MBR: Physical Drive 0 to 5

Gurkengelee · April 30, 2013

Dear Ladies and Gentlemen,

I run a Spybot Search & Destroy Rootkit Scan yesterday and it came up with an MBR report for Phyiscal Drive 0, Physical Drive 1 ... up to Physical Drive 5. Which is funny since I only have one phyiscal drive. So I couldn´t take it to seriously. Anyway I ran GMER and MalwareBytes Quick Scans without any reports. So I guess Spybot gives out false positives but here are the DDS logs for you to look through if you find anything suspicious. Utorrent is installed as you can see but it is seldomly used for Software, mainly from Chip.de, when FTP is not fast enough. It can be uninstalled if you really want me to.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2

Run by Dekar at 7:33:19 on 2013-04-30

Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8190.5477 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

D:\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

D:\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

D:\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Users\Dekar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

D:\Vidalia Relay Bundle\Vidalia\vidalia.exe

C:\Program Files\PDF24\pdf24.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

D:\Spybot - Search & Destroy 2\SDTray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

D:\Vidalia Relay Bundle\Tor\tor.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskhost.exe

C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

D:\Spybot - Search & Destroy 2\SDUpdate.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://juracademy.de/login/signup.php?action=tan

uProxyServer = hxxp-proxy.fu-berlin.de:80

mWinlogon: Userinit = userinit.exe

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Microsoft-Konto-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Google Update] "C:\Users\Dekar\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [spotify Web Helper] "C:\Users\Dekar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Vidalia] "D:\Vidalia Relay Bundle\Vidalia\vidalia.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PDFPrint] C:\Program Files\PDF24\pdf24.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [sDTray] "D:\Spybot - Search & Destroy 2\SDTray.exe"

mRunOnce: [Malwarebytes Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoInternetOpenWidth = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: An OneNote s&enden - D:\MICROS~1\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xel exportieren - D:\MICROS~1\Office14\EXCEL.EXE/3000

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dekar\Desktop\PartyPoker.lnk

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.178.1

TCP: Interfaces\{54D10D7D-35B6-486C-A559-2892CB2A8C81} : DHCPNameServer = 192.168.178.1

TCP: Interfaces\{F6970193-2110-45EF-A346-EDFE35B1ACDD} : DHCPNameServer = 192.168.178.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-11-6 21104]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;D:\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-28 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;D:\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-28 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;D:\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-28 168384]

R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\Windows\System32\drivers\ddcdrv.sys [2012-3-8 20832]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

R3 avmaudio;AVM Audio;C:\Windows\System32\drivers\avmaudio.sys [2010-11-7 116096]

R3 avmaura;AVM USB-Fernanschluss;C:\Windows\System32\drivers\avmaura.sys [2010-4-17 116096]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-8 39936]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 64512]

R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-4-11 410184]

R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-4-11 341832]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]

R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-3 66360]

R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;C:\Windows\System32\drivers\LGSUsbFilt.sys [2012-10-3 43832]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]

R3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-6 413800]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000]

S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]

S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]

S3 LVUVC64;Logitech QuickCam E3500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]

S3 nrtap;NeoRouter Virtual Network Interface;C:\Windows\System32\drivers\nrtap.sys [2009-9-1 29696]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-13 19456]

S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-13 57856]

.

=============== Created Last 30 ================

.

2013-04-30 05:22:07 -------- d-----w- C:\Users\Dekar\AppData\Roaming\Malwarebytes

2013-04-30 05:21:54 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-30 05:21:52 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-29 17:12:27 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7E1BB55B-2AC8-43C8-BD4E-582FBA5E4EC0}\mpengine.dll

2013-04-28 20:06:28 17272 ----a-w- C:\Windows\System32\sdnclean64.exe

2013-04-28 08:52:06 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-23 18:17:45 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-23 17:48:48 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-04-23 17:48:48 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2AB3B8D5-0E2B-4339-B1F0-99EAE949CCCC}\gapaengine.dll

2013-04-21 14:31:58 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-21 06:52:18 -------- d-----w- C:\Windows\83F12F73D52E40C093B1463C311C4E17.TMP

2013-04-20 08:50:12 -------- d-----w- C:\Users\Dekar\AppData\Roaming\tor

2013-04-20 08:50:07 -------- d-----w- C:\Users\Dekar\AppData\Local\Vidalia

2013-04-20 08:50:07 -------- d-----w- C:\Users\Dekar\AppData\Local\Tor

2013-04-15 07:19:57 -------- d-----w- C:\Users\Dekar\AppData\Roaming\e-academy Inc

2013-04-11 19:40:17 -------- d-----w- C:\Users\Dekar\AppData\Roaming\coe3

2013-04-10 07:13:09 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-10 07:13:08 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-10 07:13:08 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-10 07:13:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-10 07:13:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-10 07:13:07 112640 ----a-w- C:\Windows\System32\smss.exe

2013-04-10 07:13:05 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-10 07:13:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

.

==================== Find3M ====================

.

2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-03-28 06:52:56 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-28 06:52:56 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-13 19:10:17 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2013-03-13 18:23:05 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-12 21:02:18 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 21:02:18 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll

2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-02-21 09:20:49 963488 ----a-w- C:\Windows\System32\deployJava1.dll

2013-02-21 09:20:49 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-02-21 09:20:49 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

.

