Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.12.2011, 20:27   #1
nivram
 
FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen - Standard

FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen



kurz mal mein System:
habe einen Lenovo Win7 Pc Home Premium SP1 64bit Intel core i7


hatte vor ein paar Wochen den Bundestojaner auf dem PC und auch erfolgreich entfernt (hoffe ich). So sieht der aus
hxxp://geyerstation.de/wp-content/uploads/2011/11/bundestrojaner2_t1-6d7321f2faec3eee.jpg
nun habe ich aber immer noch einige Probleme mit dem PC die da wären:

1)
Win Fire-Wall läst sich nicht aktiviren

hxxp://forum.computerbild.de/attachments/programme/win7-windows-firewall-laesst-aktivieren-22094d1311457174-firewall-aktiviert-.jpg

wen ich sie dann manuell aktivieren möchte kommt diese Meldung:
"einige der Einstellungen können von der windows-firewall nicht geändert werden Fehlercode 0x8007042c"

2)
Sobald ich einen USB-Stick einstecke entsteht dort ein Ordner (kann ich nur mit winrar sehen) namens: "84612795" der leer ist.
außerdem werde die Ordner die vorher waren nur als Verknüpfung angezeigt und lassen sich nicht öffnen (mit winrar sehe ich die normalen Ordner wider).
und in Winrar gibt es eine Kopie der Ordner mit der Endung .ink
Natürlich habe ich alle Ordner auf sichtbar gemacht.
Hier mal ein Bild von mir:

hier in Groß
hxxp://s1.directupload.net/images/111211/lavjr9nb.jpg
3)
ab und zu findet Windows defender einen Trojaner:
Trojaner:Win32/Sirefef.P
Ressourcen:
file:
C:\Windows\assembly\GAC_32\Desktop.ini

den ich dann auch sofort lösche

4)
dann funktioniert meine suche nicht vernünftig kleines Beispiel suche die Datei "HiJackThis204.exe" und nix wird gefunden wobei die Datei unter Downloads ist(meine die suche bei "Start" bzw. Win-Taste)
wen ich aber auf das Laufwerk C: gehe und nach " HiJackThis204.exe" suche findet er es.


5)
so zu guter letzt habe ich desöfteren Weiterleitungen mit meinem Internet-Explorer (seltener bei Google Chrome) auf den Seiten:
kozanekozasearchsystem.com
redirect.ad-feeds.com
viewster.com
rg45clickmaster.com


hier mal mein Logfile von HiJackThis
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:00:20, on 11.12.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe
C:\Program Files\Lenovo\HealthCare\HealthCare.exe
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marvin\M-1-52-5782-8752-5245\winsvc.exe
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marvin\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 217.23.4.166 www.google-analytics.com.
O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.
O1 - Hosts: 217.23.4.166 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - I:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ModeSwitch] "C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe" /AutoRun
O4 - HKLM\..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe /hide
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [AlcoholAutomount] "I:\Programme\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PowerSuite] "I:\PROGRA~1\Schutz\POWERS~1\launcher.exe" delay 20000  -m
O4 - HKCU\..\Run: [Microsoft® Windows Update] C:\Users\Marvin\M-1-52-5782-8752-5245\winsvc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LenovoCOMService (LenovoCOMSvc) - Lenovo - C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe
O23 - Service: LitModeCtrl - Lenovo - C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - I:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - I:\Spiele\internet\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10127 bytes
         
gefixd habe ich:
Code:
ATTFilter
O1 - Hosts: 217.23.4.166 www.google-analytics.com.
O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.
O1 - Hosts: 217.23.4.166 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
O4 - HKCU\..\Run: [Microsoft® Windows Update] C:\Users\Marvin\M-1-52-5782-8752-5245\winsvc.exe
O20 - AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
         
und nochmal HijackThis scan gemacht

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:50:51, on 11.12.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marvin\Downloads\HiJackThis204.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 217.23.4.166 www.google-analytics.com.
O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.
O1 - Hosts: 217.23.4.166 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - I:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ModeSwitch] "C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe" /AutoRun
O4 - HKLM\..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe /hide
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [AlcoholAutomount] "I:\Programme\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PowerSuite] "I:\PROGRA~1\Schutz\POWERS~1\launcher.exe" delay 20000  -m
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LenovoCOMService (LenovoCOMSvc) - Lenovo - C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe
O23 - Service: LitModeCtrl - Lenovo - C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - I:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - I:\Spiele\internet\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10311 bytes
         
und von Maleware
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8352

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11.12.2011 20:02:54
mbam-log-2011-12-11 (20-02-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|N:\|Q:\|)
Durchsuchte Objekte: 597272
Laufzeit: 1 Stunde(n), 19 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Marvin\m-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> No action taken.

