Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Ordner/Dateien verschwinden, mehrere Trojaner gefunden

Ordner/Dateien verschwinden, mehrere Trojaner gefunden


Plagegeister aller Art und deren Bekämpfung: Ordner/Dateien verschwinden, mehrere Trojaner gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.12.2011, 15:31   #1
0815Fischer
 
Ordner/Dateien verschwinden, mehrere Trojaner gefunden - Standard

Ordner/Dateien verschwinden, mehrere Trojaner gefunden


Hallo Community,

ich hoffe ihr könnt mir bei meinem Virenproblem behilflich sein.
Vor zwei Tagen zeigte mir Avira eine ganze Menge Meldungen über Malware-Fund.
Ich verweigerte natürlich den Zugriff und die Programme wurden angeblich erfolgreich in Quarantäne verschoben.
Anschliessend startete ich den PC neu, sah nur noch einen schwarzen Hintergrund, sämtlich Dateien und Ordner schienen gelöscht (auch die meiner externen Festplatte).
Dann fing ich an mich über einen der gefundenen Viren zu informieren.
Es handelte sich erst ''nur'' um TR.Crypt.XPACK.Gen, bis ich eben noch viele weitere entdeckt habe im Avira Ereignisbericht
Ich werde sie mal aufzählen:


C:\ProgramData\privacy.exe TR/Crypt.XPACK.Gen3 (12x gefunden)

C:\Windows\System32\consrv.dl TR/ATRAPS.Gen2 (3x gefunden)

C:\ProgramData\C43A.tmp TR/Crypt.XPACK.Gen3

C:\Users\*****\AppData\Local\Temp\nSqw1Tfy25G2u0.exe TR/Crypt.XPACK.Gen (2x gefunden)

C:\Users\*****\AppData\Local\Temp\nSqw1Tfy25G2u0.exe TR/Alureon.FL.4 (2x gefunden)

Mein Betriebsystem ist Windows Professional 64-Bit.
In anderen Threads hatte ich bereits ähnliche Symptome gesehen und von daher auch schon mögliche Lösungsansätze probiert.
Ich habe Logs von Malwarebytes und OTL erstellt.

Zunächst einmal der Log von Malwarebytes
---------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8330

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

08.12.2011 14:02:01
mbam-log-2011-12-08 (14-02-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 442614
Laufzeit: 1 Stunde(n), 3 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
-----------------------------------------------------------------------

Nun der Log von OTL

--------------------------------------------------------------------------
OTL logfile created on: 09.12.2011 13:24:22 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = J:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,64 Gb Available Physical Memory | 82,97% Memory free
16,00 Gb Paging File | 14,49 Gb Available in Paging File | 90,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 229,29 Gb Total Space | 37,26 Gb Free Space | 16,25% Space Free | Partition Type: NTFS
Drive D: | 229,64 Gb Total Space | 194,58 Gb Free Space | 84,73% Space Free | Partition Type: NTFS
Drive J: | 1,93 Gb Total Space | 1,74 Gb Free Space | 90,19% Space Free | Partition Type: FAT
Drive Z: | 298,02 Gb Total Space | 11,14 Gb Free Space | 3,74% Space Free | Partition Type: FAT32

