013.02.23 13:57:50 | 000,000,138 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2013.02.23 13:57:06 | 000,000,682 | ---- | M] () -- C:\Windows\System\Cmicnfg3.ini
[2013.02.21 21:10:08 | 000,000,020 | ---- | M] () -- C:\Windows\ÐõW
[2013.02.20 20:06:36 | 000,046,990 | ---- | M] () -- C:\Users\Ryugan Akuma\Desktop\char.png
[2013.02.19 08:43:09 | 000,174,080 | ---- | M] (fabi.me) -- C:\Users\Ryugan Akuma\Desktop\SpeedAutoClicker.exe
[2013.02.19 08:38:00 | 000,000,286 | ---- | M] () -- C:\Users\Ryugan Akuma\Documents\AutoHotkey.ahk
[2013.02.19 02:33:23 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.19 10:13:16 | 000,000,000 | ---- | C] () -- C:\Users\Ryugan Akuma\defogger_reenable
[2013.03.18 23:39:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.18 23:39:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.18 21:59:26 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013.03.18 21:58:49 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.03.18 21:58:47 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.03.18 21:58:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.03.18 21:20:41 | 000,000,274 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.18 12:32:09 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2013.03.18 08:39:52 | 001,095,306 | ---- | C] () -- C:\Users\Ryugan Akuma\Desktop\darker_than_black_girl_cat_piano_41511_2560x1440.jpg
[2013.03.17 21:27:45 | 002,030,448 | ---- | C] () -- C:\Users\Ryugan Akuma\Documents\IMG_1110.JPG
[2013.02.28 21:16:21 | 000,002,048 | ---- | C] () -- C:\Users\Ryugan Akuma\Desktop\JDownloader.lnk
[2013.02.28 21:16:13 | 000,002,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.02.28 21:16:13 | 000,001,956 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.02.28 21:16:13 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.02.26 20:51:01 | 000,000,000 | ---- | C] () -- C:\Users\Ryugan Akuma\Documents\ts3_clientui-win64-1351504843-2013-02-26 20_51_01.536132.dmp
[2013.02.26 18:45:22 | 000,000,000 | ---- | C] () -- C:\Users\Ryugan Akuma\Documents\ts3_clientui-win64-1351504843-2013-02-26 18_45_22.460937.dmp
[2013.02.25 20:16:54 | 000,000,000 | ---- | C] () -- C:\Users\Ryugan Akuma\Documents\ts3_clientui-win64-1351504843-2013-02-25 20_16_54.862804.dmp
[2013.02.23 13:57:50 | 001,144,983 | ---- | C] () -- C:\Windows\SysWow64\KB936225x64.msu
[2013.02.23 13:57:50 | 000,792,576 | ---- | C] () -- C:\Windows\SysNative\Cmeaupci.exe
[2013.02.23 13:57:50 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CMICNFG3.cpl
[2013.02.23 13:57:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll
[2013.02.23 13:57:50 | 000,000,188 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2013.02.23 13:57:50 | 000,000,138 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2013.02.23 13:57:06 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2013.02.23 13:57:06 | 000,002,669 | ---- | C] () -- C:\Windows\cmudax3.ini
[2013.02.23 13:57:06 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2013.02.23 13:57:06 | 000,000,743 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2013.02.23 13:57:06 | 000,000,682 | ---- | C] () -- C:\Windows\System\Cmicnfg3.ini
[2013.02.21 21:27:35 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.02.21 21:27:23 | 000,001,381 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.02.21 21:10:08 | 000,000,020 | ---- | C] () -- C:\Windows\ÐõW
[2013.02.21 21:06:09 | 001,589,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.19 08:34:46 | 000,000,286 | ---- | C] () -- C:\Users\Ryugan Akuma\Documents\AutoHotkey.ahk
[2013.02.19 02:33:23 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.15 21:42:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.02.15 21:40:08 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.22 01:01:21 | 000,000,000 | ---D | M] -- C:\Users\Ryugan Akuma\AppData\Roaming\.minecraft
[2013.02.25 22:29:02 | 000,000,000 | ---D | M] -- C:\Users\Ryugan Akuma\AppData\Roaming\DAEMON Tools Lite
[2013.02.21 20:52:33 | 000,000,000 | ---D | M] -- C:\Users\Ryugan Akuma\AppData\Roaming\DSite
[2013.03.11 04:08:31 | 000,000,000 | ---D | M] -- C:\Users\Ryugan Akuma\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
EXTRAS
Code:
OTL Extras logfile created on: 19.03.2013 10:15:56 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Ryugan Akuma\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,18% Memory free
8,00 Gb Paging File | 6,68 Gb Available in Paging File | 83,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 865,54 Gb Total Space | 103,18 Gb Free Space | 11,92% Space Free | Partition Type: NTFS
 