Infizierte Dateien:
c:\Users\Marvin\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> No action taken.
         
ich suche eine Lösung für die Probleme kein Neuaufsetzen des Systems
Danke.

konnte leider keine Links einfügen deswegen immer die URL

Alt 11.12.2011, 20:58   #2
nivram
 
FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen - Standard

FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen



OTL.txt
Code:
ATTFilter
OTL logfile created on: 11.12.2011 20:47:35 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Marvin\Desktop\otl
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,94 Gb Total Physical Memory | 4,27 Gb Available Physical Memory | 71,86% Memory free
11,93 Gb Paging File | 10,25 Gb Available in Paging File | 85,87% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,47 Gb Total Space | 550,20 Gb Free Space | 59,84% Space Free | Partition Type: NTFS
Drive I: | 918,37 Gb Total Space | 812,23 Gb Free Space | 88,44% Space Free | Partition Type: NTFS
 
Computer Name: MARVIN-PC | User Name: Marvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.11 20:43:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marvin\Desktop\otl\OTL.exe
PRC - [2011.10.14 14:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) -- I:\Spiele\internet\Tunngle\TnglCtrl.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.09 19:54:18 | 001,599,888 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.07.18 16:08:22 | 000,053,088 | ---- | M] (Uniblue Systems Limited) -- I:\Programme\Schutz\PowerSuite\powersuite.exe
PRC - [2011.07.18 15:17:16 | 000,056,168 | ---- | M] (Uniblue Systems Limited) -- I:\Programme\Schutz\SpeedUpMyPC\sump.exe
PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.09.30 13:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 13:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.30 10:19:30 | 000,049,152 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Power Dial\LenovoCOMSvc.exe
PRC - [2009.09.28 10:09:06 | 000,827,392 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\HealthCare\HealthCare.exe
PRC - [2009.09.27 10:37:22 | 000,163,840 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Power Dial\LitModeSwitch.exe
PRC - [2009.09.27 10:37:20 | 000,081,920 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Power Dial\LitModeCtrl.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- I:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.14 02:30:39 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011.10.14 02:26:41 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 02:26:20 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.14 02:26:15 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.14 02:26:04 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.10.14 02:26:01 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.14 02:25:58 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 02:25:58 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.14 02:25:51 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.07.18 16:08:22 | 000,131,584 | ---- | M] () -- I:\Programme\Schutz\PowerSuite\locale\de\de.dll
MOD - [2011.07.18 16:08:22 | 000,047,616 | ---- | M] () -- I:\Programme\Schutz\PowerSuite\cache.dll
MOD - [2011.07.18 16:08:22 | 000,013,312 | ---- | M] () -- I:\Programme\Schutz\PowerSuite\cwebpage.dll
MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.09.14 07:00:11 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.09.09 08:24:38 | 000,057,344 | ---- | M] () -- C:\Programme\Lenovo\HealthCare\de-de\de-de.dll
MOD - [2008.12.30 10:09:34 | 002,088,960 | ---- | M] () -- C:\Programme\Lenovo\Power Dial\LitModeSwitchRes.dll
MOD - [2008.09.27 07:39:26 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\HealthCare\HOOK.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.02.05 13:43:20 | 000,311,296 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtLED\RtLEDService.exe -- (RtLedService)
SRV:64bit: - [2009.09.30 10:19:30 | 000,049,152 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe -- (LenovoCOMSvc)
SRV:64bit: - [2009.09.27 10:37:20 | 000,081,920 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe -- (LitModeCtrl)
SRV - [2011.10.14 14:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- I:\Spiele\internet\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011.09.29 20:23:10 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\windows\SysWow64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.12 11:47:24 | 000,096,752 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe -- (CEEBC40A-FDED-4C59-B354-939132350B01)
SRV - [2009.09.30 13:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 13:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- I:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.09 20:44:12 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.09.08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.08.21 12:27:21 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.08.21 12:22:09 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.08.09 23:32:57 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.07.26 18:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.07.10 15:43:22 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.23 10:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.08.10 07:38:32 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.21 13:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.08.06 11:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008.04.08 04:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.02 10:00:32 | 000,016,200 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 D0 0C B8 38 B4 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marvin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marvin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: I:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.05.10 15:30:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.16 17:08:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.18 15:38:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.10.18 15:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marvin\AppData\Roaming\Mozilla\Extensions
[2011.10.18 15:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\MARVIN\APPDATA\ROAMING\GENIEO\APPLICATION\EXT\SENSOR_FF
[2011.09.29 08:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marvin\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = I:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marvin\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marvin\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Marvin\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
 
