browsersafesearching.com Standardsuchmaschine nach Installation von steam-download.de

KGLeiss · 28.12.2011, 01:46

Ein anderer User hat bereits das gleiche Problem gepostet:

Firefox Home Page schickt mich zu browsersafesearch.com

Dort wurde ihm anscheinend geholfen. Bei einigen Einträgen wurde aber erwähnt, dass die nicht von anderen User nachgemacht werden sollen.

Problembeschreibung:

Ich habe von steam-download.de ein Programm herunter geladen und dummerweise installiert. (Ich weiß - verdammt unvorsichtig.)
Dann wurde ein Fenster in meinem Browser geöffnet, das mich aufforderte, ein Plugin zu installieren. Das hat mich stutzig gemacht.
Ich wollte nun durch Eingabe der Suchwörter in die Adresszeile des Browsers nach dem Namen dieses Plugins suchen, um zu erfahren, ob es gutartig ist. Statt auf meine normale Suchmaschine wurde ich dabei auf browsersafesearching.com umgeleitet, was mich noch mehr stutzig gemacht hat.
Meine weitere Suche nach browsersafesearching.com führte mich zu diesem Forum.
Nun befürchte ich, mir eine Schadsoftware eingefangen zu haben.

Wer kann mir helfen, indem er mir entweder Entwarnung gibt (und mir sagt, wie ich diese blöde Suchmaschine loswerde) oder mir hilft, mein System wieder zu säubern?

Danke!

Hier die Logs:

=======================================
OTL.TXT
=======================================

OTL logfile created on: 27.12.2011 23:46:17 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Knut Leiss\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,91 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 74,13% Memory free
5,81 Gb Paging File | 4,78 Gb Available in Paging File | 82,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,33 Gb Total Space | 131,71 Gb Free Space | 59,51% Space Free | Partition Type: NTFS
Drive D: | 221,33 Gb Total Space | 220,70 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive E: | 551,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: KNUT-LAPTOP2010 | User Name: Knut Leiss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.27 23:40:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Knut Leiss\Desktop\OTL.exe
PRC - [2011.10.19 13:00:48 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011.08.31 08:43:16 | 000,074,240 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.08.04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.04.01 12:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.10 20:22:52 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Programme\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009.10.02 23:29:38 | 000,694,816 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2011.11.08 21:46:02 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.12.27 21:02:28 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Disabled | Stopped] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.08.31 08:43:16 | 000,074,240 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.09.04 07:47:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.04.01 12:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.11.10 20:23:06 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Disabled | Stopped] -- C:\Programme\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009.10.02 23:29:16 | 000,690,720 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.01.05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.06 08:30:39 | 000,022,528 | ---- | M] (pBUS-167 Software - hxxp://www.pbus-167.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nhcDriver.sys -- (nhcDriverDevice)
DRV - [2010.03.15 13:32:36 | 000,034,304 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\siudi5.sys -- (Siudi)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.26 02:25:16 | 000,029,744 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.09.23 08:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.09.15 05:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.08.22 22:14:06 | 004,232,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.01 05:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.08 09:14:14 | 000,165,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2007.04.18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_8371&r=27050610j506l0421z265x64j1k90n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_8371&r=27050610j506l0421z265x64j1k90n