Computer Name: RYUGANAKUMA-PC | User Name: Ryugan Akuma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01522EF8-E6A8-470F-A9DE-56941A9A2DA0}" = lport=138 | protocol=17 | dir=in | app=system |
"{0E157B27-0DAE-47CC-9573-01A2257DA589}" = lport=137 | protocol=17 | dir=in | app=system |
"{29F93F46-D390-4D93-BDC9-447F79659F13}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{37D1C269-FED5-4547-BAA8-DE001C0FF70C}" = rport=137 | protocol=17 | dir=out | app=system |
"{3C5B57E7-B8DD-40E7-8D70-584C8576785C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3DF549BC-0B10-4844-B9F6-7799A6D6470F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4F24D498-9427-4E05-A408-0E8F6922A6E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5638F8F8-1277-4A68-B2C8-0B8B32585ACA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{6065C594-43A0-4141-AA5A-7CCE33807845}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{701AAC1B-D7AC-4240-B72D-9D4493EE4458}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7AF4E5D5-9C04-4E34-B0F9-ECCFEA43346C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8304E94F-ADC4-44C8-91FB-A311C3880713}" = rport=139 | protocol=6 | dir=out | app=system |
"{89748452-2C7B-4889-B23A-B31D78EFCF9B}" = lport=445 | protocol=6 | dir=in | app=system |
"{8D9F16F0-FE71-46EE-A85F-D3BC3D244C8F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8DE2CDC9-5E98-4A04-A7C6-5E2448B48609}" = rport=138 | protocol=17 | dir=out | app=system |
"{94001642-9895-4BD5-A1AB-335F0D7E5097}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A514C417-2A52-42CE-9A8B-EDB27CD3CA25}" = lport=139 | protocol=6 | dir=in | app=system |
"{C106D75C-F5F6-4DEB-9599-B910252B2ACE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C4F28715-EF89-4224-96FC-7389278C7E01}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC55A86E-155B-4EB2-BD45-62DF7F91C2F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E86FB507-7C3D-4114-963B-32F5D50987D8}" = rport=445 | protocol=6 | dir=out | app=system |
"{EC355CC6-994E-4A62-B3CC-89205CCAF5B2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED3BB68A-92F1-425F-985C-1A7A0D028AE5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F277F769-6011-4C63-814B-E6354662FCA0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E26A4D-C620-49B6-BF31-25CB5B66DFDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0F5DE166-E86F-4FA4-A947-6919E7F47AF8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{120A938D-873E-4DA2-A84A-5F00EDA4FFF0}" = protocol=6 | dir=out | app=system |
"{157165EE-FE50-4099-89D8-9ABC43609895}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2814C2AF-E012-443A-88CF-F4E9E56BEF78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FDA59F6-5654-4222-BA41-807BF6E4478D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{336F1C87-242A-4BF4-8241-4FC44C8D22FB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{412C9F28-3D2A-4DD7-BFA6-DC33725C070D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45BAAC0E-F523-459D-B32D-584CE9062A88}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5FFD1D6A-5267-4B31-8B9A-8821490295C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6816EDFF-2034-4377-B9BE-1BC9B3106CCF}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{6DADD241-9974-4761-B5BC-0C99EE4F0448}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{793FD812-3837-4FF1-BA93-5B9E0C8A5A05}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7952ADA0-32FC-4F74-B690-C77B7F4BDD05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DE7182B-EF25-4662-AD75-C12354E6A3D1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{88CEDCB4-D401-4B87-AA4D-D727CCB2DBE3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{91828338-6940-4D55-A844-D95E8DE234CE}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{950F25E9-C02F-41C3-814D-C254FFB76D19}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{98C28B70-66E6-491D-8AC4-F17A07A27C94}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{98D46332-D97E-4A3B-83E7-63EAED1C7F9D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{9D5D0B73-981C-458E-A2C9-C961027DD197}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DD053B2-9AE7-415E-B52C-E5C1C3F72665}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9A7D8F1-DD6F-4962-9545-74716573F694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EA9908CC-B42A-4363-93C6-839CA3C05B43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F11DA519-3D69-4F06-8F19-78007AF9B4BA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F225A46C-5E19-4B18-9D56-B25B9FD59C63}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F6695F69-7BD8-43EF-B25B-4C34BE714749}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{2D1AC93A-6EFD-4D1A-A656-C9C90568B776}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{AD36FC08-60D2-4F17-897A-B83F87BA62BA}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{BFEB9348-6838-4798-9076-4233C2E28EA3}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{F01C81F9-E8C7-4636-8749-252DB309D3A8}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{9A294D4E-D035-4F5F-B925-0657E7602C6E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{C6333C22-19AB-4013-83A1-3F929E6AD606}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{E37D0C1C-AF8B-419A-896E-7321D0EFEF68}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{E530B79B-61D1-4F6B-9953-69C767F1DCE1}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B7FF76E-10FF-6EC1-1289-E8089B6423CC}" = AMD Fuel
"{3FD3FC64-DA16-318E-DFD5-57466FF5FEB5}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{7CAFBA1E-D090-3F1F-662D-9828FD4D8E4D}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86E42509-8029-7678-F522-0636D80CD277}" = ATI AVIVO64 Codecs
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"C-Media PCI Audio Driver" = Trust 5.1 Soundcard 14319
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{1B7710D4-9D75-D5E5-4B6D-40F471E70398}" = HydraVision
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{50B93225-3F76-F555-27A2-A1EAEC83C527}" = Catalyst Control Center InstallProxy
"{57AC79C8-157E-403A-A8D0-DD74EF71BAE2}" = Catalyst Control Center - Branding
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{8334930A-9405-467B-9498-1EBC1878A09D}" = AMD VISION Engine Control Center
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CC928F6-93A2-D49D-E253-532C2FF053A1}" = Catalyst Control Center Profiles Desktop
"{8CFF08EF-CDF7-C328-AD6B-10BD2E1D1D73}" = CCC Help German
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90157C5D-D791-4D36-8C2B-7553DC01D601}" = ASUS VGA Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF9CA86D-83FA-C143-F9C8-EAB535B8B78C}" = Catalyst Control Center Localization All
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"avast" = avast! Internet Security
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Diablo III" = Diablo III
"EVE" = [translation missing: EVERemoveOnly]
"Google Chrome" = Google Chrome
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.02.2013 16:18:23 | Computer Name = RyuganAkuma-PC | Source = MsiInstaller | ID = 11935
Description =
 