============= FINISH: 7:33:45,08 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 17.10.2009 10:24:38

System Uptime: 30.04.2013 06:52:54 (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | G41MT-USB3

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 100 GiB total, 20,578 GiB free.

D: is FIXED (NTFS) - 70 GiB total, 67,532 GiB free.

E: is FIXED (NTFS) - 296 GiB total, 120,884 GiB free.

F: is CDROM ()

G: is CDROM (UDF)

H: is CDROM ()

I: is Removable

J: is Removable

K: is Removable

L: is Removable

M: is Removable

Z: is NetworkDisk (NTFS) - 1146 GiB total, 1108,855 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: 2.0 Reader -2

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-2&REV_1.20#070415015146006629&2#

Manufacturer: Generic

Name: K:\

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-2&REV_1.20#070415015146006629&2#

Service: WUDFRd

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: 2.0 Reader -3

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-3&REV_1.20#070415015146006629&3#

Manufacturer: Generic

Name: L:\

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-3&REV_1.20#070415015146006629&3#

Service: WUDFRd

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C5100 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C5100 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: 2.0 Reader -4

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-4&REV_1.20#070415015146006629&4#

Manufacturer: Generic

Name: M:\

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-4&REV_1.20#070415015146006629&4#

Service: WUDFRd

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart C5100 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Photosmart C5100 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: 2.0 Reader -1

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-1&REV_1.20#070415015146006629&1#

Manufacturer: Generic

Name: I:\

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-1&REV_1.20#070415015146006629&1#

Service: WUDFRd

.

==== System Restore Points ===================

.

RP530: 21.04.2013 08:51:35 - Entfernt Dawn of War - Dark Crusade

RP531: 21.04.2013 08:52:10 - Removed Dawn Of War

RP532: 21.04.2013 08:53:31 - TrueCrypt uninstallation

RP533: 21.04.2013 08:54:26 - Removed Solium Infernum

RP534: 21.04.2013 08:55:47 - Removed NVIDIA PhysX

RP535: 21.04.2013 08:56:06 - Normfall Trainer 2.0 wird entfernt

RP536: 21.04.2013 16:31:01 - Installed Java 7 Update 21

RP537: 23.04.2013 20:17:47 - Windows Update

RP538: 27.04.2013 08:16:01 - Windows Update

.

==== Installed Programs ======================

.

[translation missing: EVERemoveOnly]

64 Bit HP CIO Components Installer

7-Zip 4.65

Adobe AIR

Adobe Connect Add-in

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Shockwave Player 11.6

Age of Empires III: Complete Collection

AIO_CDA_ProductContext

AIO_CDA_Software

AIO_Scan

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD AVIVO64 Codecs

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

Anno 1701

ANNO 2070

Application Profiles

µTorrent

AudibleManager

Blood Bowl: Legendary Edition

BufferChm

C5100

c5100_Help

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Chessmaster

Combined Community Codec Pack 2009-09-09

Conquest of Elysium 3

Copy

Creative Centrale

Creative Software Update

Creative ZEN Mozaic EZ Series Dokumentation

D3DX10

Dark UI v3.5

Dawn Of War

Destinations

DeviceDiscovery

Diablo III

DocProc

Don't Starve

Etron USB3.0 Host Controller

EVEMon

Fallout2

Fantasy Grounds II

Fax

FileZilla Client 3.3.4.1

Forged Alliance Forever

Fotogalerie

Geneforge 1

Geneforge 2

Geneforge 3

Geneforge 4

Geneforge 5

GIMP 2.8.2

Google Chrome

Google Drive

Google Update Helper

GPBaseService2

GPGNet

HP Imaging Device Functions 13.0

HP Photosmart All-In-One Driver Software 13.0 Rel. A

HP Photosmart Essential 3.5

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HydraVision

Intel® Control Center

Intel® Graphics Media Accelerator Driver

IrfanView (remove only)

Java 7 Update 15 (64-bit)

Java 7 Update 21

Java Auto Updater

JDownloader

League of Legends

LibreOffice 3.6

Logitech Gaming Software

Logitech Gaming Software 8.40

Magic The Gathering Online

Malwarebytes Anti-Malware Version 1.75.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile DEU Language Pack

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Game Studios Common Redistributables Pack 1

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# 2.0 Redistributable Package

Microsoft XML Parser

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Morrowind

Movie Maker

MozBackup 1.4.9

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.5 (x86 de)

MSVC80_x64_v2

MSVC80_x86_v2

MSVC90_x64

MSVC90_x86

MSVCRT

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mumble 1.2.3

Network64

Nokia Connectivity Cable Driver

Notepad++

OCR Software by I.R.I.S. 13.0

ON_OFF Charge B11.0110.1

OpenAL

PartyPoker

PC Connectivity Solution

PDF-Viewer

PDF24 Creator 5.3.0

PDFCreator

Penumbra: Overture

Photo Common

Photo Gallery

PlanetSide 2

Plants vs. Zombies: Game of the Year

PokerStars

PunkBuster Services

Real Alternative 2.0.2

Realm of the Mad God

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RGSS-RTP Standard

RPG MAKER VX Ace

S.T.A.L.K.E.R.: Shadow of Chernobyl

Scan

Secure Download Manager

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Sins of a Solar Empire: Trinity

Skype Click to Call

Skype™ 6.1

SmartWebPrinting

SolutionCenter

SpeedFan (remove only)

Spotify

Spybot - Search & Destroy

Stalker Complete 2009 v1.4.4

Star Wars Empire at War

Star Wars Empire at War Forces of Corruption

StarCraft II

Status

Steam

Supreme Commander - Forged Alliance

swMSM

TeamSpeak 3 Client

TES Construction Set

The Banner Saga: Factions

Toolbox

Tor 0.2.3.25

TrayApp

Trine

Ubisoft Game Launcher

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Vampire Realism II

Vidalia 0.2.21

VirtualCloneDrive

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.5

WebReg

Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows 7 USB/DVD Download Tool

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

WinRAR

WISO Mein Geld 2013 Professional

.