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.08 12:40:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- J:\OTL.exe
PRC - [2011.12.07 20:08:19 | 000,371,712 | -H-- | M] () -- C:\ProgramData\zHdbjIpb0JrA3x.exe
PRC - [2011.12.07 19:49:00 | 000,462,848 | -HS- | M] () -- C:\ProgramData\KWosWQElxCrnJTM.exe
PRC - [2011.11.12 23:47:01 | 001,242,448 | -H-- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | -H-- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.11 20:41:07 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.29 20:33:33 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.26 21:47:08 | 000,075,136 | -H-- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.03.31 15:08:14 | 000,080,896 | -H-- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.02.18 10:06:06 | 001,666,560 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
PRC - [2011.02.18 10:05:32 | 000,495,616 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
PRC - [2010.12.13 08:39:19 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.07.14 02:14:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\attrib.exe
PRC - [2009.02.23 04:43:56 | 000,307,200 | -H-- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011.12.07 20:08:19 | 000,371,712 | -H-- | M] () -- C:\ProgramData\zHdbjIpb0JrA3x.exe
MOD - [2011.12.07 19:49:00 | 000,462,848 | -HS- | M] () -- C:\ProgramData\KWosWQElxCrnJTM.exe
MOD - [2011.11.12 23:58:46 | 014,410,024 | -H-- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011.11.12 23:58:46 | 000,914,216 | -H-- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011.11.12 23:58:46 | 000,194,344 | -H-- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2011.11.12 23:58:46 | 000,155,432 | -H-- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011.11.12 23:58:46 | 000,091,432 | -H-- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.10.26 03:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.10.25 21:14:28 | 000,361,984 | -H-- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.06.21 18:12:30 | 000,341,296 | -H-- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.11.12 23:58:46 | 000,419,624 | -H-- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.31 17:00:48 | 000,366,152 | -H-- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.04 14:34:48 | 002,329,480 | -H-- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.07.11 20:41:07 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 20:33:33 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.26 21:47:08 | 000,075,136 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.31 15:08:14 | 000,080,896 | -H-- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.01.30 16:05:17 | 000,079,360 | -H-- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011.01.30 16:04:32 | 000,079,360 | -H-- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011.01.30 16:03:44 | 000,079,360 | -H-- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010.11.11 14:39:34 | 000,128,928 | -H-- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 04:43:56 | 000,307,200 | -H-- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.10.26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.10.26 02:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.07.11 20:41:07 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.11 20:41:07 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.08.04 21:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.03.04 14:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.12.17 23:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.11.01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.12.11 06:56:54 | 000,015,488 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Kone.sys -- (KoneFltr)
DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2006.11.10 14:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2011.06.24 05:31:02 | 000,055,424 | -H-- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 71 BC A0 6D A4 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 21:27:32 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.21 15:29:39 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.25 07:37:27 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.25 07:37:27 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010.12.25 21:56:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2010.12.25 21:56:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.28 19:36:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\cj9n2xpc.default\extensions
[2011.11.28 19:36:39 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\cj9n2xpc.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.01.22 19:01:09 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\cj9n2xpc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.02 21:40:37 | 000,000,950 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\cj9n2xpc.default\searchplugins\icqplugin-1.xml
[2011.11.10 17:26:03 | 000,001,056 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\cj9n2xpc.default\searchplugins\icqplugin.xml
[2011.11.10 21:27:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJ9N2XPC.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJ9N2XPC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.10 21:27:32 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.06.26 13:19:01 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.26 13:19:01 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.06.26 13:19:01 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.02.22 16:37:26 | 000,002,045 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.06.26 13:19:01 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.26 13:19:01 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.26 13:19:01 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Kone] C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
O4 - HKLM..\Run: [KWosWQElxCrnJTM.exe] C:\ProgramData\KWosWQElxCrnJTM.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D489E35E-A143-443D-9617-A0459D08A689}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{17f31f71-6fec-11e0-b49d-00252268eb09}\Shell - "" = AutoRun
O33 - MountPoints2\{17f31f71-6fec-11e0-b49d-00252268eb09}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{17f31f71-6fec-11e0-b49d-00252268eb09}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\atisetup.exe
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files - Modified Within 30 Days ==========