Error - 21.02.2013 16:18:30 | Computer Name = RyuganAkuma-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 21.02.2013 16:18:31 | Computer Name = RyuganAkuma-PC | Source = MsiInstaller | ID = 11935
Description =
 
Error - 22.02.2013 14:41:53 | Computer Name = RyuganAkuma-PC | Source = Application Hang | ID = 1002
Description = Programm mpc-hc.exe, Version 1.5.3.3819 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: a7c    Startzeit:
01ce10a4e714721b    Endzeit: 31    Anwendungspfad: C:\Program Files (x86)\Combined Community
 Codec Pack\MPC\mpc-hc.exe    Berichts-ID: 84cee736-7d1f-11e2-b622-bc5ff402b774 
 
Error - 23.02.2013 06:44:30 | Computer Name = RyuganAkuma-PC | Source = Application Hang | ID = 1002
Description = Programm mpc-hc.exe, Version 1.5.3.3819 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1234    Startzeit:
 01ce115e1087f119    Endzeit: 40    Anwendungspfad: C:\Program Files (x86)\Combined Community
 Codec Pack\MPC\mpc-hc.exe    Berichts-ID: ff6f96e4-7da5-11e2-b622-bc5ff402b774 
 
Error - 23.02.2013 09:15:21 | Computer Name = RyuganAkuma-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 25.0.1364.97,
 Zeitstempel: 0x51258756  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdb3b  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000cdcbb  ID des fehlerhaften
 Prozesses: 0x8c0  Startzeit der fehlerhaften Anwendung: 0x01ce11c6b3e8903c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 12b11759-7dbb-11e2-b6fa-bc5ff402b774
 
Error - 25.02.2013 17:13:36 | Computer Name = RyuganAkuma-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "H:\DDL von C\SoftonicDownloader_fuer_hypercam.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 18.03.2013 19:00:33 | Computer Name = RyuganAkuma-PC | Source = MsiInstaller | ID = 11935
Description =
 
Error - 18.03.2013 19:35:13 | Computer Name = RyuganAkuma-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.1,
 Zeitstempel: 0x4ba1da21  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73b06a64  ID des fehlerhaften
 Prozesses: 0xba4  Startzeit der fehlerhaften Anwendung: 0x01ce243136db357a  Pfad der
 fehlerhaften Anwendung: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 7a5cd9fe-9024-11e2-9af5-bc5ff402b774
 
Error - 18.03.2013 19:35:25 | Computer Name = RyuganAkuma-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103,
 Zeitstempel: 0x4f3c6d6c  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73b06a64  ID des fehlerhaften
 Prozesses: 0xa98  Startzeit der fehlerhaften Anwendung: 0x01ce243140dc1f59  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 81fb1d92-9024-11e2-9af5-bc5ff402b774
 
[ System Events ]
Error - 18.03.2013 19:35:16 | Computer Name = RyuganAkuma-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft .NET Framework NGEN v4.0.30319_X86" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 18.03.2013 19:35:18 | Computer Name = RyuganAkuma-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "avast! Firewall" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 18.03.2013 19:35:26 | Computer Name = RyuganAkuma-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "avast! Antivirus" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 18.03.2013 19:35:27 | Computer Name = RyuganAkuma-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "avast! Firewall" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 18.03.2013 19:35:33 | Computer Name = RyuganAkuma-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "avast! Antivirus" wurde unerwartet beendet. Dies ist bereits
 3 Mal passiert.
 
Error - 18.03.2013 19:35:33 | Computer Name = RyuganAkuma-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "avast! Firewall" wurde unerwartet beendet. Dies ist bereits
 3 Mal passiert.
 
Error - 18.03.2013 19:35:37 | Computer Name = RyuganAkuma-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147467243.
 
Error - 18.03.2013 19:39:26 | Computer Name = RyuganAkuma-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet:  %%16405
 
Error - 18.03.2013 19:44:43 | Computer Name = RyuganAkuma-PC | Source = DCOM | ID = 10010
Description =
 
Error - 18.03.2013 20:05:03 | Computer Name = RyuganAkuma-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
Der Gmer-Log ist als Datei angehängt, da dieser zu lang war.

aharonov 22.03.2013 16:38
Hallo,

überhaupt kein Problem. Machen wir weiter:


Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von Combofix
  • Log von OTL

Ryugan 22.03.2013 17:38
AdwCleaner
Code:
# AdwCleaner v2.115 - Datei am 22/03/2013 um 16:47:57 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Ryugan Akuma - RYUGANAKUMA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ryugan Akuma\Downloads\AdwCleaner2115.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKLM\Software\PIP

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\Ryugan Akuma\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3261 octets] - [18/03/2013 21:17:44]
AdwCleaner[R2].txt - [3380 octets] - [18/03/2013 21:20:32]
AdwCleaner[R3].txt - [1199 octets] - [18/03/2013 21:25:58]
AdwCleaner[R4].txt - [1319 octets] - [19/03/2013 00:43:54]
AdwCleaner[R5].txt - [1339 octets] - [19/03/2013 10:10:34]
AdwCleaner[R6].txt - [1484 octets] - [22/03/2013 16:46:44]
AdwCleaner[S1].txt - [345 octets] - [18/03/2013 21:19:43]
AdwCleaner[S2].txt - [3096 octets] - [18/03/2013 21:20:39]
AdwCleaner[S3].txt - [345 octets] - [18/03/2013 21:31:26]
AdwCleaner[S4].txt - [1381 octets] - [19/03/2013 00:44:18]
AdwCleaner[S5].txt - [1417 octets] - [22/03/2013 16:47:57]