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_8371&r=27050610j506l0421z265x64j1k90n
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_8371&r=27050610j506l0421z265x64j1k90n
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.salsa-macht-spass.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:1.5.0
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.8
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {DA3A89AB-2DCA-4a29-8FEA-3C9E79BBF113}:1.0
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearching.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearching.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.12.18 09:21:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011.09.05 13:15:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.14 21:05:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.20 20:48:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.18 12:22:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010.06.30 23:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Knut Leiss\AppData\Roaming\mozilla\Extensions
[2010.06.30 23:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Knut Leiss\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.27 20:16:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Knut Leiss\AppData\Roaming\mozilla\Firefox\Profiles\2yox25zl.default\extensions
[2010.06.30 23:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Knut Leiss\AppData\Roaming\mozilla\Firefox\Profiles\2yox25zl.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010.06.30 23:34:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Knut Leiss\AppData\Roaming\mozilla\Firefox\Profiles\2yox25zl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.21 13:54:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Knut Leiss\AppData\Roaming\mozilla\Firefox\Profiles\2yox25zl.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.06.30 23:37:29 | 000,000,000 | ---D | M] ("Google PageRank Status [de]") -- C:\Users\Knut Leiss\AppData\Roaming\mozilla\Firefox\Profiles\2yox25zl.default\extensions\{DA3A89AB-2DCA-4a29-8FEA-3C9E79BBF113}
[2010.11.23 21:53:06 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Knut Leiss\AppData\Roaming\mozilla\Firefox\Profiles\2yox25zl.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.18 09:17:41 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Knut Leiss\AppData\Roaming\mozilla\Firefox\Profiles\2yox25zl.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.08.29 20:06:18 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Knut Leiss\AppData\Roaming\mozilla\Firefox\Profiles\2yox25zl.default\extensions\foxmarks@kei.com
[2011.12.27 20:15:57 | 000,000,000 | ---D | M] (instplugin) -- C:\Users\Knut Leiss\AppData\Roaming\mozilla\Firefox\Profiles\2yox25zl.default\extensions\info@instmin.com
[2011.09.06 18:28:13 | 000,001,872 | ---- | M] () -- C:\Users\Knut Leiss\AppData\Roaming\Mozilla\Firefox\Profiles\2yox25zl.default\searchplugins\web-search-powered-by-google.xml
[2011.11.14 21:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.28 08:54:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\KNUT LEISS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YOX25ZL.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\KNUT LEISS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YOX25ZL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\KNUT LEISS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YOX25ZL.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\USERS\KNUT LEISS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YOX25ZL.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
() (No name found) -- C:\USERS\KNUT LEISS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YOX25ZL.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\KNUT LEISS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YOX25ZL.DEFAULT\EXTENSIONS\TOOLBAR@ALEXA.COM.XPI
[2011.11.14 21:05:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.11 19:01:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.11 19:01:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.11 19:01:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 19:01:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.27 20:15:57 | 000,000,161 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2011.10.11 19:01:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 19:01:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (instplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Knut Leiss\AppData\Roaming\instplugin\toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Knut Leiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Knut Leiss\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71E4B669-D6F6-4663-BC42-C8F26C2DB197}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFEA3F97-4290-47B9-B825-87BC5792C5C4}: DhcpNameServer = 192.168.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7618A32-09FE-413E-880D-0F84F6926187}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999.10.01 15:47:28 | 000,024,064 | R--- | M] (D) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2009.08.19 13:41:47 | 000,000,049 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009.08.19 13:41:42 | 000,000,171 | R--- | M] () - E:\AUTORUN.INI -- [ CDFS ]
O33 - MountPoints2\{ccd79809-2cd9-11e1-a021-001e33264c39}\Shell - "" = AutoRun
O33 - MountPoints2\{ccd79809-2cd9-11e1-a021-001e33264c39}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE -- [1999.10.01 15:47:28 | 000,024,064 | R--- | M] (D)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Knut Leiss^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Bitcoin.lnk - C:\Programme\Bitcoin\bitcoin.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AutosetFrequency - hkey= - key= - C:\Windows\AutosetFrequency.exe ( )
MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: Global Registration - hkey= - key= - File not found
MsConfig - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MsConfig - StartUpReg: NotebookHardwareControl - hkey= - key= - C:\Program Files\Notebook Hardware Control\nhc.exe (hxxp://www.pbus-167.com)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: VitaKeyPdtWzd - hkey= - key= - C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.12.27 23:40:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Knut Leiss\Desktop\OTL.exe
[2011.12.27 21:07:24 | 000,000,000 | ---D | C] -- C:\Users\Knut Leiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011.12.27 21:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011.12.27 21:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011.12.27 21:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011.12.27 20:15:55 | 000,000,000 | ---D | C] -- C:\Users\Knut Leiss\AppData\Roaming\instplugin
[2011.12.25 12:53:10 | 000,000,000 | ---D | C] -- C:\Users\Knut Leiss\AppData\Local\Fritz und Fertig
[2011.12.25 12:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fritz und Fertig
[2011.12.25 12:48:59 | 000,000,000 | ---D | C] -- C:\Users\Knut Leiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.12.25 12:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmierung
[2011.12.24 10:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2011.12.19 19:41:28 | 000,000,000 | ---D | C] -- C:\Users\Knut Leiss\AppData\Local\Mayura_Software
[2011.12.19 18:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mayura Software
[2011.12.19 18:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\DreamQuest
[2011.12.19 18:00:22 | 000,000,000 | ---D | C] -- C:\Users\Knut Leiss\AppData\Local\TempDIR
[2011.12.19 17:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Brutal Chess
[2011.11.30 11:30:32 | 000,000,000 | ---D | C] -- C:\Users\Knut Leiss\AppData\Roaming\postgresql
[2011.11.30 11:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\pgAdmin III
[2010.02.26 02:27:27 | 000,055,808 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[1 C:\Users\Knut Leiss\Desktop\*.tmp files -> C:\Users\Knut Leiss\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.27 23:40:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Knut Leiss\Desktop\OTL.exe
[2011.12.27 23:38:11 | 000,000,000 | ---- | M] () -- C:\Users\Knut Leiss\defogger_reenable
[2011.12.27 23:36:37 | 000,050,477 | ---- | M] () -- C:\Users\Knut Leiss\Desktop\Defogger.exe
[2011.12.27 23:05:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.27 21:00:49 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011.12.27 20:18:39 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.27 20:09:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.26 10:31:17 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 10:31:17 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 09:36:10 | 172,843,377 | ---- | M] () -- C:\Users\Knut Leiss\Desktop\jahresrueckblick2011.mp4
[2011.12.25 12:48:58 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.25 12:48:58 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.25 12:48:58 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.25 12:48:58 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.22 21:16:40 | 000,432,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.22 21:16:24 | 2339,508,224 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.21 15:41:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.21 15:01:35 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011.12.20 19:49:44 | 000,000,029 | ---- | M] () -- C:\Windows\Battle.ini
[2011.12.01 10:12:47 | 010,331,351 | ---- | M] () -- C:\Users\Knut Leiss\Desktop\This Is Not A Tango.mp3
[2011.12.01 10:10:59 | 004,503,168 | ---- | M] () -- C:\Users\Knut Leiss\Desktop\06-_ Sabroso Guaguanco.mp3
[2011.12.01 10:10:14 | 009,610,553 | ---- | M] () -- C:\Users\Knut Leiss\Desktop\Habana con Kola.mp3
[1 C:\Users\Knut Leiss\Desktop\*.tmp files -> C:\Users\Knut Leiss\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.27 23:38:11 | 000,000,000 | ---- | C] () -- C:\Users\Knut Leiss\defogger_reenable
[2011.12.27 23:36:36 | 000,050,477 | ---- | C] () -- C:\Users\Knut Leiss\Desktop\Defogger.exe
[2011.12.27 21:00:49 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011.12.26 12:06:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.12.26 09:32:00 | 172,843,377 | ---- | C] () -- C:\Users\Knut Leiss\Desktop\jahresrueckblick2011.mp4
[2011.12.21 15:41:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.20 19:10:54 | 000,000,029 | ---- | C] () -- C:\Windows\Battle.ini
[2011.12.01 10:12:29 | 010,331,351 | ---- | C] () -- C:\Users\Knut Leiss\Desktop\This Is Not A Tango.mp3
[2011.12.01 10:10:49 | 004,503,168 | ---- | C] () -- C:\Users\Knut Leiss\Desktop\06-_ Sabroso Guaguanco.mp3
[2011.12.01 10:10:04 | 009,610,553 | ---- | C] () -- C:\Users\Knut Leiss\Desktop\Habana con Kola.mp3
[2011.07.04 12:54:17 | 000,495,104 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.05.30 09:48:07 | 000,000,074 | ---- | C] () -- C:\Windows\wininit.ini
[2011.05.10 12:47:39 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.05.10 12:47:37 | 000,000,246 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.05.10 12:45:32 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.10 12:45:32 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bd9450cd.dat
[2011.05.10 12:45:32 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.05.10 12:44:23 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bd9450cn.dat
[2011.05.10 12:44:18 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.05.10 12:44:18 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.05.10 12:44:17 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011.05.10 12:44:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011.05.10 12:44:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BAOCH06A.DAT
[2011.05.10 12:44:09 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011.04.28 08:59:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.27 21:03:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.08.18 12:00:59 | 000,000,033 | ---- | C] () -- C:\Windows\DVC2.INI
[2010.07.10 19:44:21 | 000,012,800 | ---- | C] () -- C:\Users\Knut Leiss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.07 20:59:52 | 000,007,605 | ---- | C] () -- C:\Users\Knut Leiss\AppData\Local\Resmon.ResmonCfg
[2010.07.05 12:10:50 | 000,000,098 | ---- | C] () -- C:\Users\Knut Leiss\AppData\Local\fusioncache.dat
[2010.06.30 22:43:11 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.06.30 08:59:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.02.26 11:05:13 | 000,664,634 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.02.26 11:05:13 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.02.26 11:05:13 | 000,134,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.02.26 11:05:13 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.02.26 02:54:04 | 000,001,018 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2010.02.26 02:27:27 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010.02.26 02:27:27 | 000,000,742 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010.02.26 02:26:24 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2010.02.26 02:26:24 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010.02.26 02:26:24 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2010.02.26 02:26:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010.02.26 02:26:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010.02.26 02:26:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010.02.26 02:26:24 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.10.20 23:54:25 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.10.20 06:47:24 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.10.20 06:47:23 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.10.20 06:47:23 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.10.20 06:47:23 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,432,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,624,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,110,414 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.08.16 14:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005.12.21 15:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 15:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll

========== LOP Check ==========

[2010.07.05 12:17:29 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\.mono
[2011.08.30 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\Amazon
[2010.10.13 10:30:27 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\AnvSoft
[2011.08.17 07:40:39 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\Bitcoin
[2011.12.27 21:03:28 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\Dropbox
[2011.12.14 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\FileZilla
[2010.10.13 12:38:55 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\HamsterSoft
[2010.08.26 06:52:23 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\HTC
[2010.08.26 06:52:31 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.12.27 20:15:57 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\instplugin
[2010.07.05 16:11:11 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\IrfanView
[2010.07.04 18:21:26 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\KeePass
[2011.09.05 14:35:05 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\Notepad++
[2011.02.04 13:14:33 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\OpenOffice.org
[2011.11.30 11:30:32 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\postgresql
[2010.09.17 10:23:05 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\saveTV
[2010.06.30 23:24:56 | 000,000,000 | ---D | M] -- C:\Users\Knut Leiss\AppData\Roaming\Thunderbird
[2011.05.04 16:09:48 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2010.08.18 11:23:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.02.26 02:19:51 | 000,000,000 | ---D | M] -- C:\book
[2010.08.18 11:58:20 | 000,000,000 | ---D | M] -- C:\Daslight Virtual Controller 2
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.06.29 18:04:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.10.20 23:47:14 | 000,000,000 | ---D | M] -- C:\Intel
[2010.07.06 13:22:25 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.06.29 18:38:13 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.27 21:00:43 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.09.05 13:15:11 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.06.29 18:04:57 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.06.29 18:04:57 | 000,000,000 | -HSD | M] -- C:\Recovery
[2010.07.05 11:42:58 | 000,000,000 | ---D | M] -- C:\SimpleDance
[2011.12.27 23:48:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.08.18 11:23:11 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.27 21:00:50 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

< MD5 for: AFD.SYS >
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-14 22:41:17

< End of report >

=======================================
Extras.txt
=======================================

OTL Extras logfile created on: 27.12.2011 23:46:17 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Knut Leiss\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,91 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 74,13% Memory free
5,81 Gb Paging File | 4,78 Gb Available in Paging File | 82,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,33 Gb Total Space | 131,71 Gb Free Space | 59,51% Space Free | Partition Type: NTFS
Drive D: | 221,33 Gb Total Space | 220,70 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive E: | 551,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: KNUT-LAPTOP2010 | User Name: Knut Leiss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{134B3187-7ADE-4E18-B3AF-EE60493CBC57}" = StarMoney 6.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{47879FA7-BC8F-4D7F-8057-86D0416579FA}" = StarMoney
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}" = Spellforce 2 Gold
"{78267B6F-A60B-4550-B876-C15BF31BBA0F}" = Mayura Chess Board
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E8242F8-BD2A-44D7-BCED-9B231A02B367}" = SpellForce 2 Patch
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{878E6E1F-C719-4A0C-AAD4-85C5CCBB0149}" = StarMoney 7.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1" = Free Video Cutter 1.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4A52A73-B0B7-4BDA-BAED-83D054F63FAE}" = pgAdmin III 1.8
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite MFC-9450CDN
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.143.1229
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB249302-FB94-4578-84FE-7B856C315779}" = HTC Sync
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"4298A0BE5CA1FAC3CBE747A0618F1B5D4896D84A" = Windows-Treiberpaket - Das (Siudi-Stick) USB (03/15/2010 1.2.3)
"621FAE811D7AEDEA63FE978C87FE6620B4117A1E" = Windows-Treiberpaket - Das (Siudi) USB (03/15/2010 1.5.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Brutal Chess" = Brutal Chess
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"FileZilla Client" = FileZilla Client 3.5.2
"FreeChess" = 100% Free Chess 7.42
"Freemake Video Converter_is1" = Freemake Video Converter Version 2.3.4
"Fritz und Fertig 1" = Fritz und Fertig 1
"GoldWave v5.10" = GoldWave v5.10
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"instplugin" = instplugin
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.17
"LogMeIn Hamachi" = LogMeIn Hamachi
"MegaGlest" = MegaGlest v3.4.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
"Notepad++" = Notepad++
"Steam App 8930" = Sid Meier's Civilization V
"TeamViewer 6" = TeamViewer 6
"TVWiz" = Intel(R) TV Wizard
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite" = Windows Live Essentials
"XMind" = XMind

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"64ad468768c89317" = Save.TV EasyRecord DownloadManager
"Bitcoin" = Bitcoin
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27.12.2011 18:54:03 | Computer Name = Knut-Laptop2010 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/27 23:54:03.219]: [00001908]: GetDeviceIpAddress:
GetAddressByName [BRNF35679] Error

Error - 27.12.2011 18:54:04 | Computer Name = Knut-Laptop2010 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/27 23:54:04.015]: [00001908]: GetDeviceIpAddress:
GetAddressByName [BRNF102CB] Error

Error - 27.12.2011 18:54:38 | Computer Name = Knut-Laptop2010 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/27 23:54:38.444]: [00001908]: GetDeviceIpAddress:
GetAddressByName [BRNF35679] Error

Error - 27.12.2011 18:54:39 | Computer Name = Knut-Laptop2010 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/27 23:54:39.240]: [00001908]: GetDeviceIpAddress:
GetAddressByName [BRNF102CB] Error

Error - 27.12.2011 18:55:13 | Computer Name = Knut-Laptop2010 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/27 23:55:13.669]: [00001908]: GetDeviceIpAddress:
GetAddressByName [BRNF35679] Error

Error - 27.12.2011 18:55:14 | Computer Name = Knut-Laptop2010 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/27 23:55:14.465]: [00001908]: GetDeviceIpAddress:
GetAddressByName [BRNF102CB] Error

Error - 27.12.2011 18:55:48 | Computer Name = Knut-Laptop2010 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/27 23:55:48.894]: [00001908]: GetDeviceIpAddress:
GetAddressByName [BRNF35679] Error

Error - 27.12.2011 18:55:49 | Computer Name = Knut-Laptop2010 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/27 23:55:49.690]: [00001908]: GetDeviceIpAddress:
GetAddressByName [BRNF102CB] Error

Error - 27.12.2011 18:56:24 | Computer Name = Knut-Laptop2010 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/27 23:56:24.119]: [00001908]: GetDeviceIpAddress:
GetAddressByName [BRNF35679] Error