[2011.12.09 13:26:33 | 000,001,108 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.09 13:22:35 | 000,001,104 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.09 13:22:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.09 13:22:12 | 2146,885,631 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.08 14:10:43 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.08 14:10:43 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.08 12:27:32 | 000,000,456 | -H-- | M] () -- C:\ProgramData\zHdbjIpb0JrA3x
[2011.12.08 12:26:07 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~zHdbjIpb0JrA3x
[2011.12.08 11:09:49 | 000,000,525 | -H-- | M] () -- C:\Users\*****\Desktop\unhide nonsystem files.lnk
[2011.12.07 21:58:54 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~zHdbjIpb0JrA3xr
[2011.12.07 21:27:06 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.07 21:27:06 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.07 21:27:06 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.07 21:27:06 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.07 21:27:06 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.07 21:21:04 | 000,141,120 | -H-- | M] (GridinSoft) -- C:\Users\*****\Desktop\unhider.exe
[2011.12.07 20:09:02 | 000,000,653 | -H-- | M] () -- C:\Users\*****\Desktop\System Fix.lnk
[2011.12.07 20:08:19 | 000,371,712 | -H-- | M] () -- C:\ProgramData\zHdbjIpb0JrA3x.exe
[2011.12.07 20:01:55 | 000,371,712 | -H-- | M] () -- C:\ProgramData\TPjkY19NSBR6GK.exe
[2011.12.07 19:49:00 | 000,462,848 | -HS- | M] () -- C:\ProgramData\KWosWQElxCrnJTM.exe
[2011.12.05 17:06:38 | 000,361,320 | -H-- | M] () -- C:\Users\*****\Desktop\Rechnung.jpg
[2011.12.05 17:05:32 | 000,349,800 | -H-- | M] () -- C:\Users\*****\Desktop\Austauschbeleg.jpg
[2011.12.04 02:03:45 | 000,000,000 | -H-- | M] () -- C:\Windows\ativpsrm.bin
[2011.12.03 12:16:34 | 000,430,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.02 22:59:59 | 000,007,619 | -H-- | M] () -- C:\Users\Fabio\AppData\Local\Resmon.ResmonCfg
[2011.12.02 22:54:01 | 000,010,156 | -H-- | M] () -- C:\Users\Fabio\Documents\cc_20111202_225358.reg
[2011.11.26 14:11:49 | 000,627,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2011.11.26 14:11:49 | 000,252,296 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2011.11.26 14:11:49 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2011.11.26 14:11:49 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2011.11.25 14:02:46 | 000,414,368 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.11.11 18:01:35 | 000,280,736 | -H-- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.11.11 18:01:35 | 000,280,736 | -H-- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.11 17:59:56 | 000,280,768 | -H-- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== LOP Check ==========

[2011.12.02 18:11:24 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\.minecraft
[2011.11.28 20:18:21 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\.minecraft_xray
[2011.03.09 21:10:58 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Cuttermaran
[2011.08.24 19:49:17 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Downloaded Installations
[2011.11.25 22:56:04 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Dropbox
[2011.01.30 16:26:56 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.04 11:48:51 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\HTC
[2011.09.04 11:47:12 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.12.07 18:06:34 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2011.03.09 20:57:47 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\MPEG Streamclip
[2011.10.23 13:20:55 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Nitro PDF
[2011.01.02 19:18:55 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2011.07.22 21:22:58 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Origin
[2011.09.04 11:48:51 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Outlook
[2011.08.06 11:39:45 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\ROCCAT
[2010.12.25 21:56:56 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2011.11.07 16:55:39 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Ubisoft
[2011.11.05 17:02:13 | 000,032,632 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
-----------------------------------------------------------------

Generiert wurde auch eine Extras.txt

--------------------------------------------------------------------
OTL Extras logfile created on: 09.12.2011 13:24:22 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = J:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,64 Gb Available Physical Memory | 82,97% Memory free
16,00 Gb Paging File | 14,49 Gb Available in Paging File | 90,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 229,29 Gb Total Space | 37,26 Gb Free Space | 16,25% Space Free | Partition Type: NTFS
Drive D: | 229,64 Gb Total Space | 194,58 Gb Free Space | 84,73% Space Free | Partition Type: NTFS
Drive J: | 1,93 Gb Total Space | 1,74 Gb Free Space | 90,19% Space Free | Partition Type: FAT
Drive Z: | 298,02 Gb Total Space | 11,14 Gb Free Space | 3,74% Space Free | Partition Type: FAT32

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{3DA00A00-C3E9-4064-B62C-CAD25EAF0B6A}" = Nitro PDF Reader 2
"{4BE9F0B8-FF3D-5CAA-9BF2-CB6F3DF75D3B}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}" = AMD Catalyst Install Manager
"{67303AC9-A9BA-E413-0001-AAC1C812947C}" = AMD Fuel
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA54C4B1-98E3-AEFA-7254-C4038DC739AF}" = AMD Media Foundation Decoders
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BF82343-8EE6-8B76-90CF-31059B9D1842}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.2.0
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{70C3CC75-9E14-D215-8FAD-5ABEAE3125D9}" = AMD VISION Engine Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver
"{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DD8D87E5-C372-462F-B168-94612B1D9451}" = HTC Sync
"{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{E9A1960E-7756-2299-C700-DC7CA6EDD6E4}" = Catalyst Control Center InstallProxy
"{E9D98510-A8B6-E39C-B8BA-BA9A511E040C}" = Catalyst Control Center Graphics Previews Common
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Afterburner" = MSI Afterburner 2.1.0
"American Conquest" = American Conquest
"AMP WinOFF" = AMP WinOFF 5.0.0
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.76
"ATITool" = ATITool Overclocking Utility
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.9.29
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"OpenAL" = OpenAL
"Origin" = Origin
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"Steam App 17500" = Zombie Panic Source
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 43110" = Metro 2033
"Steam App 44320" = DiRT 3
"Uninstall_is1" = Uninstall 1.0.0.1
"Verbatim GREEN BUTTON_is1" = Verbatim GREEN BUTTON 1.46
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17.11.2011 16:35:08 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm ASROC.exe, Version 2.3.76.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1010 Startzeit:
01cca565720e4e5e Endzeit: 21 Anwendungspfad: C:\Program Files (x86)\ASRock Utility\OCTuner\ASROC.exe

Berichts-ID:
a17ab51b-115b-11e1-a49f-00252268eb09

Error - 18.11.2011 13:53:11 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9d8 Startzeit:
01cca6163b40740f Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID:
2c7d4fac-120e-11e1-a444-00252268eb09

Error - 18.11.2011 13:54:16 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13ac Startzeit:
01cca61af07adb1b Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID:
53927c75-120e-11e1-a444-00252268eb09

Error - 18.11.2011 13:55:08 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 524 Startzeit:
01cca61b1735939a Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID:
7284ae1f-120e-11e1-a444-00252268eb09

Error - 21.11.2011 16:25:15 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c28 Startzeit:
01cca88b991e79e6 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID:
eaa7ce2d-147e-11e1-b139-00252268eb09

Error - 21.11.2011 16:26:03 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 754 Startzeit:
01cca88bae9e357c Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID:
073dee97-147f-11e1-b139-00252268eb09

Error - 30.11.2011 14:33:21 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a30 Startzeit:
01ccaf8c0e593b4f Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID:
c66bd484-1b81-11e1-8a57-00252268eb09

Error - 02.12.2011 17:55:15 | Computer Name = *****-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "AODService" konnte nicht neu gestartet
werden.

Error - 02.12.2011 18:11:34 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm CCleaner64.exe, Version 3.0.0.1303 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 12bc Startzeit: 01ccb13cd3da2086 Endzeit: 0 Anwendungspfad: C:\Program
Files\CCleaner\CCleaner64.exe Berichts-ID: 91f85f63-1d32-11e1-a1c3-00252268eb09

Error - 07.12.2011 15:08:30 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm CCleaner64.exe, Version 3.0.0.1303 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 2d4 Startzeit: 01ccb51382887acc Endzeit: 15 Anwendungspfad: C:\Program
Files\CCleaner\CCleaner64.exe Berichts-ID: d57bee5e-2106-11e1-82df-00252268eb09

[ System Events ]
Error - 08.12.2011 06:12:21 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 08.12.2011 06:12:21 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 08.12.2011 06:14:45 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error - 08.12.2011 06:27:03 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.

Error - 08.12.2011 06:27:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.

Error - 08.12.2011 07:29:39 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error - 08.12.2011 09:07:20 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 08.12.2011 09:07:20 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 09.12.2011 08:26:10 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 09.12.2011 08:26:10 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866314
Description =


< End of report >
----------------------------------------------------------------------

Ich habe weiterhin dieselben Symptome wie vorher ohne jegliche Besserung auch wenn Malwarebytes die letzten Dateien aus der Registry gelöscht hat (soweit ich das herrauslesen konnte).
ComboFix wollte ich erst benutzen wenn ich dazu aufgefordert werde.

Sollte irgendetwas fehlen, dann sagt mir einfach Bescheid, ich hoffe die Logs sind korrekt erstellt worden...

Danke für eure Mühe!

 

Themen zu Ordner/Dateien verschwinden, mehrere Trojaner gefunden
antivir, audacity, avira, bho, black, bonjour, c:\windows\system32\rundll32.exe, call of duty, converter, decrypter, desktop, error, festplatte, firefox, flash player, format, google, google earth, grand theft auto, helper, install.exe, langs, logfile, mbamservice.exe, mozilla thunderbird, mp3, object, plug-in, problem, realtek, registry, rojaner gefunden, scan, security, software, system, trojaner, trojaner gefunden, usb 3.0, vdeck.exe, version=1.0, webcheck, windows, windows professional, world at war


« hrt54is56ijfgte | Programm öffnet sich von selber »


Ähnliche Themen: Ordner/Dateien verschwinden, mehrere Trojaner gefunden


  1. Extrem viele PUP.OPTIONAL Dateien/Ordner (Viren?) gefunden!
    Log-Analyse und Auswertung - 30.03.2015 (16)
  2. Variante von win32/toolbar.perion.g und dwmu.exe gefunden / Dateien verschwinden vom Desktop
    Plagegeister aller Art und deren Bekämpfung - 07.10.2013 (5)
  3. 6 bedrohliche Dateien im Windows Ordner gefunden
    Log-Analyse und Auswertung - 27.09.2012 (29)
  4. Ordner verschwinden, Fenster schliesen sich allein usw.
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (13)
  5. Dateien verschwinden
    Log-Analyse und Auswertung - 17.03.2012 (3)
  6. Trojaner verwandelt auf USB Ordner in Verknüpfungen und lässt sie verschwinden
    Log-Analyse und Auswertung - 29.01.2012 (1)
  7. Dateien verschwinden
    Plagegeister aller Art und deren Bekämpfung - 01.04.2011 (13)
  8. Trojaner Agent2.Idt.2 lässt Ordner auf Festplatten und Usb-Sticks verschwinden
    Plagegeister aller Art und deren Bekämpfung - 28.01.2011 (6)
  9. Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (7)
  10. Problem mit Pc .. Dateien verschwinden einfach
    Log-Analyse und Auswertung - 18.10.2009 (1)
  11. Dateien verschwinden
    Plagegeister aller Art und deren Bekämpfung - 26.06.2009 (0)
  12. Dateien und Verzeichnisse verschwinden
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (1)
  13. Mehrere .tmp Trojaner im Temp Ordner
    Mülltonne - 09.11.2008 (4)
  14. mehrere Dateien gefunden
    Log-Analyse und Auswertung - 21.02.2007 (4)
  15. BAGLE-AS TROJAN gefunden, abgesicherter Modus geht nicht & Ordner gemeinsame Dateien
    Alles rund um Windows - 14.02.2007 (3)
  16. Dateien verschwinden/Trojaner befall???
    Log-Analyse und Auswertung - 15.05.2006 (5)
  17. Dateien verschwinden von Festplatte...
    Plagegeister aller Art und deren Bekämpfung - 17.05.2005 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Ordner/Dateien verschwinden, mehrere Trojaner gefunden - Hallo Community, ich hoffe ihr könnt mir bei meinem Virenproblem behilflich sein. Vor zwei Tagen zeigte mir Avira eine ganze Menge Meldungen über Malware-Fund. Ich verweigerte natürlich den Zugriff und - Ordner/Dateien verschwinden, mehrere Trojaner gefunden...
Archiv
Du betrachtest: Ordner/Dateien verschwinden, mehrere Trojaner gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131