########## EOF - C:\AdwCleaner[S5].txt - [1477 octets] ##########
Combofix
Code:
ComboFix 13-03-21.02 - Ryugan Akuma 22.03.2013  16:56:52.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.4095.2892 [GMT 1:00]
ausgeführt von:: c:\users\Ryugan Akuma\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a
c:\a\5013D5BA.flv.MP4
c:\a\5013D5DC.flv.MP4
c:\a\5013D68D.flv.MP4
c:\a\Blonde Selfshot Finger and Squirt.flv.MP4
c:\a\Hard And Depp bate.flv.MP4
c:\a\mi\2012-10-17.mp4
c:\a\mi\desktop.ini
c:\a\mi\Film.wmv
c:\a\mi\MD001845.JPG
c:\a\mi\MD001849.JPG
c:\a\mi\MD001852.JPG
c:\a\mi\MD001856.JPG
c:\a\mi\MD001879.JPG
c:\a\mi\mi-chan.mp4
c:\a\mi\nanana.wmv
c:\a\mi\porn.mp4
c:\a\teen pussy.flv.MP4
C:\Thumbs.db
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-02-22 bis 2013-03-22  ))))))))))))))))))))))))))))))
.
.
2013-03-22 16:01 . 2013-03-22 16:01        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-03-22 15:54 . 2013-03-22 15:54        --------        d-s---w-        c:\windows\SysWow64\Microsoft
2013-03-22 15:12 . 2013-03-22 15:12        --------        d-----w-        c:\program files\7-Zip
2013-03-19 15:51 . 2013-03-19 15:51        --------        d-----w-        c:\program files (x86)\Foxit Software
2013-03-18 23:33 . 2013-03-18 23:33        --------        d-----w-        c:\windows\SysWow64\wbem\en-US
2013-03-18 23:33 . 2013-03-18 23:33        --------        d-----w-        c:\windows\system32\wbem\en-US
2013-03-18 23:24 . 2013-03-04 13:53        72013344        ----a-w-        c:\windows\system32\MRT.exe
2013-03-18 22:55 . 2009-09-10 06:28        311808        ----a-w-        c:\windows\system32\msv1_0.dll
2013-03-18 22:55 . 2009-09-10 05:52        257024        ----a-w-        c:\windows\SysWow64\msv1_0.dll
2013-03-18 22:40 . 2010-02-23 08:16        294912        ----a-w-        c:\windows\system32\browserchoice.exe
2013-03-18 22:37 . 2013-03-18 22:37        982912        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-03-18 22:37 . 2013-03-18 22:37        662528        ----a-w-        c:\windows\system32\XpsPrint.dll
2013-03-18 22:37 . 2013-03-18 22:37        470016        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2013-03-18 22:37 . 2013-03-18 22:37        442880        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2013-03-18 22:37 . 2013-03-18 22:37        283648        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-18 22:37 . 2013-03-18 22:37        265088        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-03-18 22:37 . 2013-03-18 22:37        229888        ----a-w-        c:\windows\system32\XpsRasterService.dll
2013-03-18 22:37 . 2013-03-18 22:37        1863680        ----a-w-        c:\windows\system32\ExplorerFrame.dll
2013-03-18 22:37 . 2013-03-18 22:37        1495040        ----a-w-        c:\windows\SysWow64\ExplorerFrame.dll
2013-03-18 22:37 . 2013-03-18 22:37        144384        ----a-w-        c:\windows\system32\cdd.dll
2013-03-18 22:37 . 2013-03-18 22:37        135168        ----a-w-        c:\windows\SysWow64\XpsRasterService.dll
2013-03-18 22:37 . 2013-03-18 22:37        1133568        ----a-w-        c:\windows\system32\FntCache.dll
2013-03-18 22:08 . 2012-12-16 14:25        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2013-03-18 22:08 . 2012-12-16 16:52        46080        ----a-w-        c:\windows\system32\atmlib.dll
2013-03-18 22:08 . 2009-10-19 14:10        70656        ----a-w-        c:\windows\SysWow64\fontsub.dll
2013-03-18 22:08 . 2009-10-19 14:46        100864        ----a-w-        c:\windows\system32\fontsub.dll
2013-03-18 22:08 . 2012-12-16 14:40        367616        ----a-w-        c:\windows\system32\atmfd.dll
2013-03-18 22:08 . 2012-12-16 14:25        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2013-03-18 21:57 . 2012-03-01 06:54        22896        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2013-03-18 21:57 . 2012-03-01 06:40        80896        ----a-w-        c:\windows\system32\imagehlp.dll
2013-03-18 21:57 . 2012-03-01 05:45        158720        ----a-w-        c:\windows\SysWow64\imagehlp.dll
2013-03-18 21:57 . 2012-03-01 06:35        5120        ----a-w-        c:\windows\system32\wmi.dll
2013-03-18 21:57 . 2012-03-01 05:40        5120        ----a-w-        c:\windows\SysWow64\wmi.dll
2013-03-18 21:49 . 2010-03-04 07:57        2080256        ----a-w-        c:\program files\Windows Mail\msoe.dll
2013-03-18 21:49 . 2010-03-04 07:33        1619968        ----a-w-        c:\program files (x86)\Windows Mail\msoe.dll
2013-03-18 21:49 . 2012-11-09 04:49        492032        ----a-w-        c:\windows\SysWow64\win32spl.dll
2013-03-18 21:49 . 2012-11-09 05:34        751104        ----a-w-        c:\windows\system32\win32spl.dll
2013-03-18 21:49 . 2012-11-09 05:34        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-03-18 21:49 . 2012-11-09 04:49        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2013-03-18 21:48 . 2012-09-25 22:39        95744        ----a-w-        c:\windows\system32\synceng.dll
2013-03-18 21:48 . 2012-09-25 21:55        78336        ----a-w-        c:\windows\SysWow64\synceng.dll