==== End Of File ===========================

Regards and thanks for help!

Gurkengelee

CatByte · May 5, 2013

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Gurkengelee · May 6, 2013

Dear CatByte,

thanks for the reply, I did as you asked. I uninstalled Malwarebytes and Spybot since my last posting, since I thought the problem to be resolved. Sorry for that, but it is why they wont show up in Additions.txt.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2013 02

Ran by Dekar (administrator) on 06-05-2013 06:27:40

Running from E:\Downloads

Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Google Inc.) C:\Users\Dekar\AppData\Local\Google\Update\GoogleUpdate.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Spotify Ltd) C:\Users\Dekar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

() D:\Vidalia Relay Bundle\Vidalia\vidalia.exe

(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

() D:\Vidalia Relay Bundle\Tor\tor.exe

(Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(CCP hf.) E:\CCP\EVE\bin\ExeFile.exe

(Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe

(Mozilla Corporation) D:\Mozilla Thunderbird\thunderbird.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe

(Farbar) E:\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11697768 2010-12-14] (Realtek Semiconductor)

HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [7406392 2012-11-29] (Logitech Inc.)

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)

HKCU\...\Run: [Google Update] "C:\Users\Dekar\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-10-10] (Google Inc.)

HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19662744 2013-04-16] (Google)

HKCU\...\Run: [spotify Web Helper] "C:\Users\Dekar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2013-01-12] (Spotify Ltd)

HKCU\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)

HKCU\...\Run: [Vidalia] "D:\Vidalia Relay Bundle\Vidalia\vidalia.exe" [x]

MountPoints2: {1ee57bac-00bd-11e1-a936-0019dbb281c4} - H:\AutoRunMorrowind.exe

MountPoints2: {201f1086-75fb-11df-af9c-0019dbb281c4} - H:\AutoRunMorrowind.exe

MountPoints2: {3105a404-be57-11e0-81cb-0019dbb281c4} - I:\AutoRunMorrowind.exe

MountPoints2: {333fb290-18cd-11e1-8018-50e54920da71} - H:\CD_Start.exe

MountPoints2: {64c3df01-f31b-11de-a3b9-0019dbb281c4} - H:\LaunchU3.exe -a

MountPoints2: {7a8f50c0-99c3-11e0-a23a-806e6f6e6963} - H:\Installer.exe

MountPoints2: {7a8f5221-99c3-11e0-a23a-0019dbb281c4} - I:\AutoRunMorrowind.exe

MountPoints2: {7dde079d-5723-11e1-93b9-50e54920da71} - H:\autorun.exe

MountPoints2: {b4e55504-f3af-11de-a5dc-0019dbb281c4} - H:\AutoRun.exe

MountPoints2: {b4e55509-f3af-11de-a5dc-0019dbb281c4} - H:\AutoRun.exe

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

HKU\gurkengelee\...\Run: [TrueCrypt] "D:\TrueCrypt\TrueCrypt.exe" /q preferences /a logon [x]

HKU\gurkengelee\...\Run: [] [x]

HKU\gurkengelee\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [18642024 2013-02-28] (Skype Technologies S.A.)

HKU\gurkengelee\...\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKU\postgres\...\Run: [TrueCrypt] "D:\TrueCrypt\TrueCrypt.exe" /q preferences /a logon [x]

HKU\postgres\...\Run: [] [x]

HKU\postgres\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [18642024 2013-02-28] (Skype Technologies S.A.)

HKU\postgres\...\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun [x]

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: http-proxy.fu-berlin.de:80

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://juracademy.de/login/signup.php?action=tan

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

HKLM-x32 SearchScopes: DefaultScope {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}

SearchScopes: HKLM-x32 - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}

SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}

BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File

BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File

Toolbar: HKCU - No Name - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:

========

FF ProfilePath: C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default

FF Homepage: hxxp://www.chip.de/|hxxp://www.financialsense.com/|https://www.wizards.com/magic/Magazine/Default.aspx|hxxp://www.jura.fu-berlin.de/

FF NetworkProxy: "autoconfig_url", "http-proxy.fu-berlin.de "

FF NetworkProxy: "http", "127.0.0.1"

FF NetworkProxy: "http_port", 8118

FF NetworkProxy: "ssl", "127.0.0.1"

FF NetworkProxy: "ssl_port", 8118

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Extension: No Name - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\counterpixel@jabubo.de

FF Extension: Ghostery - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\firefox@ghostery.com

FF Extension: HTTPS-Everywhere - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\https-everywhere@eff.org

FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\ich@maltegoetz.de

FF Extension: Locationbar² - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\locationbar2@design-noir.de