O1 HOSTS File: ([2011.11.27 17:22:10 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 217.23.4.166 www.google-analytics.com.
O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.
O1 - Hosts: 217.23.4.166 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - Reg Error: Value error. File not found
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - I:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe (Lenovo)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ModeSwitch] C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe (Lenovo)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [PowerSuite] I:\Programme\Schutz\PowerSuite\Launcher.exe (Uniblue Systems Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93496D7E-FC92-4851-937A-CB8EDF4EF0B0}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll) -C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll) -C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3215cd84-ab03-11e0-ab81-4437e60acb1a}\Shell - "" = AutoRun
O33 - MountPoints2\{3215cd84-ab03-11e0-ab81-4437e60acb1a}\Shell\AutoRun\command - "" = M:\setup.exe
O33 - MountPoints2\{3215cd89-ab03-11e0-ab81-4437e60acb1a}\Shell - "" = AutoRun
O33 - MountPoints2\{3215cd89-ab03-11e0-ab81-4437e60acb1a}\Shell\AutoRun\command - "" = K:\start.exe
O33 - MountPoints2\{8de20088-7a9c-11e0-8002-4437e60acb1a}\Shell - "" = AutoRun
O33 - MountPoints2\{8de20088-7a9c-11e0-8002-4437e60acb1a}\Shell\AutoRun\command - "" = L:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - I:\Programme\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: GenieoSystemTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: GenieoUpdaterService - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: jmekey - hkey= - key= - C:\Program Files (x86)\jmesoft\hotkey.exe (JME)
MsConfig:64bit - StartUpReg: PowerSuite - hkey= - key= - I:\Programme\Schutz\PowerSuite\Launcher.exe (Uniblue Systems Limited)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - I:\Programme\Player\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5} - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig:64bit - StartUpReg: vProt - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.11 20:45:37 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\otl
[2011.12.11 18:56:18 | 000,000,000 | RHSD | C] -- C:\Users\Marvin\M-1-52-5782-8752-5245
[2011.12.08 21:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.05 16:59:34 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\hesselmann
[2011.12.02 18:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite
[2011.11.27 17:21:41 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\BCE60
[2011.11.27 17:21:09 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\927BC
[2011.11.27 17:20:47 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\zhhTTXwjUCelIrP
[2011.11.27 17:20:47 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\tGG55sQQJ6EK8RZ
[2011.11.27 17:20:44 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\rzzOONtxA0uc
[2011.11.27 17:20:44 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\p333pnnG5
[2011.11.27 17:20:43 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\jRLL99hTXqjUekB
[2011.11.25 23:44:28 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Documents\Tunngle
[2011.11.25 23:44:28 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Tunngle
[2011.11.25 23:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2011.11.25 23:44:24 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\windows\SysNative\drivers\tap0901t.sys
[2011.11.25 23:44:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2011.11.25 23:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
[2011.11.25 16:20:13 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011.11.23 22:17:32 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\2
[2011.11.22 17:33:15 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Documents\Battlefield 3
[2011.11.22 17:27:51 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\rld-bf3
[2011.11.22 17:19:53 | 032,908,800 | ---- | C] (EA Digital Illusions CE AB) -- C:\Users\Marvin\Desktop\bf3.exe
[2011.11.22 17:11:38 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\bf3mp-rzr-bta
[2011.11.22 17:03:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2011.11.19 16:24:25 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\Update
[2011.11.19 01:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Archive Password Recovery
[2011.11.19 01:39:13 | 000,000,000 | -HSD | C] -- C:\Users\Marvin\AppData\Local\8cfd349e
[2011.11.19 01:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElcomSoft
[2011.11.19 01:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2011.11.19 01:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intelore
[2010.09.24 15:50:59 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.11 20:48:38 | 000,017,136 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.11 20:48:38 | 000,017,136 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.11 20:47:13 | 001,500,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011.12.11 20:47:13 | 000,654,372 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2011.12.11 20:47:13 | 000,616,254 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011.12.11 20:47:13 | 000,129,986 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2011.12.11 20:47:13 | 000,106,376 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011.12.11 20:41:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011.12.11 20:41:10 | 485,347,327 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.11 20:38:55 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\Access.dat
[2011.12.11 20:38:19 | 000,000,156 | ---- | M] () -- C:\Users\Marvin\defogger_reenable
[2011.12.11 20:18:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3427846483-774009953-675166152-1001UA.job
[2011.12.11 20:18:00 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3427846483-774009953-675166152-1001Core.job
[2011.12.10 01:39:00 | 1035,508,469 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011.12.08 21:16:35 | 000,000,843 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.06 19:38:44 | 002,195,906 | ---- | M] () -- C:\Users\Marvin\Desktop\v8uggl5b.jpg
[2011.12.06 19:38:44 | 002,195,906 | ---- | M] () -- C:\Users\Marvin\Desktop\v8uggl5b - Kopie.jpg
[2011.12.04 18:37:24 | 000,000,693 | ---- | M] () -- C:\Users\Marvin\Desktop\1 - Kopie.bat
[2011.12.04 17:56:12 | 000,001,007 | ---- | M] () -- C:\Users\Marvin\Desktop\1.bat
[2011.12.04 06:34:27 | 000,007,600 | ---- | M] () -- C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg
[2011.12.03 17:03:33 | 000,000,717 | ---- | M] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2011.12.02 19:30:37 | 000,001,955 | ---- | M] () -- C:\Users\Marvin\Desktop\WinSetupFromUSB.lnk
[2011.11.27 17:22:10 | 000,001,392 | RHS- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011.11.26 01:16:39 | 004,941,680 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011.11.25 23:44:25 | 000,000,698 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011.11.25 16:20:20 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\cd.dat
[2011.11.22 16:57:28 | 000,000,631 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011.11.19 16:23:59 | 000,011,634 | ---- | M] () -- C:\Users\Marvin\Desktop\Update.rar
[2011.11.19 01:54:00 | 000,001,008 | ---- | M] () -- C:\windows\ARCHPR.INI
[2011.11.19 00:13:56 | 000,019,903 | ---- | M] () -- C:\Users\Marvin\Desktop\sss.html
 