Error - 27.12.2011 18:56:24 | Computer Name = Knut-Laptop2010 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/27 23:56:24.914]: [00001908]: GetDeviceIpAddress:
GetAddressByName [BRNF102CB] Error

[ OSession Events ]
Error - 09.11.2010 17:20:36 | Computer Name = Knut-Laptop2010 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10.06.2011 08:52:27 | Computer Name = Knut-Laptop2010 | Source = bowser | ID = 8003
Description =

Error - 10.06.2011 09:24:01 | Computer Name = Knut-Laptop2010 | Source = bowser | ID = 8003
Description =

Error - 11.06.2011 02:42:47 | Computer Name = Knut-Laptop2010 | Source = bowser | ID = 8003
Description =

Error - 11.06.2011 10:43:49 | Computer Name = Knut-Laptop2010 | Source = bowser | ID = 8003
Description =

Error - 11.06.2011 10:51:20 | Computer Name = Knut-Laptop2010 | Source = bowser | ID = 8003
Description =

Error - 11.06.2011 10:57:21 | Computer Name = Knut-Laptop2010 | Source = bowser | ID = 8003
Description =

Error - 11.06.2011 11:25:54 | Computer Name = Knut-Laptop2010 | Source = bowser | ID = 8003
Description =

Error - 11.06.2011 11:45:26 | Computer Name = Knut-Laptop2010 | Source = bowser | ID = 8003
Description =

Error - 12.06.2011 03:32:31 | Computer Name = Knut-Laptop2010 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 12.06.2011 03:48:41 | Computer Name = Knut-Laptop2010 | Source = bowser | ID = 8003
Description =

< End of report >

=======================================
Gmer.txt
=======================================

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-28 01:22:01
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.FG00
Running: ikg4wkip.exe; Driver: C:\Users\KNUTLE~1\AppData\Local\Temp\fglirpog.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C53369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8CD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313ebbe05
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313ebbe05@d8543a46ae94 0x5C 0xF9 0x44 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313ebbe05 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313ebbe05@d8543a46ae94 0x5C 0xF9 0x44 0xB9 ...

---- EOF - GMER 1.0.15 ----

cosinus · 28.12.2011, 05:39

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

KGLeiss · 28.12.2011, 18:38

Hallo Arne,

Danke für deine Antwort. Hier kommen also die nächsten Logs:

--------------------------------
Malwarebytes Log
(alte Logs habe ich nicht, Funde habe ich entfernt)
--------------------------------

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.28.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Knut Leiss :: KNUT-LAPTOP2010 [Administrator]

28.12.2011 10:08:41
mbam-log-2011-12-28 (10-08-41).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 319829
Laufzeit: 1 Stunde(n), 59 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Knut Leiss\AppData\Local\Temp\ICReinstall\cnet2_Install-Chess-Free_exe.exe (PUP.Adware.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Knut Leiss\AppData\Local\Temp\ICReinstall\cnet2_MayuraChessBoard_zip.exe (PUP.Adware.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Knut Leiss\Downloads\SoftonicDownloader_fuer_virtual-clonedrive.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Knut Leiss\Downloads\cnet2_Install-Chess-Free_exe.exe (PUP.Adware.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Knut Leiss\Downloads\cnet2_MayuraChessBoard_zip.exe (PUP.Adware.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

--------------------------------
ESET Online Scanner Log
(Hier habe ich Funde nicht entfernt)
--------------------------------

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e4c82d77c438fa4f9e5fc7c9b7c288c0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-28 01:51:22
# local_time=2011-12-28 02:51:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 47176267 84167138 46668499 0
# compatibility_mode=5893 16776574 100 94 26196199 76705236 0 0
# compatibility_mode=8192 67108863 100 0 3707 3707 0 0
# scanned=145743
# found=4
# cleaned=0
# scan_time=6237
C:\Users\Knut Leiss\Desktop\temp\GoldWave v5.10\keygen.exe	a variant of Win32/Keygen.AD application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Knut Leiss\Downloads\SoftonicDownloader_for_free-video-cutter.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Knut Leiss\Downloads\SoftonicDownloader_for_freemake-video-converter.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Knut Leiss\Downloads\SoftonicDownloader_fuer_hamster-free-video-converter.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I

Grüße!
knut

cosinus · 28.12.2011, 23:00

Zitat:

C:\Users\Knut Leiss\Desktop\temp\GoldWave v5.10\keygen.exe

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

KGLeiss · 30.12.2011, 10:29

Hallo Arne,

vielen Dank für deine Antwort!

Ich will gar nicht den Eindruck hinterlassen, dass ich nie in meinem Leben illegal Software genutzt hätte. Und ich verstehe auch voll und ganz, dass ihr den illegalen Einsatz von Software nicht unterstützt. Ich sehe das heute auch kritisch.

Im konkreten Fall geht es aber nicht um solch eine illegale Nutzung. Das Programm Goldwave ist uralt, und ich habe es seinerzeit wirklich zusammen mit einen Key-Generator runter geladen. Diese Dateien habe ich dann irgendwann als ich Goldwave neu installieren wollte auch komplett auf meinen aktuellen Rechner kopiert. Die nicht-registrierte Version von Goldwave reicht mir aber völlig aus, da ich es nur für einen bestimmten Einsatzzweck nutze, und ich versichere, dass ich den keygen auf diesem Rechner nie gestartet habe. Meine AntiVirus-Software erkennt den Schädling auch, was ich gerade geprüft habe.

Ich weiß ja aktuell nicht einmal, ob etwas mit meinem System nicht stimmt. Wie in meinem ersten Post beschrieben, ist das einzige Symptom, dass meine Standard-Suchmaschine im Firefox auf einmal browsersafesearch.com ist (also wenn ich Suchbegriffe direkt in die Adresszeile des Browsers tippe).

Diese Änderung besteht, seitdem ich (DUMMERWEISE!) von steam-download.de vermeintlich den STEAM-Client runtergeladen und installiert habe. STEAM ist eine Plattform, über die Spiele (legal) vertrieben werden. Ich bin einfach auf eine Seite reingefallen, die von der Optik ähnlich wie die offizielle STEAM-Seite aufgebaut ist und bei den Google-Ergebnissen weit oben gelistet wird.

Ich fände es sehr schade, wenn ich nun - obwohl ch noch nicht einmal weiß, in wie weit mein System belastet ist - das komplette OS und alle Programme neu aufsetzen müsste. Daher möchte ich dich bitten, deine Entscheidung zu überdenken, und mir vielleicht doch Hilfestellung zu geben, wie ich mein System reparieren kann, falls überhaupt ein Problem besteht...

Liebe Grüße!
knut.

cosinus · 30.12.2011, 18:38

Nein, bei Keygens/Cracks gibt es hier keine Hilfe mehr außer Neuinstallation von Windows. So sind die Spielregeln.

KGLeiss · 30.12.2011, 18:43

Hallo Arne,

nochmal: Ich verstehe die Regel vollkommen. Aber es geht hier doch gar nicht um einen Keygen/Crack! Ich schwöre, dass ich diese Datei nicht angefasst habe. Sie hat wirklich NICHTS mit meinem Problem zu tun!

Grüße, knut.

cosinus · 30.12.2011, 19:39

Zitat:

Sie hat wirklich NICHTS mit meinem Problem zu tun!

Wird immer wieder hier behauptet wenn Cracks/Keygens im Spiel sind. Nur ist ist das irrelevant und diese Diskussionen bin ich auch langsam leid.
Akzeptiere unsere Spielregeln. Punkt aus.

30.12.2011, 18:38	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	browsersafesearching.com Standardsuchmaschine nach Installation von steam-download.de Nein, bei Keygens/Cracks gibt es hier keine Hilfe mehr außer Neuinstallation von Windows. So sind die Spielregeln. __________________ --> browsersafesearching.com Standardsuchmaschine nach Installation von steam-download.de

browsersafesearching.com Standardsuchmaschine nach Installation von steam-download.de

Log-Analyse und Auswertung: browsersafesearching.com Standardsuchmaschine nach Installation von steam-download.de