FF Extension: EPUBReader - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

FF Extension: trackerblock - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\trackerblock@privacychoice.org.xpi

FF Extension: No Name - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi

FF Extension: No Name - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF Extension: No Name - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\{9efe12fc-8e7b-41dc-917e-b9341daa31e0}.xpi

FF Extension: No Name - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: No Name - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

Chrome:

=======

CHR RestoreOnStartup: "hxxp://www.chip.de/", "hxxp://dollarvigilante.com/", "hxxp://themittani.com/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Users\Dekar\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Dekar\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Dekar\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()

CHR Plugin: (AVG Internet Security) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File

CHR Plugin: (Octoshape Streaming Services) - C:\Users\Dekar\AppData\Roaming\Mozilla\plugins\npoctoshape.dll No File

CHR Plugin: (Octoshape Streaming Services) - C:\Users\Dekar\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll No File

CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - D:\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - D:\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Users\Dekar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Foxit Reader Plugin for Mozilla) - D:\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

CHR Plugin: (VLC Web Plugin) - D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Extension: (ProxTube) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0

CHR Extension: (Google Drive) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (Turn Off the Lights) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2_0

CHR Extension: (YouTube) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Chrome YouTube Downloader) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.15_0

CHR Extension: (Google Search) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (HTTPS Everywhere) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.4.30_0

CHR Extension: (AdBlock) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0

CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0

CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0

CHR Extension: (Gmail) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd)

S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd)

R3 hpqcxs08; D:\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.)

R2 hpqddsvc; D:\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.)

R2 HPSLPSVC; D:\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-04-11] ()

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-11-18] ()

R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2010-11-07] (AVM Berlin)

R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116096 2010-04-17] (AVM Berlin)

S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)

S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)

R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-03] (Logitech Inc.)

R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [43832 2012-10-03] (Logitech Inc.)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-11-18] ()

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

S3 nrtap; C:\Windows\System32\DRIVERS\nrtap.sys [29696 2009-09-01] (NeoRouter Inc.)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-01-21] ()

R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2012-03-08] (Nicomsoft Ltd.)

S3 Aken; \??\E:\0 A.D. alpha\binaries\system\aken64.sys [x]

S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x]

S3 gdrv; \??\C:\Windows\gdrv.sys [x]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]

S3 MSI_MSIBIOS_010507; \??\D:\MSI\Live Update 5\msibios64_100507.sys [x]

S3 NTIOLib_1_0_4; \??\D:\MSI\Live Update 5\NTIOLib_X64.sys [x]

S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]

S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-06 06:27 - 2013-05-06 06:27 - 00000000 ____D C:\FRST

2013-05-02 18:33 - 2013-05-02 18:33 - 00000605 ____A C:\Users\Public\Desktop\VLC media player.lnk

2013-04-30 07:33 - 2013-04-30 07:33 - 00018102 ____A C:\Users\Dekar\Desktop\dds.txt

2013-04-30 07:33 - 2013-04-30 07:33 - 00012194 ____A C:\Users\Dekar\Desktop\attach.txt

2013-04-30 07:22 - 2013-04-30 07:22 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\Malwarebytes

2013-04-30 07:21 - 2013-04-30 07:21 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-04-29 18:59 - 2013-05-06 05:24 - 00000672 ____A C:\Windows\setupact.log

2013-04-23 20:17 - 2013-04-12 16:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-22 07:03 - 2013-05-02 15:26 - 00001096 ____A C:\Windows\PFRO.log

2013-04-21 16:31 - 2013-04-21 16:31 - 00004032 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

2013-04-21 16:31 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-04-21 16:31 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-04-21 16:31 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-04-21 08:55 - 2013-04-21 08:55 - 00000000 ____A C:\Windows\setuperr.log

2013-04-21 08:52 - 2013-04-21 08:52 - 00000000 ____D C:\Windows\83F12F73D52E40C093B1463C311C4E17.TMP

2013-04-20 10:50 - 2013-05-06 06:04 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\tor

2013-04-20 10:50 - 2013-05-06 05:25 - 00000000 ____D C:\Users\Dekar\AppData\Local\Vidalia

2013-04-20 10:50 - 2013-04-20 10:50 - 00000000 ____D C:\Users\Dekar\AppData\Local\Tor

2013-04-20 06:51 - 2013-04-02 01:47 - 00000000 ____D C:\Users\Dekar\Desktop\Tor Browser

2013-04-18 21:33 - 2013-04-19 08:28 - 00025536 ____A C:\Users\Dekar\Desktop\Unbenannt 1.odt

2013-04-15 09:19 - 2013-04-15 09:19 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\e-academy Inc

2013-04-11 21:40 - 2013-04-11 21:40 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\coe3