2013-03-18 21:47 . 2009-09-03 07:36        1975296        ----a-w-        c:\windows\system32\CertEnroll.dll
2013-03-18 21:47 . 2009-09-03 07:04        1320960        ----a-w-        c:\windows\SysWow64\CertEnroll.dll
2013-03-18 21:47 . 2010-08-31 04:32        954752        ----a-w-        c:\windows\SysWow64\mfc40.dll
2013-03-18 21:47 . 2010-08-31 04:32        954288        ----a-w-        c:\windows\SysWow64\mfc40u.dll
2013-03-18 21:47 . 2011-04-29 03:13        461312        ----a-w-        c:\windows\system32\drivers\srv.sys
2013-03-18 21:47 . 2011-04-29 03:12        399872        ----a-w-        c:\windows\system32\drivers\srv2.sys
2013-03-18 21:47 . 2011-04-29 03:12        161792        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2013-03-18 21:47 . 2012-11-02 05:30        2001408        ----a-w-        c:\windows\system32\msxml6.dll
2013-03-18 21:47 . 2012-11-02 05:30        1880064        ----a-w-        c:\windows\system32\msxml3.dll
2013-03-18 21:47 . 2012-11-02 04:50        1388544        ----a-w-        c:\windows\SysWow64\msxml6.dll
2013-03-18 21:47 . 2012-11-02 04:50        1236992        ----a-w-        c:\windows\SysWow64\msxml3.dll
2013-03-18 21:45 . 2011-03-11 06:19        1359872        ----a-w-        c:\windows\system32\mfc42u.dll
2013-03-18 21:44 . 2011-02-23 05:15        90624        ----a-w-        c:\windows\system32\drivers\bowser.sys
2013-03-18 21:43 . 2011-10-15 06:25        723456        ----a-w-        c:\windows\system32\EncDec.dll
2013-03-18 21:43 . 2011-10-15 05:48        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll
2013-03-18 21:42 . 2012-04-02 05:26        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2013-03-18 21:42 . 2012-04-02 05:24        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-03-18 21:42 . 2012-04-02 04:40        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-03-18 21:42 . 2012-04-02 05:24        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2013-03-18 21:42 . 2012-04-02 05:24        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2013-03-18 21:41 . 2012-02-15 06:27        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2013-03-18 21:41 . 2012-02-15 05:44        826368        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2013-03-18 21:41 . 2012-02-15 04:46        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2013-03-18 21:25 . 2011-11-17 07:14        1739160        ----a-w-        c:\windows\system32\ntdll.dll
2013-03-18 21:25 . 2011-11-17 05:41        1292592        ----a-w-        c:\windows\SysWow64\ntdll.dll
2013-03-18 21:22 . 2011-11-19 15:07        77312        ----a-w-        c:\windows\system32\packager.dll
2013-03-18 21:22 . 2011-11-19 14:06        67072        ----a-w-        c:\windows\SysWow64\packager.dll
2013-03-18 20:58 . 2013-03-06 23:32        287840        ----a-w-        c:\windows\system32\aswBoot.exe
2013-03-18 20:57 . 2013-03-18 20:57        --------        d-----w-        c:\program files\AVAST Software
2013-03-18 20:54 . 2013-03-18 20:57        --------        d-----w-        c:\programdata\AVAST Software
2013-03-18 20:20 . 2013-03-18 20:21        274        ----a-w-        c:\windows\DeleteOnReboot.bat
2013-03-18 19:50 . 2013-03-18 20:27        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy
2013-03-18 19:50 . 2013-03-18 20:27        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2013-03-18 19:33 . 2013-02-08 00:28        9162192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D25897C9-88BE-4263-93B8-14FB5B2C3FF3}\mpengine.dll
2013-03-18 19:12 . 2013-03-18 19:12        --------        d-----w-        c:\program files\Enigma Software Group
2013-03-18 19:12 . 2013-03-18 19:12        --------        d-----w-        c:\program files (x86)\Common Files\Wise Installation Wizard
2013-03-18 11:32 . 2013-03-18 12:19        --------        d-----w-        c:\program files (x86)\Diablo III
2013-03-18 11:32 . 2013-03-18 11:32        --------        d-----w-        c:\programdata\Blizzard Entertainment
2013-03-18 11:32 . 2013-03-18 11:32        --------        d-----w-        c:\program files (x86)\Common Files\Blizzard Entertainment
2013-03-18 11:30 . 2013-03-18 11:31        --------        d-----w-        c:\programdata\Battle.net
2013-03-07 07:12 . 2013-03-07 07:11        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 07:11 . 2013-03-07 07:11        --------        d-----w-        c:\program files (x86)\Java
2013-03-01 02:06 . 2013-03-01 02:06        --------        d-----w-        c:\program files\WinRAR
2013-02-28 20:16 . 2013-02-28 20:16        --------        d-----w-        c:\windows\SysWow64\searchplugins
2013-02-28 20:16 . 2013-02-28 20:16        --------        d-----w-        c:\windows\SysWow64\Extensions
2013-02-28 20:15 . 2013-02-28 20:31        --------        d-----w-        c:\program files (x86)\JDownloader
2013-02-26 13:50 . 2013-02-26 13:50        --------        d---a-w-        C:\boot-sav
2013-02-25 21:28 . 2013-02-25 21:29        --------        d-----w-        c:\users\Ryugan Akuma\AppData\Roaming\DAEMON Tools Lite
2013-02-25 21:26 . 2013-02-25 21:29        --------        d-----w-        c:\programdata\DAEMON Tools Lite