========== Files Created - No Company Name ==========
 
[2011.12.11 20:38:19 | 000,000,156 | ---- | C] () -- C:\Users\Marvin\defogger_reenable
[2011.12.08 21:16:35 | 000,000,843 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.06 19:45:16 | 002,195,906 | ---- | C] () -- C:\Users\Marvin\Desktop\v8uggl5b - Kopie.jpg
[2011.12.06 19:35:52 | 002,195,906 | ---- | C] () -- C:\Users\Marvin\Desktop\v8uggl5b.jpg
[2011.12.04 17:56:19 | 000,000,693 | ---- | C] () -- C:\Users\Marvin\Desktop\1 - Kopie.bat
[2011.12.04 17:00:03 | 000,001,007 | ---- | C] () -- C:\Users\Marvin\Desktop\1.bat
[2011.12.03 17:03:33 | 000,000,717 | ---- | C] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2011.12.02 17:57:04 | 000,001,955 | ---- | C] () -- C:\Users\Marvin\Desktop\WinSetupFromUSB.lnk
[2011.11.28 00:28:28 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\Access.dat
[2011.11.25 23:44:25 | 000,000,698 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011.11.25 16:20:20 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\cd.dat
[2011.11.25 16:20:09 | 1035,508,469 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011.11.19 16:23:57 | 000,011,634 | ---- | C] () -- C:\Users\Marvin\Desktop\Update.rar
[2011.11.19 01:51:56 | 000,001,008 | ---- | C] () -- C:\windows\ARCHPR.INI
[2011.11.19 00:12:40 | 000,019,903 | ---- | C] () -- C:\Users\Marvin\Desktop\sss.html
[2011.10.24 20:40:15 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011.09.29 20:23:15 | 000,280,904 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011.09.29 20:23:10 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011.08.26 21:28:23 | 000,484,352 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
[2011.08.26 21:13:44 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll
[2011.08.26 21:11:35 | 000,107,520 | RHS- | C] () -- C:\windows\SysWow64\TAKDSDecoder.dll
[2011.05.30 04:51:15 | 001,526,060 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.05.25 15:25:07 | 000,007,600 | ---- | C] () -- C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010.09.25 01:23:36 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2010.09.25 01:23:35 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2009.07.26 22:07:52 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2003.01.07 14:05:08 | 000,002,695 | ---- | C] () -- C:\windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.06.08 16:11:42 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\.minecraft
[2011.11.27 22:32:40 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\927BC
[2011.11.27 22:32:40 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\BCE60
[2011.06.24 11:36:06 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Blender Foundation
[2011.07.30 15:34:04 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\FileZilla
[2011.08.26 21:28:28 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\FreeAudioPack
[2011.08.27 08:04:40 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Genieo
[2011.07.30 21:45:23 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Jens Lorek
[2011.11.27 17:20:43 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\jRLL99hTXqjUekB
[2011.06.26 16:35:58 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\MAXON
[2011.05.26 15:25:52 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Notepad++
[2011.08.26 21:11:33 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\OpenCandy
[2011.11.22 16:58:07 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Origin
[2011.11.27 22:32:40 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\p333pnnG5
[2011.05.10 15:43:37 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\PACE Anti-Piracy
[2011.11.27 17:20:44 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\rzzOONtxA0uc
[2011.11.24 05:57:00 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\SoftGrid Client
[2011.05.10 15:44:21 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.10.09 20:49:32 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Sytexis Software
[2011.11.27 17:20:47 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\tGG55sQQJ6EK8RZ
[2011.05.30 04:51:53 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\TP
[2011.10.08 00:11:43 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\TS3Client
[2011.09.13 15:21:38 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\ts3overlay
[2011.11.26 00:14:16 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Tunngle
[2011.07.17 14:49:35 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Uniblue
[2011.12.09 18:55:50 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\uTorrent
[2011.11.27 17:20:48 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\zhhTTXwjUCelIrP
[2011.11.25 16:20:19 | 000,032,620 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.05.09 20:02:35 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.10.08 11:58:56 | 000,000,000 | ---D | M] -- C:\ATI
[2009.07.26 03:01:44 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.05.09 20:02:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.14 15:35:24 | 000,000,000 | ---D | M] -- C:\Drivers
[2010.09.24 15:29:19 | 000,000,000 | ---D | M] -- C:\Intel
[2011.07.25 18:27:28 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.10.08 12:04:31 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.08 20:57:12 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.12.07 05:48:20 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.05.09 20:02:27 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.05.09 20:02:27 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.12.11 20:51:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.09.24 15:56:09 | 000,000,000 | ---D | M] -- C:\Templenovo
[2011.06.24 11:59:16 | 000,000,000 | ---D | M] -- C:\tmp
[2011.05.09 20:02:32 | 000,000,000 | ---D | M] -- C:\Users
[2011.12.10 01:39:00 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\windows\SysNative\drivers\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2006.02.28 13:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\Users\Marvin\Downloads\111usb xp\win xp von iso\I386\REGEDIT.EXE
[2006.02.28 12:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\Users\Marvin\Downloads\111usb xp\winL\I386\REGEDIT.EXE
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
[2002.08.29 02:43:40 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=FD95FFECC4B1FE72597D7FA6AF8C2870 -- C:\Users\Marvin\Downloads\111usb xp\win xp 2\I386\REGEDIT.EXE
[2002.08.29 02:43:40 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=FD95FFECC4B1FE72597D7FA6AF8C2870 -- C:\Users\Marvin\Downloads\111usb xp\win xp cd\WXPSP1_DE\I386\REGEDIT.EXE
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1126 bytes -> C:\Users\Marvin\AppData\Local\Temp:FEFcpEaOBT7B4EM5nlZM7LDt

< End of report >
         
Extra.txt

Code:
ATTFilter
OTL Extras logfile created on: 11.12.2011 20:47:35 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Marvin\Desktop\otl
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,94 Gb Total Physical Memory | 4,27 Gb Available Physical Memory | 71,86% Memory free
11,93 Gb Paging File | 10,25 Gb Available in Paging File | 85,87% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,47 Gb Total Space | 550,20 Gb Free Space | 59,84% Space Free | Partition Type: NTFS
Drive I: | 918,37 Gb Total Space | 812,23 Gb Free Space | 88,44% Space Free | Partition Type: NTFS
 
Computer Name: MARVIN-PC | User Name: Marvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "I:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- I:\Programme\Adobe CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "I:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "I:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- I:\Programme\Adobe CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "I:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{2FF4F477-2D6E-12F0-A32E-749C05345D3D}" = ccc-utility64
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}" = RtLED
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Blender" = Blender
"MAXON12D7161C" = NET Render Client / CINEMA 4D 11.530
"MAXONDF60C9BB" = CINEMA 4D Demo 12.021
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PROSet" = Intel(R) Network Connections Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05912563-6E7E-450E-9510-B327DD05A831}" = Catalyst Control Center - Branding
"{06C7E071-2332-1F6F-B1F2-0859231776A4}" = CCC Help Chinese Standard
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0E7CCE-E1F3-483E-98A5-FCB131AA8735}" = Genesys USB Mass Storage Device
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0EE78E05-93E6-228D-3CDC-B789A88967D2}" = CCC Help Thai
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11A53AF0-BACC-EC34-856E-B577705F918C}" = CCC Help Russian
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1DFF4592-4BE6-DA0A-F51F-209E029393D5}" = Catalyst Control Center Graphics Previews Common
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22A3701B-230D-BB08-0C2B-7079E7B393CF}" = ccc-core-static
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E9D18A-BA47-2982-B186-5B9D8B1D5A6E}" = Catalyst Control Center InstallProxy
"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30AE7F6A-7520-8143-F8F3-CDAA1EFEEE1A}" = CCC Help Greek
"{3167A895-579D-AD84-E159-FC78F0267E4E}" = CCC Help Finnish
"{31B2FCA8-E303-F2D1-FF9C-60D9DAAF2279}" = Catalyst Control Center Graphics Light
"{31F02EA5-6E18-2669-DF26-5C7CE693117A}" = CCC Help Dutch
"{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}" = Roxio BackOnTrack
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42B21298-C850-4272-AFD9-636CBC005421}" = LXH-JME2207FN Hotkey Driver
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{47E1443B-24B2-8FC8-6ED7-A8B635488620}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACE30D2-2769-ECF2-E5B1-55B170A6646D}" = Catalyst Control Center Graphics Full Existing
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58872B3A-DC34-73CD-9CAF-C0911802BDA4}" = CCC Help Japanese
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{607C50A1-3577-38A1-B750-7D43A8B7F818}" = CCC Help French
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66D4F501-A0D4-1D47-8DD6-B14E14201EE6}" = CCC Help English
"{6803ED4F-1FD9-A831-A881-1D5CDB692558}" = CCC Help Spanish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6ADDDBA5-60F3-8753-8759-F3FFE59FB0B3}" = CCC Help Chinese Traditional
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{85BB7BA8-84EC-8604-F20C-69F6323C4662}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D40721A-6C0E-6214-C0CB-A1A6513E2E8D}" = Catalyst Control Center Graphics Previews Vista
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{901E0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 German User Interface Pack
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9610EC3A-C7A0-4C31-9F3B-F9020C582B47}" = Lenovo Healthcare Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9DED577E-73FB-4F6F-B4C7-85D4FAAEF4D1}" = CCC Help Turkish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AE3D06C4-389E-91D1-D720-D607263B8268}" = CCC Help Portuguese
"{B673638D-5EE9-4E6A-0A4C-0F230C9236E1}" = CCC Help Korean
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE96ADE2-B0DD-89E0-EE25-ADD44CE5AFD5}" = Catalyst Control Center Localization All
"{D064BA6A-E756-8029-EFCF-64EFE8E04CB5}" = CCC Help Czech
"{D094BB2A-384F-6488-0468-6F0EABAFAAD3}" = CCC Help Polish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D40D3778-2EFD-BE3E-9BE5-CA0A432F6D76}" = Catalyst Control Center Graphics Full New
"{D503841B-2A7C-A2B9-9008-992EC80D6AE3}" = CCC Help Italian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EF2DF595-9250-E6D0-8CFA-1E6D6A2F2080}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0C9E8E9-C54B-48C1-9192-F5D49633AB5D}" = Harry Potter und die Heiligtümer des Todes(TM) - Teil 2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29CBF73-C211-4616-898A-379A2679F990}" = ThemeWallpaper
"{F733873A-D4B9-A563-E051-62A6A9D2EB55}" = CCC Help German
"{F76BC600-E90E-5ABD-A75F-07EC808B4C5F}" = Catalyst Control Center Core Implementation
"{F84691A3-49CB-FD8B-A76D-90FD18997AE8}" = CCC Help Hungarian
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F90F759A-78EF-4370-B25E-EC5F710D1097}" = Power Dial
"Adobe AIR" = Adobe AIR
"AutoItv3" = AutoIt v3.3.6.1
"Battlelog Web Plugins" = Battlelog Web Plugins
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.0" = ESN Sonar
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"nLite_is1" = nLite 1.4.9.1
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"PE Builder_is1" = PE Builder 3.1.10a
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RealFlow 2012" = RealFlow 2012
"RealFlow 5" = RealFlow 5
"S3 Gold" = The Settlers III Gold Edition
"Searchqu 0 MediaBar" = Windows Searchqu Toolbar
"Siedler3Deinstall" = Siedler3
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"Web Stream Recorder 2010" = Web Stream Recorder 2010
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.0
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinSetupFromUSB" = WinSetupFromUSB
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.12.2011 13:45:18 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0x163c  Startzeit der fehlerhaften Anwendung: 0x01ccb5d12521a3a3
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 63fc13e9-21c4-11e1-9b12-4437e60acb1a
 
Error - 08.12.2011 14:00:20 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0x1648  Startzeit der fehlerhaften Anwendung: 0x01ccb5d33ed64873
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 7da6cd4c-21c6-11e1-9b12-4437e60acb1a
 
Error - 08.12.2011 14:15:22 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0xa1c  Startzeit der fehlerhaften Anwendung: 0x01ccb5d55883218f
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 97321462-21c8-11e1-9b12-4437e60acb1a
 
Error - 08.12.2011 14:30:24 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c8f9  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0000000000018e3d
ID
 des fehlerhaften Prozesses: 0x15f4  Startzeit der fehlerhaften Anwendung: 0x01ccb5d772021075
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: b0e1b0ef-21ca-11e1-9b12-4437e60acb1a
 
Error - 08.12.2011 14:45:26 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0x155c  Startzeit der fehlerhaften Anwendung: 0x01ccb5d98bb669b0
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: ca607a1e-21cc-11e1-9b12-4437e60acb1a
 
Error - 08.12.2011 14:56:34 | Computer Name = Marvin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 08.12.2011 14:57:30 | Computer Name = Marvin-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\searchhelper.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 08.12.2011 15:00:26 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0x13e4  Startzeit der fehlerhaften Anwendung: 0x01ccb5dba55b7dd5
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: e3580df6-21ce-11e1-9b12-4437e60acb1a
 
Error - 08.12.2011 15:15:28 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0x904  Startzeit der fehlerhaften Anwendung: 0x01ccb5ddbe2b6442
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: fd06e5db-21d0-11e1-9b12-4437e60acb1a
 
Error - 08.12.2011 15:30:30 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c8f9  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0000000000018e3d
ID
 des fehlerhaften Prozesses: 0x1858  Startzeit der fehlerhaften Anwendung: 0x01ccb5dfd7d3fca3
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 169c4435-21d3-11e1-9b12-4437e60acb1a
 
[ Media Center Events ]
Error - 16.08.2011 22:10:38 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0
Description = 04:10:38 - Fehler beim Herstellen der Internetverbindung.  04:10:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.08.2011 22:10:43 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0
Description = 04:10:43 - Fehler beim Herstellen der Internetverbindung.  04:10:43 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.08.2011 23:10:48 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0
Description = 05:10:48 - Fehler beim Herstellen der Internetverbindung.  05:10:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.08.2011 23:10:53 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0
Description = 05:10:53 - Fehler beim Herstellen der Internetverbindung.  05:10:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.08.2011 00:10:58 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0
Description = 06:10:58 - Fehler beim Herstellen der Internetverbindung.  06:10:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.08.2011 00:11:03 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0
Description = 06:11:03 - Fehler beim Herstellen der Internetverbindung.  06:11:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.08.2011 11:45:31 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0
Description = 17:45:31 - Fehler beim Herstellen der Internetverbindung.  17:45:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.08.2011 11:45:40 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0
Description = 17:45:36 - Fehler beim Herstellen der Internetverbindung.  17:45:36 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.11.2011 11:22:46 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0
Description = 16:22:46 - Fehler beim Herstellen der Internetverbindung.  16:22:46 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.11.2011 11:22:57 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0
Description = 16:22:52 - Fehler beim Herstellen der Internetverbindung.  16:22:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 07.12.2011 11:17:12 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 07.12.2011 17:47:18 | Computer Name = Marvin-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 07.12.2011 17:47:18 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund 
folgenden Fehlers nicht gestartet:   %%183
 
Error - 07.12.2011 17:47:18 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%183
 
Error - 07.12.2011 17:47:20 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PnkBstrA" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 07.12.2011 17:47:35 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 08.12.2011 00:30:22 | Computer Name = Marvin-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 08.12.2011 00:30:23 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund 
folgenden Fehlers nicht gestartet:   %%183
 
Error - 08.12.2011 00:30:23 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%183
 
Error - 08.12.2011 00:30:23 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PnkBstrA" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
 
< End of report >
         
__________________


Alt 12.12.2011, 15:45   #3
markusg
/// Malware-holic
 
FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen - Standard

FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen



1. warum fixt du einfach irgendwelche einträge, willst du das die programme dann evtl. nicht mehr richtig laufen?
2. nutzt du das system für onlinebanking einkäufe sonstige zahlungsabwicklungen oder sonst was wichtiges?
__________________
__________________

Alt 12.12.2011, 16:46   #4
nivram
 
FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen - Standard

FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen



zu 1.
ich habe diese gefixd da ich diese nicht installiert habe und sie dem Pc schaden ich finde dann sollte man soetwas fixen und nicht rauszögern, nach erneutem Scan mit HijackThis sind die eh wider da also hat das fixen nix gebracht, und deswegen hoffte ich hier nach einer Lösung.

zu 2.
Nein, keinerlei Geschäftsabwicklung mit dem Pc.

Alt 12.12.2011, 16:56   #5
markusg
/// Malware-holic
 
FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen - Standard

FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen



1. blödsinn, nur 1 eintrag davon war gefährlich.
2.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.12.2011, 18:59   #6
nivram
 
FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen - Standard

FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen



die Seite hxxp://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird kann ich nicht erreichen werde mir woanders eine anleitung suchen

Alt 12.12.2011, 19:43   #7
nivram
 
FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen - Standard

FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen



habe nun combo gestartet und nach dem automatischen neustart komme ich nicht mehr in i-net weil ich weder Google Chrome I-net explorer oder FF start kann meldung "es wurde versucht einen registrierungsschlüssel einem unzulässigen vorgang zu unterziehen der zum löschen markiert wurde"

diese meldung kommt aber bei mehreren programmen vom calc.exe(rechner) bis zum editor.

die combofix ist im anhang

Alt 12.12.2011, 19:54   #8
markusg
/// Malware-holic
 
FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen - Standard

FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen



starte mal neu dann ist die meldung weg
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.12.2011, 19:55   #9
markusg
/// Malware-holic
 
FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen - Standard

FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.12.2011, 19:59   #10
nivram
 
FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen - Standard

FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen



jap kann auch malware starten und läuft bereits nach einen erneutem neustart,
sobald er fertig ist poste ich das Log.

Alt 12.12.2011, 21:07   #11
nivram
 
FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen - Standard

FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen



so Maleware ist fertig hier der log

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8357

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12.12.2011 21:06:28
mbam-log-2011-12-12 (21-06-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|Q:\|)
Durchsuchte Objekte: 600816
Laufzeit: 1 Stunde(n), 7 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Marvin\m-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Infizierte Dateien:
i:\programme\test\i386\fsquirt.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.
c:\Users\Marvin\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
         

Alt 12.12.2011, 21:32   #12
markusg
/// Malware-holic
 
FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen - Standard

FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen



also,
dein pc ist ziemlich stark infiziert.
auch wenn du kein onlinebanking machst könnte es sein das dein pc für straftaten missbraucht wird.
man kann nie 100 %ig sicher sagen das dieses system vernünftig, heißt vollständig, zu bereinigen ist.
deswegen würde ich vorschlagen dieses system, nach datensicherung, bilder dokumente musik filme, neu aufzusetzen, vernünftig abzusichern und dann alle passwörter zu endern, natürlich werde ich dir gern dabei helfen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen
0x8007042c, adobe, bho, bundestojaner, defender, dll, einstellungen, excel, fehlercode 0x8007042c, google, google chrome, hijack, hijackthis, home, internet explorer, laufwerk c, lenovo, logfile, nicht öffnen, notification, ordner, performance, plug-in, realtek, rundll, schutz, searchqu toolbar, security, seiten, software, suche, system, tojaner, trojan.agent.ge, usb, wmp




Ähnliche Themen: FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen


  1. Weiterleitungen auf komische Seiten und Werbung
    Plagegeister aller Art und deren Bekämpfung - 24.05.2015 (3)
  2. Spielangebote, Sexwerbung und ungewollte Weiterleitungen
    Plagegeister aller Art und deren Bekämpfung - 17.02.2014 (1)
  3. Ihavenet.com weiterleitungen
    Log-Analyse und Auswertung - 02.11.2013 (22)
  4. Komische Weiterleitungen
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (9)
  5. Werbetrojaner - Weiterleitungen von Google
    Log-Analyse und Auswertung - 14.05.2013 (11)
  6. Chitka Popups/ falsche Weiterleitungen
    Log-Analyse und Auswertung - 16.04.2013 (9)
  7. Haeufige Abstuerze und weiterleitungen im Firefox
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (11)
  8. Trojaner? Weiterleitungen im Firefox etc...
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (3)
  9. Werbung und falsche Weiterleitungen
    Plagegeister aller Art und deren Bekämpfung - 19.05.2012 (13)
  10. Weiterleitungen und ,,Recommended for you"-Popups
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (3)
  11. Fehlerhafte Weiterleitungen bei google
    Log-Analyse und Auswertung - 20.07.2011 (4)
  12. Unerwünschte Google-Weiterleitungen
    Log-Analyse und Auswertung - 16.04.2011 (16)
  13. PC-Neustart bei Teamspeak und Skype; Google-Weiterleitungen
    Log-Analyse und Auswertung - 19.03.2009 (3)
  14. Weiterleitungen und Popups Im IE
    Log-Analyse und Auswertung - 18.02.2009 (3)
  15. Falsche weiterleitungen (Google)+ Darstellungsfehler
    Log-Analyse und Auswertung - 08.09.2008 (1)
  16. Ständige Weiterleitungen und Pop-Ups
    Log-Analyse und Auswertung - 14.05.2008 (13)

Zum Thema FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen - kurz mal mein System: habe einen Lenovo Win7 Pc Home Premium SP1 64bit Intel core i7 hatte vor ein paar Wochen den Bundestojaner auf dem PC und auch erfolgreich entfernt - FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen...
Archiv
Du betrachtest: FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.