2013-04-10 09:14 - 2013-02-21 12:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-04-10 09:14 - 2013-02-21 12:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-04-10 09:14 - 2013-02-21 12:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-04-10 09:14 - 2013-02-21 12:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-04-10 09:14 - 2013-02-21 12:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-04-10 09:14 - 2013-02-21 12:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-04-10 09:14 - 2013-02-21 12:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-04-10 09:14 - 2013-02-21 12:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-04-10 09:14 - 2013-02-21 12:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-04-10 09:14 - 2013-02-21 12:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-04-10 09:14 - 2013-02-21 12:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-04-10 09:14 - 2013-02-21 12:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-04-10 09:14 - 2013-02-21 12:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-04-10 09:14 - 2013-02-21 12:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-04-10 09:14 - 2013-02-21 12:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-04-10 09:14 - 2013-02-21 12:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-04-10 09:14 - 2013-02-21 12:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-04-10 09:14 - 2013-02-21 12:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-04-10 09:14 - 2013-02-21 12:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-04-10 09:14 - 2013-02-21 12:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-04-10 09:14 - 2013-02-21 12:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-04-10 09:14 - 2013-02-21 12:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-04-10 09:14 - 2013-02-21 12:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-04-10 09:14 - 2013-02-21 12:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-04-10 09:14 - 2013-02-21 12:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-04-10 09:14 - 2013-02-21 12:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-04-10 09:14 - 2013-02-21 12:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-04-10 09:14 - 2013-02-19 14:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-04-10 09:14 - 2013-02-19 13:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-04-10 09:14 - 2013-02-19 13:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-04-10 09:14 - 2013-02-19 12:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-10 09:13 - 2013-03-19 08:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-04-10 09:13 - 2013-03-19 07:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2013-04-10 09:13 - 2013-03-19 07:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-04-10 09:13 - 2013-03-19 07:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-04-10 09:13 - 2013-03-19 06:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-04-10 09:13 - 2013-03-19 05:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe

2013-04-10 09:13 - 2013-03-01 05:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-04-10 09:13 - 2013-01-24 08:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

2013-04-07 22:54 - 2013-04-07 22:54 - 00003910 ____A C:\Users\Dekar\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

2013-05-06 06:27 - 2013-05-06 06:27 - 00000000 ____D C:\FRST

2013-05-06 06:25 - 2012-10-10 20:09 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2688776608-3082795507-739649375-1001UA.job

2013-05-06 06:25 - 2009-10-17 11:03 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\Skype

2013-05-06 06:04 - 2013-04-20 10:50 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\tor

2013-05-06 06:02 - 2012-07-16 08:46 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-06 05:58 - 2012-10-26 08:46 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-06 05:32 - 2009-07-14 06:45 - 00013584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-06 05:32 - 2009-07-14 06:45 - 00013584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-06 05:25 - 2013-04-20 10:50 - 00000000 ____D C:\Users\Dekar\AppData\Local\Vidalia

2013-05-06 05:25 - 2012-10-26 08:46 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-06 05:24 - 2013-04-29 18:59 - 00000672 ____A C:\Windows\setupact.log

2013-05-06 05:24 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-05 22:39 - 2009-10-17 10:12 - 01577942 ____A C:\Windows\WindowsUpdate.log

2013-05-02 21:20 - 2009-07-14 19:58 - 00708380 ____A C:\Windows\System32\perfh007.dat

2013-05-02 21:20 - 2009-07-14 19:58 - 00153760 ____A C:\Windows\System32\perfc007.dat

2013-05-02 21:20 - 2009-07-14 07:13 - 01646048 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-02 18:33 - 2013-05-02 18:33 - 00000605 ____A C:\Users\Public\Desktop\VLC media player.lnk

2013-05-02 18:33 - 2011-02-12 12:22 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\vlc

2013-05-02 18:32 - 2010-11-28 16:11 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\dvdcss

2013-05-02 17:29 - 2009-10-17 10:32 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-05-02 15:26 - 2013-04-22 07:03 - 00001096 ____A C:\Windows\PFRO.log

2013-05-01 06:53 - 2011-05-26 17:16 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-05-01 06:53 - 2009-10-17 11:03 - 00000000 ____D C:\ProgramData\Skype

2013-04-30 07:33 - 2013-04-30 07:33 - 00018102 ____A C:\Users\Dekar\Desktop\dds.txt

2013-04-30 07:33 - 2013-04-30 07:33 - 00012194 ____A C:\Users\Dekar\Desktop\attach.txt

2013-04-30 07:22 - 2013-04-30 07:22 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\Malwarebytes

2013-04-30 07:21 - 2013-04-30 07:21 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-04-29 19:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF

2013-04-29 08:44 - 2010-02-21 03:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-04-25 23:25 - 2012-10-10 20:09 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2688776608-3082795507-739649375-1001Core.job

2013-04-25 21:52 - 2011-01-24 23:10 - 00000000 ____D C:\Users\Dekar\AppData\Local\CrashDumps

2013-04-22 07:19 - 2009-11-05 22:16 - 00007794 ____A C:\Users\Dekar\Desktop\Neues Textdokument.txt

2013-04-22 07:03 - 2009-07-14 06:45 - 00459928 ____A C:\Windows\System32\FNTCACHE.DAT

2013-04-21 16:31 - 2013-04-21 16:31 - 00004032 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

2013-04-21 16:31 - 2013-03-28 08:52 - 00000000 ____D C:\Program Files (x86)\Java

2013-04-21 08:56 - 2009-11-11 18:23 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\Normfall

2013-04-21 08:55 - 2013-04-21 08:55 - 00000000 ____A C:\Windows\setuperr.log

2013-04-21 08:55 - 2010-08-29 20:44 - 00120024 ____A C:\Users\Dekar\AppData\Local\GDIPFONTCACHEV1.DAT

2013-04-21 08:54 - 2009-11-08 15:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-04-21 08:52 - 2013-04-21 08:52 - 00000000 ____D C:\Windows\83F12F73D52E40C093B1463C311C4E17.TMP