2013-02-23 12:57 . 2010-02-09 09:16        8151040        ------w-        c:\windows\SysWow64\CMICNFG3.dll
2013-02-23 12:57 . 2010-02-09 09:15        792576        ------w-        c:\windows\system32\Cmeaupci.exe
2013-02-23 12:57 . 2010-02-09 09:15        143360        ------w-        c:\windows\SysWow64\VmixP6.dll
2013-02-23 12:57 . 2010-02-09 09:15        200704        ------w-        c:\windows\SysWow64\CMPaOxy.dll
2013-02-23 12:57 . 2010-02-09 09:15        389120        ------w-        c:\windows\system32\CMICNFG3.cpl
2013-02-23 12:57 . 2010-02-09 09:16        524768        ----a-w-        c:\windows\difxapi.dll
2013-02-23 12:57 . 2010-02-09 09:16        359424        ------w-        c:\windows\system32\CmiInstallResAll64.dll
2013-02-23 12:57 . 2010-02-09 09:14        1155072        ----a-w-        c:\windows\system32\drivers\cmudax3.sys
2013-02-23 12:57 . 2010-02-09 09:14        36864        ----a-w-        c:\windows\system32\cmudax3.dll
2013-02-23 12:57 . 2013-02-23 12:57        --------        d-----w-        C:\download
2013-02-21 21:34 . 2012-06-09 05:30        14165504        ----a-w-        c:\windows\system32\shell32.dll
2013-02-21 21:32 . 2011-10-01 05:28        886784        ----a-w-        c:\program files\Common Files\System\wab32.dll
2013-02-21 21:32 . 2011-10-01 04:43        708608        ----a-w-        c:\program files (x86)\Common Files\System\wab32.dll
2013-02-21 21:32 . 2011-04-09 06:58        142336        ----a-w-        c:\windows\system32\poqexec.exe
2013-02-21 21:32 . 2011-04-09 05:56        123904        ----a-w-        c:\windows\SysWow64\poqexec.exe
2013-02-21 21:32 . 2010-08-26 05:27        148992        ----a-w-        c:\windows\system32\t2embed.dll
2013-02-21 21:32 . 2010-08-26 04:39        109056        ----a-w-        c:\windows\SysWow64\t2embed.dll
2013-02-21 21:32 . 2010-12-23 06:07        961024        ----a-w-        c:\windows\system32\CPFilters.dll
2013-02-21 21:32 . 2010-12-23 06:07        1118720        ----a-w-        c:\windows\system32\sbe.dll
2013-02-21 21:32 . 2010-12-23 06:02        259072        ----a-w-        c:\windows\system32\mpg2splt.ax
2013-02-21 21:32 . 2010-12-23 05:28        850432        ----a-w-        c:\windows\SysWow64\sbe.dll
2013-02-21 21:32 . 2010-12-23 05:28        642048        ----a-w-        c:\windows\SysWow64\CPFilters.dll
2013-02-21 21:32 . 2010-12-23 05:24        199680        ----a-w-        c:\windows\SysWow64\mpg2splt.ax
2013-02-21 21:30 . 2013-01-04 03:22        3150848        ----a-w-        c:\windows\system32\win32k.sys
2013-02-21 21:30 . 2009-10-31 06:34        2870272        ----a-w-        c:\windows\explorer.exe
2013-02-21 21:30 . 2009-10-31 05:45        2614272        ----a-w-        c:\windows\SysWow64\explorer.exe
2013-02-21 21:30 . 2009-10-28 06:24        389632        ----a-w-        c:\windows\system32\winlogon.exe
2013-02-21 21:28 . 2012-11-02 05:27        478208        ----a-w-        c:\windows\system32\dpnet.dll
2013-02-21 21:27 . 2013-01-04 05:30        424960        ----a-w-        c:\windows\system32\KernelBase.dll
2013-02-21 21:26 . 2012-09-06 17:38        295792        ----a-w-        c:\windows\system32\drivers\volsnap.sys
2013-02-21 21:26 . 2013-01-04 05:41        1893224        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-02-21 21:26 . 2013-01-04 05:40        287576        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-21 21:26 . 2011-08-17 05:32        613888        ----a-w-        c:\windows\system32\psisdecd.dll
2013-02-21 21:26 . 2011-08-17 05:27        288256        ----a-w-        c:\windows\system32\MSNP.ax
2013-02-21 21:26 . 2011-08-17 05:27        108032        ----a-w-        c:\windows\system32\psisrndr.ax
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-07 07:11 . 2013-02-15 21:40        861088        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-03-07 07:11 . 2013-02-15 21:40        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-01-25 05:23 . 2013-01-25 05:23        28544        ----a-w-        c:\windows\system32\xfcodec64.dll
2013-01-17 00:28 . 2013-02-15 21:00        273840        ------w-        c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-21 21:27        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-24 365568]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 15:33        1629648        ----a-w-        c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15 21:22]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15 21:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2010-02-09 8151040]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-22  17:02:54
ComboFix-quarantined-files.txt  2013-03-22 16:02
.
Vor Suchlauf: 20 Verzeichnis(se), 123.855.376.384 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 123.483.148.288 Bytes frei
.
- - End Of File - - A86F8410404EC3C0BEDF968D089C7F79
Jetzt kenne ich auch endlich die Bedeutung des mysteriösen Ordners "a", in dem nichts zu sehen war, aber wenn ich ihn löschen wollte, kam nur die Meldung, das eine oder mehrere Dateien noch genutzt werden und desshalb nicht gelöscht werden können.

OTL
Code:
OTL logfile created on: 22.03.2013 17:31:03 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Ryugan Akuma\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,34% Memory free
8,00 Gb Paging File | 6,29 Gb Available in Paging File | 78,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 865,54 Gb Total Space | 115,08 Gb Free Space | 13,30% Space Free | Partition Type: NTFS
 
Computer Name: RYUGANAKUMA-PC | User Name: Ryugan Akuma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.18 22:53:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ryugan Akuma\Downloads\OTL.exe
PRC - [2013.03.11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.03.07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013.03.11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013.03.11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.24 23:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.05.24 16:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.24 17:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.24 15:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.30 07:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.02.09 10:14:52 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1193450484-2481311128-3105060629-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-1193450484-2481311128-3105060629-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1193450484-2481311128-3105060629-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 81 25 7D C2 0B CE 01  [binary data]
IE - HKU\S-1-5-21-1193450484-2481311128-3105060629-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1193450484-2481311128-3105060629-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1193450484-2481311128-3105060629-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
[2013.02.28 21:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Adblock Plus = C:\Users\Ryugan Akuma\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
 
O1 HOSTS File: ([2013.03.22 17:01:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1193450484-2481311128-3105060629-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1193450484-2481311128-3105060629-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92D0EC37-162C-4444-86A1-69F00708FB2F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.07 07:54:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.22 17:02:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.22 16:55:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.22 16:55:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.22 16:55:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.22 16:54:01 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013.03.22 16:51:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.22 16:51:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.22 16:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.03.22 16:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.03.19 16:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.03.19 16:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013.03.18 21:58:42 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.03.18 21:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.03.18 21:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.03.18 20:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.18 20:50:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013.03.18 20:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.03.18 20:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.03.18 13:20:01 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\Documents\Diablo III
[2013.03.18 12:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2013.03.18 12:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2013.03.18 12:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013.03.18 12:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013.03.18 12:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013.03.07 08:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.01 03:06:50 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.01 03:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.01 03:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.02.28 23:42:55 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\AppData\Roaming\WinRAR
[2013.02.28 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.02.28 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.02.28 21:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.02.28 21:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.26 14:50:21 | 000,000,000 | ---D | C] -- C:\boot-sav
[2013.02.25 22:28:00 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\AppData\Roaming\DAEMON Tools Lite
[2013.02.25 22:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.02.25 22:23:01 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\Desktop\Epica
[2013.02.25 21:47:50 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\Desktop\Nero
[2013.02.25 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\Desktop\Neuer Ordner
[2013.02.23 13:57:50 | 008,151,040 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CMICNFG3.dll
[2013.02.23 13:57:50 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\CMPaOxy.dll
[2013.02.23 13:57:04 | 001,155,072 | ---- | C] (C-Media Inc) -- C:\Windows\SysNative\drivers\cmudax3.sys
[2013.02.23 13:57:04 | 000,036,864 | ---- | C] (C-Media Electronics Ins.) -- C:\Windows\SysNative\cmudax3.dll
[2013.02.23 13:57:03 | 000,000,000 | ---D | C] -- C:\download
[2013.02.21 21:27:41 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.02.21 21:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.02.21 21:17:30 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.02.21 21:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.02.21 21:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.02.21 21:00:26 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\AppData\Local\Windows Live
[2013.02.21 21:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.02.21 20:52:33 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\AppData\Roaming\DSite
[2013.02.21 20:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoConverter
[2013.02.20 19:35:09 | 000,000,000 | ---D | C] -- C:\Users\Ryugan Akuma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.02.20 19:25:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.02.20 19:24:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.22 17:01:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.22 16:56:37 | 000,013,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.22 16:56:37 | 000,013,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.22 16:52:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.03.22 16:49:44 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.22 16:49:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.22 16:49:08 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.22 16:33:05 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.22 16:13:11 | 000,022,424 | ---- | M] () -- C:\Users\Ryugan Akuma\Desktop\gmer.zip
[2013.03.20 08:43:48 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.20 08:43:48 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.20 08:43:48 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.20 08:43:48 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.20 08:43:48 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.19 16:51:09 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.03.19 10:13:16 | 000,000,000 | ---- | M] () -- C:\Users\Ryugan Akuma\defogger_reenable
[2013.03.19 00:36:58 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.19 00:20:13 | 001,589,618 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.18 23:39:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.18 23:39:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.18 21:21:06 | 000,000,274 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.18 12:32:16 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2013.03.18 08:39:53 | 001,095,306 | ---- | M] () -- C:\Users\Ryugan Akuma\Desktop\darker_than_black_girl_cat_piano_41511_2560x1440.jpg
[2013.03.17 21:28:03 | 002,030,448 | ---- | M] () -- C:\Users\Ryugan Akuma\Documents\IMG_1110.JPG
[2013.03.15 16:36:24 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.07 00:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.02.28 21:16:21 | 000,002,048 | ---- | M] () -- C:\Users\Ryugan Akuma\Desktop\JDownloader.lnk
[2013.02.26 20:51:01 | 000,000,000 | ---- | M] () -- C:\Users\Ryugan Akuma\Documents\ts3_clientui-win64-1351504843-2013-02-26 20_51_01.536132.dmp
[2013.02.26 18:45:22 | 000,000,000 | ---- | M] () -- C:\Users\Ryugan Akuma\Documents\ts3_clientui-win64-1351504843-2013-02-26 18_45_22.460937.dmp
[2013.02.25 20:16:54 | 000,000,000 | ---- | M] () -- C:\Users\Ryugan Akuma\Documents\ts3_clientui-win64-1351504843-2013-02-25 20_16_54.862804.dmp
[2013.02.23 13:57:50 | 000,000,743 | ---- | M] () -- C:\Windows\Cmicnfg3.ini.imi
[2013.02.23 13:57:50 | 000,000,188 | ---- | M] () -- C:\Windows\Cmicnfg3.ini.cfl
[2013.02.23 13:57:50 | 000,000,138 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2013.02.23 13:57:06 | 000,000,682 | ---- | M] () -- C:\Windows\System\Cmicnfg3.ini
[2013.02.21 21:10:08 | 000,000,020 | ---- | M] () -- C:\Windows\ÐõW
[2013.02.20 20:06:36 | 000,046,990 | ---- | M] () -- C:\Users\Ryugan Akuma\Desktop\char.png
 
========== Files Created - No Company Name ==========
 
[2013.03.22 16:55:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.22 16:55:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.22 16:55:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.22 16:55:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.22 16:55:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.22 16:13:11 | 000,022,424 | ---- | C] () -- C:\Users\Ryugan Akuma\Desktop\gmer.zip
[2013.03.19 16:51:09 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.03.19 16:50:15 | 000,576,180 | ---- | C] () -- C:\Users\Ryugan Akuma\Desktop\Bioshock-2-PDF-Loesung.pdf
[2013.03.19 10:13:16 | 000,000,000 | ---- | C] () -- C:\Users\Ryugan Akuma\defogger_reenable
[2013.03.18 23:39:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.18 23:39:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.18 21:58:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.03.18 21:20:41 | 000,000,274 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.18 12:32:09 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2013.03.18 08:39:52 | 001,095,306 | ---- | C] () -- C:\Users\Ryugan Akuma\Desktop\darker_than_black_girl_cat_piano_41511_2560x1440.jpg
[2013.03.17 21:27:45 | 002,030,448 | ---- | C] () -- C:\Users\Ryugan Akuma\Documents\IMG_1110.JPG
[2013.02.28 21:16:21 | 000,002,048 | ---- | C] () -- C:\Users\Ryugan Akuma\Desktop\JDownloader.lnk
[2013.02.28 21:16:13 | 000,002,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.02.28 21:16:13 | 000,001,956 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.02.28 21:16:13 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.02.26 20:51:01 | 000,000,000 | ---- | C] () -- C:\Users\Ryugan Akuma\Documents\ts3_clientui-win64-1351504843-2013-02-26 20_51_01.536132.dmp
[2013.02.26 18:45:22 | 000,000,000 | ---- | C] () -- C:\Users\Ryugan Akuma\Documents\ts3_clientui-win64-1351504843-2013-02-26 18_45_22.460937.dmp
[2013.02.25 20:16:54 | 000,000,000 | ---- | C] () -- C:\Users\Ryugan Akuma\Documents\ts3_clientui-win64-1351504843-2013-02-25 20_16_54.862804.dmp
[2013.02.23 13:57:50 | 001,144,983 | ---- | C] () -- C:\Windows\SysWow64\KB936225x64.msu
[2013.02.23 13:57:50 | 000,792,576 | ---- | C] () -- C:\Windows\SysNative\Cmeaupci.exe
[2013.02.23 13:57:50 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CMICNFG3.cpl
[2013.02.23 13:57:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll
[2013.02.23 13:57:50 | 000,000,188 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2013.02.23 13:57:50 | 000,000,138 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2013.02.23 13:57:06 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2013.02.23 13:57:06 | 000,002,669 | ---- | C] () -- C:\Windows\cmudax3.ini
[2013.02.23 13:57:06 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2013.02.23 13:57:06 | 000,000,743 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2013.02.23 13:57:06 | 000,000,682 | ---- | C] () -- C:\Windows\System\Cmicnfg3.ini
[2013.02.21 21:27:35 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.02.21 21:27:23 | 000,001,381 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.02.21 21:10:08 | 000,000,020 | ---- | C] () -- C:\Windows\ÐõW
[2013.02.21 21:06:09 | 001,589,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.15 21:42:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.02.15 21:40:08 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.22 01:01:21 | 000,000,000 | ---D | M] -- C:\Users\Ryugan Akuma\AppData\Roaming\.minecraft
[2013.02.25 22:29:02 | 000,000,000 | ---D | M] -- C:\Users\Ryugan Akuma\AppData\Roaming\DAEMON Tools Lite
[2013.02.21 20:52:33 | 000,000,000 | ---D | M] -- C:\Users\Ryugan Akuma\AppData\Roaming\DSite
[2013.03.11 04:08:31 | 000,000,000 | ---D | M] -- C:\Users\Ryugan Akuma\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >

aharonov 22.03.2013 18:07
Hi,

Zitat:
Jetzt kenne ich auch endlich die Bedeutung des mysteriösen Ordners "a"
Willst du diesen gelöschten Ordner wieder haben? Kann ich schnell wiederherstellen.

Hast du seit dem letzten Log avast wieder runtergeworfen? Ein Antivirenprogramm mit Hintergrundwächter ist Pflicht!


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
:commands
[emptytemp]
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Downloade dir bitte Malwarebytes Anti-Malware.
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte nun Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 4

Downloade dir bitte SecurityCheck (Link 1, Link 2).
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck

aharonov 25.03.2013 18:02
Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

aharonov 26.03.2013 18:41
Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131