2013-04-21 08:47 - 2012-08-19 19:36 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\uTorrent

2013-04-21 08:46 - 2009-10-17 11:08 - 00000000 ____D C:\Windows\Panther

2013-04-21 08:39 - 2011-02-13 09:17 - 00000000 ____D C:\Windows\Minidump

2013-04-21 07:16 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-04-20 10:50 - 2013-04-20 10:50 - 00000000 ____D C:\Users\Dekar\AppData\Local\Tor

2013-04-20 06:52 - 2013-03-04 13:57 - 00000000 ____D C:\Users\Dekar\Desktop\Studienabschlussarbeit

2013-04-19 08:28 - 2013-04-18 21:33 - 00025536 ____A C:\Users\Dekar\Desktop\Unbenannt 1.odt

2013-04-15 09:19 - 2013-04-15 09:19 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\e-academy Inc

2013-04-12 17:59 - 2012-02-20 13:54 - 00000000 ____D C:\Users\Dekar\Documents\Eigene Scans

2013-04-12 16:45 - 2013-04-23 20:17 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-11 21:40 - 2013-04-11 21:40 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\coe3

2013-04-10 09:16 - 2009-10-17 10:31 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-04-07 22:54 - 2013-04-07 22:54 - 00003910 ____A C:\Users\Dekar\AppData\Local\recently-used.xbel

2013-04-07 22:54 - 2012-11-03 14:23 - 00000000 ____D C:\Users\Dekar\.gimp-2.8

2013-04-06 10:59 - 2009-10-17 10:24 - 00000000 ____D C:\users\Dekar

Other Malware:

===========

C:\ProgramData\hash.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-04-25 08:20

==================== End Of Log ============================

Addition.txt

CatByte · May 6, 2013

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it to your desktop as fixlist.txt

start
Toolbar: HKCU - No Name - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
C:\ProgramData\hash.dat
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

(note it is very important that FixList.txt and FRST program are located in the same place)

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Reboot Normally.

Download ComboFix from the following location:
Link
* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Gurkengelee · May 6, 2013

Dear CatByte,

thanks for the instructions, I did as you asked.

FRST64Log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-05-2013 02

Ran by Dekar at 2013-05-06 19:33:44 Run:1

Running from E:\Downloads

Boot Mode: Normal

==============================================

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} => Value deleted successfully.

HKCR\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.

HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.

HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.

HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.

C:\ProgramData\hash.dat => Moved successfully.

==== End of Fixlog ====

ComboFix Log:

ComboFix 13-05-06.03 - Dekar 06.05.2013 19:43:56.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8190.6467 [GMT 2:00]

ausgeführt von:: c:\users\Dekar\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Dekar\AppData\Local\Temp\_MEI38602\_ctypes.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\_elementtree.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\_hashlib.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\_multiprocessing.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\_socket.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\_ssl.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\pyexpat.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\pysqlite2._sqlite.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\python27.dll

c:\users\Dekar\AppData\Local\Temp\_MEI38602\pythoncom27.dll

c:\users\Dekar\AppData\Local\Temp\_MEI38602\PyWinTypes27.dll

c:\users\Dekar\AppData\Local\Temp\_MEI38602\select.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\unicodedata.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32api.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32com.shell.shell.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32crypt.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32event.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32file.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32inet.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32pdh.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32process.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32profile.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32security.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32ts.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\windows._cacheinvalidation.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\wx._controls_.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\wx._core_.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\wx._gdi_.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\wx._html2.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\wx._misc_.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\wx._windows_.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\wx._wizard.pyd

c:\users\Dekar\AppData\Local\Temp\_MEI38602\wxbase294u_net_vc90.dll

c:\users\Dekar\AppData\Local\Temp\_MEI38602\wxbase294u_vc90.dll

c:\users\Dekar\AppData\Local\Temp\_MEI38602\wxmsw294u_adv_vc90.dll

c:\users\Dekar\AppData\Local\Temp\_MEI38602\wxmsw294u_core_vc90.dll

c:\users\Dekar\AppData\Local\Temp\_MEI38602\wxmsw294u_html_vc90.dll

c:\users\Dekar\AppData\Local\Temp\_MEI38602\wxmsw294u_webview_vc90.dll

c:\users\Dekar\AppData\Roaming\0ad

c:\users\Dekar\AppData\Roaming\0ad\config\user.cfg

c:\windows\SysWow64\logs

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

((((((((((((((((((((((( Dateien erstellt von 2013-04-06 bis 2013-05-06 ))))))))))))))))))))))))))))))

.

2013-05-06 04:27 . 2013-05-06 04:27 -------- d-----w- C:\FRST

2013-05-01 04:53 . 2013-05-01 04:53 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-04-30 05:22 . 2013-04-30 05:22 -------- d-----w- c:\users\Dekar\AppData\Roaming\Malwarebytes

2013-04-30 05:21 . 2013-04-30 05:21 -------- d-----w- c:\programdata\Malwarebytes

2013-04-23 18:17 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-21 14:32 . 2013-04-21 14:32 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-04-21 14:31 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-21 06:52 . 2013-04-21 06:52 -------- d-----w- c:\windows\83F12F73D52E40C093B1463C311C4E17.TMP

2013-04-20 08:50 . 2013-05-06 17:57 -------- d-----w- c:\users\Dekar\AppData\Roaming\tor

2013-04-20 08:50 . 2013-05-06 17:56 -------- d-----w- c:\users\Dekar\AppData\Local\Vidalia

2013-04-20 08:50 . 2013-04-20 08:50 -------- d-----w- c:\users\Dekar\AppData\Local\Tor

2013-04-15 07:19 . 2013-04-15 07:19 -------- d-----w- c:\users\Dekar\AppData\Roaming\e-academy Inc

2013-04-11 19:40 . 2013-04-11 19:40 -------- d-----w- c:\users\Dekar\AppData\Roaming\coe3

2013-04-10 07:13 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 07:13 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 07:13 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-10 07:13 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 07:13 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-04-10 07:13 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

2013-04-10 07:13 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 07:13 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys

.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-02 15:29 . 2009-10-17 08:32 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-23 17:48 . 2013-04-23 17:48 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AB3B8D5-0E2B-4339-B1F0-99EAE949CCCC}\gapaengine.dll

2013-04-10 07:16 . 2009-10-17 08:31 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-10 03:46 . 2013-05-05 19:29 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9460696-8A98-4DCE-B92E-2E349D56FD8B}\mpengine.dll

2013-04-10 03:46 . 2013-05-02 16:37 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-03-29 06:39 . 2013-04-23 17:48 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-03-28 06:52 . 2013-02-16 00:47 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-28 06:52 . 2010-04-25 13:21 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-19 04:50 . 2013-03-29 06:38 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4ACDCC96-3E03-4AC7-806F-A68676949AA9}\mpengine.dll

2013-03-13 19:10 . 2013-03-13 19:10 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2013-03-13 18:24 . 2013-03-13 18:24 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-03-13 18:24 . 2013-03-13 18:24 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-03-13 18:24 . 2013-03-13 18:24 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-03-13 18:24 . 2013-03-13 18:24 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-03-13 18:24 . 2013-03-13 18:24 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-03-13 18:24 . 2013-03-13 18:24 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-03-13 18:24 . 2013-03-13 18:24 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-03-13 18:24 . 2013-03-13 18:24 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-03-13 18:24 . 2013-03-13 18:24 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-03-13 18:24 . 2013-03-13 18:24 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-03-13 18:24 . 2013-03-13 18:24 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-03-13 18:24 . 2013-03-13 18:24 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-03-13 18:24 . 2013-03-13 18:24 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-03-13 18:24 . 2013-03-13 18:24 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-03-13 18:24 . 2013-03-13 18:24 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-03-13 18:24 . 2013-03-13 18:24 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-03-13 18:24 . 2013-03-13 18:24 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-03-13 18:24 . 2013-03-13 18:24 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-03-13 18:24 . 2013-03-13 18:24 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-03-13 18:24 . 2013-03-13 18:24 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-03-13 18:24 . 2013-03-13 18:24 81408 ----a-w- c:\windows\system32\icardie.dll

2013-03-13 18:24 . 2013-03-13 18:24 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-03-13 18:24 . 2013-03-13 18:24 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-03-13 18:24 . 2013-03-13 18:24 441856 ----a-w- c:\windows\system32\html.iec

2013-03-13 18:24 . 2013-03-13 18:24 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-03-13 18:24 . 2013-03-13 18:24 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-13 18:24 . 2013-03-13 18:24 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-03-13 18:24 . 2013-03-13 18:24 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-03-13 18:24 . 2013-03-13 18:24 235008 ----a-w- c:\windows\system32\url.dll

2013-03-13 18:24 . 2013-03-13 18:24 216064 ----a-w- c:\windows\system32\msls31.dll

2013-03-13 18:24 . 2013-03-13 18:24 197120 ----a-w- c:\windows\system32\msrating.dll

2013-03-13 18:24 . 2013-03-13 18:24 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-03-13 18:24 . 2013-03-13 18:24 144896 ----a-w- c:\windows\system32\wextract.exe

2013-03-13 18:24 . 2013-03-13 18:24 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-03-13 18:24 . 2013-03-13 18:24 102912 ----a-w- c:\windows\system32\inseng.dll

2013-03-13 18:24 . 2013-03-13 18:24 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-03-13 18:24 . 2013-03-13 18:24 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-03-13 18:24 . 2013-03-13 18:24 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-03-13 18:24 . 2013-03-13 18:24 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-03-13 18:24 . 2013-03-13 18:24 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-03-13 18:24 . 2013-03-13 18:24 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-03-13 18:24 . 2013-03-13 18:24 149504 ----a-w- c:\windows\system32\occache.dll

2013-03-13 18:24 . 2013-03-13 18:24 13824 ----a-w- c:\windows\system32\mshta.exe

2013-03-13 18:24 . 2013-03-13 18:24 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-03-13 18:24 . 2013-03-13 18:24 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-03-13 18:24 . 2013-03-13 18:24 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-03-13 18:24 . 2013-03-13 18:24 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-03-13 18:24 . 2013-03-13 18:24 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-03-13 18:24 . 2013-03-13 18:24 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-03-13 18:23 . 2013-03-13 18:23 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-03-13 18:23 . 2013-03-13 18:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-03-13 18:23 . 2013-03-13 18:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2013-03-13 18:23 . 2013-03-13 18:23 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-03-13 18:23 . 2013-03-13 18:23 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-03-13 18:23 . 2013-03-13 18:23 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-03-13 18:23 . 2013-03-13 18:23 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-03-13 18:23 . 2013-03-13 18:23 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-03-13 18:23 . 2013-03-13 18:23 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-03-13 18:23 . 2013-03-13 18:23 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-03-13 18:23 . 2013-03-13 18:23 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-03-13 18:23 . 2013-03-13 18:23 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-03-13 18:23 . 2013-03-13 18:23 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-03-13 18:23 . 2013-03-13 18:23 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-03-13 18:23 . 2013-03-13 18:23 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-03-13 18:23 . 2013-03-13 18:23 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-03-13 18:23 . 2013-03-13 18:23 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-03-13 18:23 . 2013-03-13 18:23 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-03-13 18:23 . 2013-03-13 18:23 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-03-13 18:23 . 2013-03-13 18:23 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-03-13 18:23 . 2013-03-13 18:23 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-03-13 18:23 . 2013-03-13 18:23 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-03-13 18:23 . 2013-03-13 18:23 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-03-13 18:23 . 2013-03-13 18:23 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]

"Spotify Web Helper"="c:\users\Dekar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-01-12 1199576]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]

"Vidalia"="d:\vidalia relay bundle\Vidalia\vidalia.exe" [2013-02-06 6239727]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]

"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-02-19 162856]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoInternetOpenWidth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R3 Aken;Aken;e:\0 a.d. alpha\binaries\system\aken64.sys [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]

R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]

R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]

R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;d:\msi\Live Update 5\msibios64_100507.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 nrtap;NeoRouter Virtual Network Interface;c:\windows\system32\DRIVERS\nrtap.sys [2009-09-01 29696]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;d:\msi\Live Update 5\NTIOLib_X64.sys [x]

R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2012-03-08 20832]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2010-11-07 116096]

S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2010-04-17 116096]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]

S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]

S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-02 66360]

S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys [2012-10-02 43832]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:02]

.

2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26 18:14]

.

2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26 18:14]

.

2013-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2688776608-3082795507-739649375-1001Core.job

- c:\users\Dekar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-10 18:09]

.

2013-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2688776608-3082795507-739649375-1001UA.job

- c:\users\Dekar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-10 18:09]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 413720]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://juracademy.de/login/signup.php?action=tan

uLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyServer = http-proxy.fu-berlin.de:80

IE: An OneNote s&enden - d:\micros~1\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office14\EXCEL.EXE/3000

Trusted Zone: smu.edu.sg\eservices

TCP: DhcpNameServer = 192.168.178.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-WISO Mein Geld 2013 Professional - c:\program files (x86)\Buhl\WISO Mein Geld 2013\setup.exe

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2688776608-3082795507-739649375-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:02,e8,e6,31,e6,89,cf,61,77,ee,50,23,3c,5d,87,7d,65,d8,eb,01,f4,d5,b7,

f6,59,7b,d0,9f,ae,6a,b7,3c,f7,4b,ec,f4,e2,90,07,8b,18,1a,b1,65,86,a6,fa,a6,\

"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

.

[HKEY_USERS\S-1-5-21-2688776608-3082795507-739649375-1001\Software\SecuROM\License information*]

"datasecu"=hex:91,45,89,2d,01,76,e6,d1,af,9a,bf,a4,6b,a5,89,94,2a,d9,a2,b3,16,

af,12,31,0f,ac,96,19,00,aa,b8,09,80,0d,83,56,2a,f1,43,64,a3,56,81,c0,2f,43,\

"rkeysecu"=hex:1c,cc,a0,27,79,fd,78,a3,39,61,9f,78,21,bc,99,a8

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTDevSrv.exe

c:\windows\SysWOW64\PnkBstrA.exe

d:\vidalia relay bundle\Tor\tor.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-05-06 20:02:18 - PC wurde neu gestartet

ComboFix-quarantined-files.txt 2013-05-06 18:02

.

Vor Suchlauf: 16 Verzeichnis(se), 22.548.381.696 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 22.214.766.592 Bytes frei

.

- - End Of File - - E2EC443625AD03D1DEB8B1DF4554BA69

Thanks for your help!

Gurkengelee

CatByte · May 6, 2013

Please do the following

Please download DDS from either of these links

LINK 1

LINK 2

and save it to your desktop.

Disable any script blocking protection
Double click dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt.

NEXT

Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.

Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
[*] Then click the Scan button & wait for it to finish.
[*] Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
[*]Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Gurkengelee · May 6, 2013

Dear CatByte,

thanks for the response. I am posting the reports of the DDS logs below. I started GMER and it didn´t give a rootkit warning. I tried your settings for a complete scan anyway but it crashed the six times I tried to run it after 2 to 4 minutes or so. I will try it again tomorrow and post my results here.

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2

Run by Dekar at 20:39:35 on 2013-05-06

Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8190.5213 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Users\Dekar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

D:\Vidalia Relay Bundle\Vidalia\vidalia.exe

C:\Program Files\PDF24\pdf24.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

D:\Vidalia Relay Bundle\Tor\tor.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

D:\Mozilla Thunderbird\thunderbird.exe

C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe

E:\League of Legends\RADS\system\rads_user_kernel.exe

E:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.149\deploy\LoLLauncher.exe

E:\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.11\deploy\LolClient.exe

C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe