HTML/Infected.WebPage.Gen2 meldet Antivir

jaquess · 19.04.2012, 11:44

Hallo,

mich hat's jetzt auch mal erwischt. Hier Antivirs Meldung:

Code:

ATTFilter

Avira Free Antivirus
Report file date: Donnerstag, 19. April 2012  11:10

Scanning for 3653634 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee        : Avira AntiVir Personal - Free Antivirus
Serial number   : ***
Platform        : Windows 7 x64
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : ***-PC

Version information:
BUILD.DAT       : 12.0.0.898     41963 Bytes  31.01.2012 14:50:00
AVSCAN.EXE      : 12.1.0.20     492496 Bytes  15.02.2012 12:33:30
AVSCAN.DLL      : 12.1.0.18      54224 Bytes  15.02.2012 12:33:30
LUKE.DLL        : 12.1.0.19      68304 Bytes  15.02.2012 12:33:30
AVSCPLR.DLL     : 12.1.0.22     100048 Bytes  15.02.2012 12:33:31
AVREG.DLL       : 12.1.0.36     229128 Bytes  05.04.2012 16:05:38
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06.11.2009 19:18:34
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14.12.2010 10:07:39
VBASE002.VDF    : 7.11.19.170 14374912 Bytes  20.12.2011 17:49:09
VBASE003.VDF    : 7.11.21.238  4472832 Bytes  01.02.2012 01:06:02
VBASE004.VDF    : 7.11.26.44   4329472 Bytes  28.03.2012 15:29:28
VBASE005.VDF    : 7.11.26.45      2048 Bytes  28.03.2012 15:29:28
VBASE006.VDF    : 7.11.26.46      2048 Bytes  28.03.2012 15:29:28
VBASE007.VDF    : 7.11.26.47      2048 Bytes  28.03.2012 15:29:28
VBASE008.VDF    : 7.11.26.48      2048 Bytes  28.03.2012 15:29:28
VBASE009.VDF    : 7.11.26.49      2048 Bytes  28.03.2012 15:29:28
VBASE010.VDF    : 7.11.26.50      2048 Bytes  28.03.2012 15:29:28
VBASE011.VDF    : 7.11.26.51      2048 Bytes  28.03.2012 15:29:31
VBASE012.VDF    : 7.11.26.52      2048 Bytes  28.03.2012 15:29:31
VBASE013.VDF    : 7.11.26.53      2048 Bytes  28.03.2012 15:29:31
VBASE014.VDF    : 7.11.26.107   221696 Bytes  30.03.2012 15:27:48
VBASE015.VDF    : 7.11.26.179   224768 Bytes  02.04.2012 16:05:16
VBASE016.VDF    : 7.11.26.241   142336 Bytes  04.04.2012 16:07:48
VBASE017.VDF    : 7.11.27.41    247808 Bytes  08.04.2012 16:05:08
VBASE018.VDF    : 7.11.27.107   161280 Bytes  12.04.2012 16:05:06
VBASE019.VDF    : 7.11.27.159   148992 Bytes  13.04.2012 16:43:55
VBASE020.VDF    : 7.11.27.201   207360 Bytes  17.04.2012 17:53:17
VBASE021.VDF    : 7.11.27.202     2048 Bytes  17.04.2012 17:53:17
VBASE022.VDF    : 7.11.27.203     2048 Bytes  17.04.2012 17:53:17
VBASE023.VDF    : 7.11.27.204     2048 Bytes  17.04.2012 17:53:17
VBASE024.VDF    : 7.11.27.205     2048 Bytes  17.04.2012 17:53:17
VBASE025.VDF    : 7.11.27.206     2048 Bytes  17.04.2012 17:53:18
VBASE026.VDF    : 7.11.27.207     2048 Bytes  17.04.2012 17:53:18
VBASE027.VDF    : 7.11.27.208     2048 Bytes  17.04.2012 17:53:18
VBASE028.VDF    : 7.11.27.209     2048 Bytes  17.04.2012 17:53:18
VBASE029.VDF    : 7.11.27.210     2048 Bytes  17.04.2012 17:53:18
VBASE030.VDF    : 7.11.27.211     2048 Bytes  17.04.2012 17:53:18
VBASE031.VDF    : 7.11.27.244   215552 Bytes  18.04.2012 17:53:22
Engineversion   : 8.2.10.50 
AEVDF.DLL       : 8.1.2.2       106868 Bytes  12.11.2011 17:34:53
AESCRIPT.DLL    : 8.1.4.16      446842 Bytes  04.04.2012 16:09:02
AESCN.DLL       : 8.1.8.2       131444 Bytes  27.01.2012 01:00:08
AESBX.DLL       : 8.2.5.5       606579 Bytes  12.03.2012 13:44:01
AERDL.DLL       : 8.1.9.15      639348 Bytes  08.09.2011 22:16:06
AEPACK.DLL      : 8.2.16.9      807287 Bytes  31.03.2012 15:27:52
AEOFFICE.DLL    : 8.1.2.27      201082 Bytes  04.04.2012 16:08:59
AEHEUR.DLL      : 8.1.4.18     4628855 Bytes  18.04.2012 17:53:59
AEHELP.DLL      : 8.1.19.1      254327 Bytes  02.04.2012 16:05:20
AEGEN.DLL       : 8.1.5.26      418164 Bytes  17.04.2012 17:53:19
AEEXP.DLL       : 8.1.0.29       82293 Bytes  13.04.2012 16:45:01
AEEMU.DLL       : 8.1.3.0       393589 Bytes  01.09.2011 22:46:01
AECORE.DLL      : 8.1.25.6      201078 Bytes  16.03.2012 13:44:20
AEBB.DLL        : 8.1.1.0        53618 Bytes  01.09.2011 22:46:01
AVWINLL.DLL     : 12.1.0.17      27344 Bytes  23.09.2011 11:13:18
AVPREF.DLL      : 12.1.0.17      51920 Bytes  23.09.2011 10:53:57
AVREP.DLL       : 12.1.0.17     179408 Bytes  23.09.2011 10:55:01
AVARKT.DLL      : 12.1.0.23     209360 Bytes  15.02.2012 12:33:30
AVEVTLOG.DLL    : 12.1.0.17     169168 Bytes  23.09.2011 10:34:37
SQLITE3.DLL     : 3.7.0.0       398288 Bytes  16.09.2011 01:05:58
AVSMTP.DLL      : 12.1.0.17      62928 Bytes  23.09.2011 11:03:47
NETNT.DLL       : 12.1.0.17      17104 Bytes  23.09.2011 11:58:06
RCIMAGE.DLL     : 12.1.0.17    4450000 Bytes  23.09.2011 12:37:25
RCTEXT.DLL      : 12.1.1.16      96208 Bytes  21.12.2011 17:49:09

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f8c5c86\guard_slideup.avp
Logging.............................: default
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: on
Integrity checking of system files..: off
Optimised scan......................: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Skipped files.......................: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe, 

Start of the scan: Donnerstag, 19. April 2012  11:10

Starting search for hidden objects.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.
Hidden thread
  [NOTE]      A system thread is not visible.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'wlmail.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'skypekit.exe' - '1' Module(s) have been scanned
Scan process 'trillian.exe' - '1' Module(s) have been scanned
Scan process 'speedfan.exe' - '1' Module(s) have been scanned
Scan process 'fsinstall.exe' - '1' Module(s) have been scanned
Scan process 'fshoster32.exe' - '1' Module(s) have been scanned
Scan process 'fshoster32.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'TeamViewer_Service.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'DeltaIITray.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'AsSysCtrlService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\misehbek.default\Cache\A\41\4D912d01'
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\misehbek.default\Cache\A\41\4D912d01
  [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen2 HTML script virus
  [NOTE]      The file was moved to the quarantine directory under the name '4a0375a5.qua'.


End of the scan: Donnerstag, 19. April 2012  11:13
Used time: 03:01 Minute(s)

The scan has been done completely.

      0 Scanned directories
     40 Files were scanned
      1 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
     39 Files not concerned
      0 Archives were scanned
      0 Warnings
     65 Notes
  88449 Objects were scanned with rootkit scan
     64 Hidden objects were found

Antivir wollte auch, dass ich per Rescue CD einen Scan mache, leider funktioniert das aber nicht mit meinem CD-Laufwerk, habe schon alles getestet. Ich bitte um Hilfe. Was noch anzumerken sei: Der angebliche Ordner "Origin Games" lässt sich nicht mal finden.

Mein PC läuft ganz normal, ich habe schon neugestartet und es ist nichts langsam o.ä., nichtsdestotrotz poste ich das hier, da ich mich ja auch kaum auskenne.

Edit: Ein vollständiger Scan mit Malwarebytes wurde bereits gemacht (gerade beendet) und es wurde nichts gefunden.

Hier noch das Scanergebnis (nach Vorgaben aus anderen Threads gescannt) von ESET:

Code:

ATTFilter

C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\2e6b3257-6ede2c94	Java/Exploit.Agent.NAU trojan
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\71b4322e-35f0cd8a	a variant of Java/Exploit.Agent.NAX trojan

kira · 19.04.2012, 15:29

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

jaquess · 19.04.2012, 15:35

Hallo Kira,

vielen Dank für die schnelle Antwort, ich werde alle Infos, so schnell es mir möglich ist, nachliefern.

Hier die installierten Programme von CCleaner:

Code:

ATTFilter

Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	12.04.2012	6,00MB	11.2.202.233
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	13.04.2012	6,00MB	11.2.202.233
Avira Free Antivirus	Avira	14.02.2012	104,9MB	12.0.0.898
CCleaner	Piriform	18.04.2012		3.17
Cool & Quiet		19.11.2011		
CPUID CPU-Z 1.60		13.04.2012	3,34MB	
DivX Setup	DivX, LLC	18.12.2011		2.6.1.3
ESET Online Scanner v3		18.04.2012		
Google Chrome	Google Inc.	09.08.2011		19.0.1084.30
Heroes of Newerth	S2 Games	12.08.2011		2.0.33
Hi-Rez Studios Authenticate and Update Service	Hi-Rez Studios	11.04.2012		3.0.0.0
HWiNFO64 Version 3.94	Martin Malík - REALiX	12.04.2012	6,52MB	3.94
Java(TM) 6 Update 31	Oracle	07.04.2012	95,1MB	6.0.310
JDownloader 0.9	AppWork GmbH	26.07.2011		0.9
M-Audio Delta 6.0.8 (x64)	M-Audio	16.03.2012	3,79MB	6.0.8
MAGIX Screenshare	MAGIX AG	09.06.2011	1,43MB	4.3.6.1987
MAGIX Speed 2 (MSI)	MAGIX AG	09.06.2011	57,2MB	6.0.1.2
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	18.04.2012	18,0MB	1.61.0.1400
marvell 61xx	Marvell	26.02.2011		1.2.0.69
Maxthon 3	Maxthon International Limited	23.01.2012		
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	18.11.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	18.11.2011	2,94MB	4.0.30319
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	20.07.2011	31,3MB	3.5.88.0
Microsoft Games for Windows Marketplace	Microsoft Corporation	20.07.2011	6,04MB	3.5.50.0
Microsoft Silverlight	Microsoft Corporation	15.02.2012	168,5MB	4.1.10111.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	13.12.2011	1,70MB	3.1.0000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.06.2011	0,29MB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	25.02.2011	0,61MB	8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	22.04.2011	0,57MB	8.0.51011
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	22.04.2011	0,77MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	22.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	14.01.2012	0,25MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	25.02.2011	0,77MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	16.06.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	25.02.2011	1,42MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411	Microsoft Corporation	31.07.2011	1,46MB	9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	30.08.2011	0,22MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	02.09.2011	0,22MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	25.02.2011	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	16.10.2011	20,6MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	09.08.2011	15,0MB	10.0.40219
Microsoft XNA Framework Redistributable 3.1	Microsoft Corporation	20.09.2011	7,55MB	3.1.10527.0
Mozilla Firefox 11.0 (x86 de)	Mozilla	14.03.2012	36,1MB	11.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	12.07.2011	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	12.07.2011	1,39MB	4.20.9876.0
NVIDIA Grafiktreiber 296.10	NVIDIA Corporation	12.03.2012		296.10
NVIDIA HD-Audiotreiber 1.3.12.0	NVIDIA Corporation	12.03.2012		1.3.12.0
NVIDIA PhysX-Systemsoftware 9.12.0213	NVIDIA Corporation	12.03.2012		9.12.0213
OpenAL		14.04.2012		
PantsOff 2.0	Christoph Bünger Software	31.10.2011		2.0
Path of Exile	Grinding Gear Games	14.04.2012	11,1MB	0.9.8.16065
QuickTime	Apple Inc.	05.11.2011	73,3MB	7.71.80.42		11.0.0.0
Skype™ 5.8	Skype Technologies S.A.	07.04.2012	19,0MB	5.8.158
SpeedFan (remove only)		10.11.2011		
Spybot - Search & Destroy	Safer Networking Limited	25.04.2011		1.6.2
Steam	Valve Corporation	01.06.2011	1,59MB	1.0.0.0
System Requirements Lab CYRI	Husdawg, LLC	18.04.2012	0,45MB	4.5.1.0
System Requirements Lab for Intel	Husdawg, LLC	13.04.2012	0,75MB	4.5.5.0
TeamSpeak 3 Client	TeamSpeak Systems GmbH	26.02.2011		
TeamViewer 7	TeamViewer	12.04.2012		7.0.12979
Timewave Calculator	Time Travel Inc.	26.12.2011		
TP-LINK Wireless Client Utility	TP-LINK	17.01.2012		2.0
Tribes Ascend	Hi-Rez Studios	11.04.2012		1.0.905.1
Trillian	Cerulean Studios, LLC	04.11.2011			12.0.3500.13
Windows Live Essentials	Microsoft Corporation	13.04.2012		15.4.3555.0308
Windows Media Player Firefox Plugin	Microsoft Corp	16.01.2012	0,29MB	1.0.0.8
WinRAR 4.01 (64-Bit)	win.rar GmbH	10.08.2011		4.01.0
ZOTAC FireStorm		26.02.2011

OTL normal

Code:

ATTFilter

OTL logfile created on: 19.04.2012 16:47:20 - Run 1
OTL by OldTimer - Version 3.2.40.0     Folder = C:\Users\***\awc_***\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,10% Memory free
14,00 Gb Paging File | 11,71 Gb Available in Paging File | 83,65% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 701,21 Gb Free Space | 75,28% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\awc_***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\DeltaIITray.exe ()
PRC - C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSLAUNCH.EXE (F-Secure Corporation)
PRC - c:\program files (x86)\trillian\plugins\skypekit.exe ()
PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\DeltaIITray.exe ()
MOD - c:\program files (x86)\trillian\plugins\skypekit.exe ()
MOD - C:\Program Files (x86)\Trillian\libspeex.dll ()
MOD - C:\Program Files (x86)\Trillian\libpng15.dll ()
MOD - C:\Program Files (x86)\Trillian\libungif.dll ()
MOD - C:\Program Files (x86)\Trillian\zlib1.dll ()
MOD - c:\program files (x86)\trillian\languages\en\buddy.dll ()
MOD - c:\program files (x86)\trillian\languages\en\talk.dll ()
MOD - c:\program files (x86)\trillian\languages\en\trillian.dll ()
MOD - c:\program files (x86)\trillian\languages\en\events.dll ()
MOD - c:\program files (x86)\trillian\languages\en\toolkit.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (DELTAII) Service for M-Audio Delta Driver (WDM) -- C:\Windows\SysNative\drivers\MAudioDelta.sys (Avid Technology, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (arusb_win7x) -- C:\Windows\SysNative\drivers\arusb_win7x.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\69E5.tmp (Sophos Plc)
DRV:64bit: - (FXUSBASE) -- C:\Windows\SysNative\drivers\fxusbase.sys (AVM Berlin)
DRV:64bit: - (AVMCOWAN) -- C:\Windows\SysNative\drivers\avmcowan.sys (AVM GmbH)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\drivers\vcd10bus.sys (H+H Software GmbH)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\SysNative\drivers\LV561V64.sys (Logitech Inc.)
DRV - (HWiNFO32) -- C:\Programme\HWiNFO64\HWiNFO64A.SYS (REALiX(tm))
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 C7 B8 67 9B E4 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.tepela.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=pxCSpChA
IE - HKCU\..\SearchScopes\{57F65DD1-81C4-4203-ABB2-A174760C8461}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=dd990f0d-6ffd-4c2a-be73-17f4191d74f2&apn_sauid=E65AD59B-F911-422C-AF25-D558E3A1EBA4&
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..network.proxy.ftp: "184.58.38.65"
FF - prefs.js..network.proxy.http: "184.106.168.253:80"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.socks: "67.191.152.81 "
FF - prefs.js..network.proxy.socks_port: 1830
FF - prefs.js..network.proxy.ssl: "184.58.38.65"
FF - prefs.js..network.proxy.type: 4
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.19 16:20:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.15 14:03:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.19 12:26:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\***\AppData\Roaming\IDM\idmmzcc5
 
[2011.02.27 01:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.04.14 02:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions
[2011.04.25 18:47:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.03.24 11:53:24 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2011.07.23 14:45:44 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012.03.28 23:55:14 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\cacaoweb@cacaoweb.org
[2011.11.17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\askcom.xml
[2011.03.16 20:31:17 | 000,002,198 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\google-search.xml
[2012.04.18 11:46:08 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\icqplugin-1.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\icqplugin.xml
[2012.04.08 01:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.08 01:46:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\LDSI_PLASHCOR@GMAIL.COM.XPI
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.08 01:45:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.30\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.30\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.30\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.132\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.0_0\
CHR - Extension: Angry Birds = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Session Manager = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.31_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\
CHR - Extension: Timer = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\khkndikhbnfgibpkpdgdnmdlcfpkichc\1.3_0\
CHR - Extension: Little Alchemy = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.11_0\
CHR - Extension: Nik Daum = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmkmldnjgfdccdgolepaifdniikpejma\2_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.11_0\
CHR - Extension: Pocket Legends = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp\1.7.5.3_0\
CHR - Extension: Google Mail Checker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Connected Mind = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkffmgahaepmhkhkblhopnpleeikokc\1.1.5_0\
 
O1 HOSTS File: ([2012.03.19 16:43:58 | 000,440,678 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15173 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\DeltaIITray.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{919CA3F9-C138-431A-9882-49E391217ABA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.19 16:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.04.19 12:33:37 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F97151B6-C15C-46A6-9060-7EAE240C79C3}
[2012.04.19 12:33:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{27DBF578-C391-4F85-81F7-36F6F31F5BEA}
[2012.04.19 12:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.19 12:09:07 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\89263660.sys
[2012.04.19 12:09:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.04.19 12:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.19 12:04:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.19 11:39:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.04.19 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{063FDBBC-0155-47B9-9B69-EDA831C42C6E}
[2012.04.19 00:01:19 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{5E276D00-1A86-4FD0-AE26-6F87829B0B0F}
[2012.04.18 23:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg
[2012.04.18 12:00:54 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F8EF2ABD-277F-4028-946E-A577D15E5114}
[2012.04.18 12:00:32 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{04368897-ED2C-452E-8E5D-F38DD7B97311}
[2012.04.18 00:00:05 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{262631B2-9E3F-41EE-A1AC-9217430B12A6}
[2012.04.17 23:59:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{87798669-6205-45F7-9DE8-B5B1E8AD2856}
[2012.04.17 15:11:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.04.17 11:59:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{95A8D1CA-E3FA-4212-933D-CE736338B9BD}
[2012.04.17 11:58:55 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FA49D5E4-A201-43BD-93B4-291E503BAEB6}
[2012.04.16 23:58:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1D9AE958-8366-46B3-9DD7-642DBDA3AB25}
[2012.04.16 23:58:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{81C72D88-C36A-4361-A645-2C4EF4F96F0F}
[2012.04.16 11:57:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{25BBEAEC-0EFD-4F96-8ECA-6B536BE88BCE}
[2012.04.16 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{D9CAEED7-6ACF-443D-801F-59B12859DE3C}
[2012.04.16 00:38:16 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\GaiaMachina
[2012.04.15 23:56:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{7EC193CB-6C08-4A83-B873-4CE5F797B17C}
[2012.04.15 23:56:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A8B09E70-71E1-4B63-9AAE-70811D6653E0}
[2012.04.15 20:45:48 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.04.15 20:45:48 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.04.15 20:45:48 | 000,133,632 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012.04.15 20:45:48 | 000,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012.04.15 20:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.04.15 20:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
[2012.04.15 20:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grinding Gear Games
[2012.04.15 11:56:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F75CAB67-1706-4C00-B357-4908932F6BDD}
[2012.04.15 11:55:39 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F10E97FA-ED03-41FB-9E97-D47194345A14}
[2012.04.14 23:55:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E4E2E912-2CE8-4DEF-AB43-91F637591325}
[2012.04.14 23:54:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{9A45173C-D124-4D72-B47F-052416D65329}
[2012.04.14 11:54:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{51BF5AC6-FCEA-4C1C-987A-59640B5B80B3}
[2012.04.14 11:54:03 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{97E873B6-CE46-4BC1-A8AB-7D2E4553953F}
[2012.04.14 02:49:42 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys
[2012.04.14 02:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012.04.14 02:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012.04.14 02:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012.04.13 23:53:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A09F1F6E-0D89-4723-9E98-E669EF1A48D2}
[2012.04.13 23:53:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{7EE96697-7DD9-47A9-A890-9FDBE024DE91}
[2012.04.13 19:33:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\TeamViewer
[2012.04.13 18:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.04.13 15:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
[2012.04.13 15:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO64
[2012.04.13 11:52:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{46986B76-F4EB-4D0D-A39A-B1D5ED185BE1}
[2012.04.13 11:52:39 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{592354DB-6FAA-4153-826C-362226A153E3}
[2012.04.13 11:51:11 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012.04.13 11:50:40 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.04.13 11:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.04.13 11:41:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B4C0C2CB-16BD-497F-808F-41646A5614B5}
[2012.04.12 23:40:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{00D7D815-33CB-4A8C-AA2D-59DB5502104D}
[2012.04.12 23:34:37 | 004,777,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\*\Desktop\procexp.exe
[2012.04.12 21:55:07 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.12 21:24:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.12 17:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012.04.12 17:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012.04.12 17:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012.04.12 11:39:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{99C37F54-8615-451C-BEEA-7B06DE2211CB}
[2012.04.11 23:39:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0A8B169E-DC78-4AD3-B920-DFEC9906FDD2}
[2012.04.11 21:31:56 | 003,993,576 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2012.04.11 21:31:49 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2012.04.11 21:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2012.04.11 20:28:06 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.11 20:28:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.11 20:28:06 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.11 20:26:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.11 20:26:36 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.11 20:26:35 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.11 20:25:45 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.04.11 20:25:44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.11 20:25:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.11 20:25:44 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.11 20:25:44 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.11 20:25:44 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.11 20:25:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.11 11:38:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{5E58F638-1901-4F3D-B6C2-72A9C887F51F}
[2012.04.10 23:38:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{3B58B1AA-3818-4231-8179-401DFEFC9F4D}
[2012.04.10 11:29:37 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1266F8D2-ED09-4CE8-95E8-29144A9D6E80}
[2012.04.09 23:29:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1658D8A0-938A-4B38-90D5-2CAD6BCFF066}
[2012.04.09 10:30:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A5735F8E-16C8-4792-AF87-D68DDE3B2427}
[2012.04.08 13:34:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6DDC8B4B-1EEE-4D72-96C9-0AD21374EC12}
[2012.04.08 01:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.04.08 01:46:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.04.08 01:46:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.04.08 01:46:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.04.08 01:20:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{BAF2E003-BC3B-4376-A625-C655CBCD9F31}
[2012.04.07 13:19:47 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FA671320-2524-4D43-8767-B29E69724657}
[2012.04.07 01:19:22 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2BD297B0-F4CF-403B-85AD-F5BE18686809}
[2012.04.06 12:50:59 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{76E904C0-4EE5-457C-8170-4FB2E36F831B}
[2012.04.06 00:41:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{561CEC4A-71AD-4A31-9312-319F1B4E580A}
[2012.04.05 12:41:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{78F7DDB0-43EC-4724-837B-54451463E092}
[2012.04.05 00:40:43 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{03AAAD0C-53A6-44F3-81A7-C40AC1DD5501}
[2012.04.04 15:06:25 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\beh
[2012.04.04 12:00:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{063C53A3-B296-4A13-AA1C-0AAD213B22E6}
[2012.04.03 23:47:39 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2D73F493-25A2-467D-ADAA-84BF1C1D1E56}
[2012.04.03 18:27:15 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Neuer Ordner
[2012.04.03 10:23:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{CCD59EB0-49A1-4DBE-8D14-39CFA8322E9D}
[2012.04.02 14:59:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6CF3AF00-78B6-44D7-A6F7-6AD3C0DCD78C}
[2012.04.02 01:29:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{72A50365-78BA-455B-9F1D-9F725B83BDE7}
[2012.04.01 11:28:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{787D1099-AF38-4E65-A8A7-29A3654877AE}
[2012.03.31 23:28:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F3ABD55F-867F-487E-A365-6077E53EC51D}
[2012.03.31 11:27:43 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0EF3E41F-CED2-4804-8707-6432CC587A9C}
[2012.03.30 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{EBFF16E4-5A27-498F-9FBC-34AA19B646ED}
[2012.03.30 10:34:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FEBFC2AF-8A2A-4665-AAB2-4259012FCE01}
[2012.03.29 17:33:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0D04ABF7-D356-4850-B6F1-AE52D5F33AEB}
[2012.03.29 05:29:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{EBE059D3-48CD-4425-9108-F3E6BF39B2DD}
[2012.03.28 16:42:09 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{20953C6F-1F30-42DD-97B1-DD9BF8A8542B}
[2012.03.28 16:41:46 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1A85413B-438A-46A1-BFBC-1A10496DA5F2}
[2012.03.27 23:58:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{96D1F40F-14D0-4A4F-B874-8CC1CE54D4F8}
[2012.03.27 23:58:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E7C66D10-8241-4BDD-81C3-1A2420377C09}
[2012.03.27 10:58:59 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{87BA0DCF-4B50-4534-B3CD-60B20605B3B3}
[2012.03.27 10:58:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0EC87842-E126-4BB3-AEA8-36DC45D2783A}
[2012.03.26 14:25:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{13961169-CAD4-4767-ACC0-AC9B380BC8F1}
[2012.03.26 13:36:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2D42F454-D18C-484D-857D-0EDB18D8D450}
[2012.03.26 13:36:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{524D5408-5477-4658-BD54-659CF3AEAD95}
[2012.03.25 16:52:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B8D0A01E-33AD-4941-855D-60526C926770}
[2012.03.25 16:52:14 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6A7DF72F-C2EE-4217-A698-BA1DFE016B88}
[2012.03.25 14:12:55 | 000,532,480 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysNative\drivers\PAC7302.SYS
[2012.03.25 14:12:55 | 000,141,824 | ---- | C] (PixArt Imaging Incorporation) -- C:\Windows\SysWow64\SP7302.AX
[2012.03.25 14:12:55 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\AMCap.exe
[2012.03.25 14:12:55 | 000,008,704 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysNative\CoInst.dll
[2012.03.25 14:12:54 | 000,000,000 | ---D | C] -- C:\Windows\Pixart
[2012.03.25 03:17:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{D41DF2CB-BB63-43C9-878C-7671B7534062}
[2012.03.25 03:17:29 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A9E41C2D-91C2-4C78-9023-C8F7E62067E6}
[2012.03.24 15:17:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A4812894-97C8-4561-907C-0EF242BEFAE8}
[2012.03.24 15:16:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{8AABCBD9-A138-41FD-AC9A-8CD1150845AA}
[2012.03.24 02:30:35 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{240789B6-0A91-4296-83FE-53AC51A28056}
[2012.03.24 02:30:24 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2E3AAC33-F1E0-4903-B1EF-D630BE5C2C3E}
[2012.03.23 10:17:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{9BE931B5-E1C1-4BF7-806E-00A844D2A83F}
[2012.03.23 10:17:20 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{68BF5D3C-7931-4416-9E6A-407F087A013A}
[2012.03.22 15:23:24 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{178B9A57-E153-4CDC-B165-49606336DCA6}
[2012.03.22 15:23:01 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{4182FD70-04A4-49A7-82D7-6F37B71EC325}
[2012.03.22 02:59:19 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A0E1C79C-730E-4BC7-A7F9-BB808543BBD2}
[2012.03.22 02:58:57 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{9EBD3D06-95F2-4C74-B26E-E83BB54F547F}
[2012.03.21 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{9A1E30D7-1DFD-4CA3-B4CD-6040D6E29694}
[2012.03.21 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{4BFCD0AC-2BD9-4198-867F-816E793DF1DA}
[2012.03.21 02:57:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B4954074-2C20-4E36-93CC-ED9C902E7EB8}
[2012.03.21 02:57:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BBC01D8E-7A2F-441E-892E-DE61B8D4F12C}
[2012.03.20 19:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.03.20 19:35:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Origin
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.19 16:55:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.19 16:33:05 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-987780610-3538441487-330058490-1000UA.job
[2012.04.19 12:09:07 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\89263660.sys
[2012.04.19 12:03:16 | 000,013,536 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.19 12:03:16 | 000,013,536 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.19 12:02:53 | 000,042,672 | ---- | M] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012.04.19 12:00:46 | 001,507,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.19 12:00:46 | 000,658,700 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.19 12:00:46 | 000,619,246 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.19 12:00:46 | 000,131,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.19 12:00:46 | 000,108,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.19 11:55:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.19 11:55:42 | 2146,832,383 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.19 11:38:27 | 001,536,142 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.19 11:38:06 | 000,019,552 | ---- | M] () -- C:\Windows\prodsett_copy.ini
[2012.04.18 17:33:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-987780610-3538441487-330058490-1000Core.job
[2012.04.18 16:55:15 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012.04.17 08:23:20 | 000,001,291 | ---- | M] () -- C:\Users\***\Desktop\150-McKennaUFOs.mp3 - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,245 | ---- | M] () -- C:\Users\***\Desktop\02 - Closet.mp3 - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,174 | ---- | M] () -- C:\Users\***\Desktop\DSC01609.JPG - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,085 | ---- | M] () -- C:\Users\***\Desktop\DotHacker - Eye Opener.mp3 - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,017 | ---- | M] () -- C:\Users\***\Desktop\avfgdb jhm.jpg - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,003 | ---- | M] () -- C:\Users\***\Desktop\Trillian.jpg - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,999 | ---- | M] () -- C:\Users\***\Desktop\g6kssfib.png - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,979 | ---- | M] () -- C:\Users\***\Desktop\Avatar.png - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,951 | ---- | M] () -- C:\Users\***\Desktop\True Hallucinations (Audio Book) - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,720 | ---- | M] () -- C:\Users\***\Desktop\Scanner - Verknüpfung.lnk
[2012.04.15 20:45:48 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.04.15 20:45:48 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.04.15 20:45:48 | 000,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012.04.15 20:45:48 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012.04.15 20:45:48 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2012.04.14 15:11:31 | 000,007,589 | ---- | M] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2012.04.14 00:55:09 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.14 00:55:09 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.14 00:55:06 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.13 18:58:50 | 000,317,902 | ---- | M] () -- C:\Users\***\Desktop\Trillian.jpg
[2012.04.13 18:52:07 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.04.12 22:19:57 | 000,089,812 | ---- | M] () -- C:\Users\***\Desktop\323173_102456616530503_100002984949595_16803_864429181_o.jpg
[2012.04.12 17:41:00 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012.04.12 01:18:59 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.04.10 14:32:41 | 000,749,663 | ---- | M] () -- C:\Users\***\Desktop\lalalalal.png
[2012.04.09 15:54:33 | 000,103,902 | ---- | M] () -- C:\Users\***\Desktop\g6kssfib.png
[2012.04.08 14:08:26 | 000,744,830 | ---- | M] () -- C:\Users\***\Desktop\qweqweew.jpg
[2012.04.08 01:45:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.04.08 01:45:58 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.04.08 01:45:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.04.08 01:45:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.04.05 12:34:28 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.04.05 12:34:26 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.04.05 12:34:26 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.04.05 12:34:24 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.04.05 12:34:22 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.02 16:41:44 | 000,067,261 | ---- | M] () -- C:\Users\***\Desktop\$(KGrHqZ,!ngE9jTwwwylBPeMB!hzyQ~~48_20.jpg
[2012.04.02 10:49:33 | 1179,728,232 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.25 14:16:04 | 000,921,636 | ---- | M] () -- C:\PA7302.DAT
[2012.03.23 18:45:11 | 000,000,000 | ---- | M] () -- C:\Users\****\Documents\ts3_clientui-win64-1329301801-2012-03-23 17_45_11.459092.dmp
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.19 12:02:53 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012.04.19 11:38:06 | 000,019,552 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2012.04.17 08:23:20 | 000,001,291 | ---- | C] () -- C:\Users\*\Desktop\150-McKennaUFOs.mp3 - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,245 | ---- | C] () -- C:\Users\*\Desktop\02 - Closet.mp3 - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,174 | ---- | C] () -- C:\Users\*\Desktop\DSC01609.JPG - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,085 | ---- | C] () -- C:\Users\*\Desktop\DotHacker - Eye Opener.mp3 - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,017 | ---- | C] () -- C:\Users\*\Desktop\avfgdb jhm.jpg - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,003 | ---- | C] () -- C:\Users\*\Desktop\Trillian.jpg - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,999 | ---- | C] () -- C:\Users\*\Desktop\g6kssfib.png - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,979 | ---- | C] () -- C:\Users\*\Desktop\Avatar.png - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,951 | ---- | C] () -- C:\Users\*\Desktop\True Hallucinations (Audio Book) - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,944 | ---- | C] () -- C:\Users\*\Desktop\gw2.png - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,913 | ---- | C] () -- C:\Users\*\Desktop\CPUID CPU-Z.lnk
[2012.04.17 08:23:20 | 000,000,720 | ---- | C] () -- C:\Users\*\Desktop\Scanner - Verknüpfung.lnk
[2012.04.15 20:45:48 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2012.04.14 02:49:42 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012.04.13 18:58:50 | 000,317,902 | ---- | C] () -- C:\Users\*\Desktop\Trillian.jpg
[2012.04.13 18:52:07 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.04.13 18:52:07 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.04.12 22:20:01 | 000,089,812 | ---- | C] () -- C:\Users\*\Desktop\323173_102456616530503_100002984949595_16803_864429181_o.jpg
[2012.04.12 21:24:29 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.12 17:41:00 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012.04.11 21:31:49 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2012.04.10 14:32:27 | 000,749,663 | ---- | C] () -- C:\Users\*\Desktop\lalalalal.png
[2012.04.08 14:07:57 | 000,744,830 | ---- | C] () -- C:\Users\*\Desktop\qweqweew.jpg
[2012.04.02 16:41:44 | 000,067,261 | ---- | C] () -- C:\Users\*\Desktop\$(KGrHqZ,!ngE9jTwwwylBPeMB!hzyQ~~48_20.jpg
[2012.04.02 10:49:33 | 1179,728,232 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.03.25 14:15:14 | 000,921,636 | ---- | C] () -- C:\PA7302.DAT
[2012.03.25 14:12:55 | 000,000,868 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI
[2012.03.23 18:45:11 | 000,000,000 | ---- | C] () -- C:\Users\*\Documents\ts3_clientui-win64-1329301801-2012-03-23 17_45_11.459092.dmp
[2012.01.25 19:33:06 | 000,237,872 | ---- | C] () -- C:\Windows\SysWow64\DeltaIITray.exe
[2011.11.15 03:42:04 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.11.14 02:49:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.11.14 02:49:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.11.14 02:49:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.11.14 02:49:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.11.14 02:49:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.11.10 15:25:12 | 000,182,222 | ---- | C] () -- C:\ProgramData\1320930928.bdinstall.bin
[2011.11.03 22:04:49 | 000,102,248 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.10.23 12:19:31 | 000,022,528 | ---- | C] () -- C:\Windows\exeshl.dll
[2011.10.17 04:44:40 | 000,237,956 | ---- | C] () -- C:\ProgramData\1318819109.bdinstall.bin
[2011.10.17 03:43:48 | 000,643,821 | ---- | C] () -- C:\ProgramData\1318808714.bdinstall.bin
[2011.10.17 00:02:34 | 000,000,502 | ---- | C] () -- C:\ProgramData\1318802548.bdinstall.bin
[2011.10.13 04:43:40 | 000,000,496 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.10.06 02:27:52 | 000,017,408 | ---- | C] () -- C:\Users\*\AppData\Local\WebpageIcons.db
[2011.09.22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.03 14:17:10 | 000,000,600 | ---- | C] () -- C:\Users\*\AppData\Roaming\winscp.rnd
[2011.06.10 18:26:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.06.10 14:34:37 | 000,000,049 | ---- | C] () -- C:\Windows\SamControlpanel95.INI
[2011.04.25 18:52:22 | 000,000,336 | ---- | C] () -- C:\ProgramData\44228360
[2011.04.25 18:36:00 | 000,007,589 | ---- | C] () -- C:\Users\*\AppData\Local\resmon.resmoncfg
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.04.03 02:04:51 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.03.22 03:37:08 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011.03.02 20:49:06 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.02.27 20:53:09 | 001,536,142 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.27 08:08:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.02.27 07:58:47 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.02.27 07:58:47 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.02.27 01:28:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.26 22:44:22 | 000,000,015 | ---- | C] () -- C:\Windows\Firestorm.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

OTL Extras

Code:

ATTFilter

OTL Extras logfile created on: 19.04.2012 16:47:20 - Run 1
OTL by OldTimer - Version 3.2.40.0     Folder = C:\Users\*\awc_*\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,10% Memory free
14,00 Gb Paging File | 11,71 Gb Available in Paging File | 83,65% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 701,21 Gb Free Space | 75,28% Space Free | Partition Type: NTFS
 
Computer Name: *-PC | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant *S-1-5-32-544:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant *S-1-5-32-544:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{16B2C43D-6C49-4A56-957D-E40CEAA2AC06}" = M-Audio Delta 6.0.8 (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
"HWiNFO64_is1" = HWiNFO64 Version 3.94
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10874B32-2DB2-4F64-8A27-E3F6AEBA299C}" = MAGIX Speed 2 (MSI)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3119E2E5-B9F4-4448-BE71-4EFF3FF183C5}" = Path of Exile
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{55F6EB79-CAA0-49EF-9C90-5FCE827D5570}" = MAGIX Screenshare
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD152A8-BFB3-439E-90CD-5C00C2116E23}" = AmpliTube 3
"{5EF44D3A-E86E-434C-8418-71E277C565DF}" = TP-LINK Wireless Client Utility
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8316191F-EC8D-4E18-B7A8-ED61CEB061C9}" = Samplitude 11 Producer Download Version
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"hon" = Heroes of Newerth
"MAGIX_MSI_samplitude_11_producer" = Samplitude 11 Producer Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Maxthon3" = Maxthon 3
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"mv61xxDriver" = marvell 61xx
"OpenAL" = OpenAL
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 7" = TeamViewer 7
"Trillian" = Trillian
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WinLiveSuite" = Windows Live Essentials
"ZOTAC FireStorm" = ZOTAC FireStorm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Timewave Calculator" = Timewave Calculator
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.04.2012 23:04:28 | Computer Name = *-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 11.04.2012 23:40:49 | Computer Name = *-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c9db  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004ad14
ID
 des fehlerhaften Prozesses: 0x11a0  Startzeit der fehlerhaften Anwendung: 0x01cd162b5fd49594
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 4b12e5c8-8451-11e1-bdbe-485b39c043ec
 
Error - 12.04.2012 20:16:25 | Computer Name = *-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 13.04.2012 20:47:17 | Computer Name = *-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ChipUtil.exe, Version: 0.6.0.0, Zeitstempel:
 0x4d4c5fa1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000003  ID des fehlerhaften Prozesses:
 0x3d0  Startzeit der fehlerhaften Anwendung: 0x01cd19d821bacb27  Pfad der fehlerhaften
 Anwendung: C:\Users\*\awc_*\Downloads\ChipUtil.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 61d3e806-85cb-11e1-9bd4-485b39c043ec
 
Error - 13.04.2012 20:47:23 | Computer Name = *-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ChipUtil.exe, Version: 0.6.0.0, Zeitstempel:
 0x4d4c5fa1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000003  ID des fehlerhaften Prozesses:
 0x538  Startzeit der fehlerhaften Anwendung: 0x01cd19d826f01e70  Pfad der fehlerhaften
 Anwendung: C:\Users\*\awc_*\Downloads\ChipUtil.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 65c1d252-85cb-11e1-9bd4-485b39c043ec
 
Error - 13.04.2012 23:56:33 | Computer Name = *-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 14.04.2012 23:12:03 | Computer Name = *-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 15.04.2012 22:17:10 | Computer Name = *-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 16.04.2012 21:46:32 | Computer Name = *-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 18.04.2012 21:50:56 | Computer Name = *-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 13.04.2012 20:47:22 | Computer Name = *-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PCI Utility" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 13.04.2012 20:47:22 | Computer Name = *-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PCI Utility" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 14.04.2012 09:02:29 | Computer Name = *-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SBSD Security Center Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 18.04.2012 18:50:23 | Computer Name = *-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Arp Intelligent Protection Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 19.04.2012 05:36:23 | Computer Name = *-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Arp Intelligent Protection Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 19.04.2012 05:43:34 | Computer Name = *-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Arp Intelligent Protection Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 19.04.2012 05:44:06 | Computer Name = *-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Hi-Rez Studios Authenticate and Update Service erreicht.
 
Error - 19.04.2012 05:46:37 | Computer Name = *-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147467243
 
Error - 19.04.2012 05:55:49 | Computer Name = *-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Arp Intelligent Protection Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 19.04.2012 06:02:41 | Computer Name = *-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
 
< End of report >

kira · 20.04.2012, 07:55

Systemreinigung und Prüfung:

1.
Das Protokoll mir posten:

Zitat:

C:\TDSSKiller_Quarantine

2.
Deine eigenen Einstellungen, sofern Du welche vorgenommen hast?:

Code:

ATTFilter

FF - prefs.js..network.proxy.ftp: "184.58.38.65"
FF - prefs.js..network.proxy.http: "184.106.168.253:80"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.socks: "67.191.152.81 "
FF - prefs.js..network.proxy.socks_port: 1830
FF - prefs.js..network.proxy.ssl: "184.58.38.65"
FF - prefs.js..network.proxy.type: 4

3.
kann ich nicht zuordnen, um was handelt es sich dabei ?:

Code:

ATTFilter

[2012.04.08 14:07:57 | 000,744,830 | ---- | C] () -- C:\Users\*\Desktop\qweqweew.jpg
[2012.04.02 16:41:44 | 000,067,261 | ---- | C] () -- C:\Users\*\Desktop\$(KGrHqZ,!ngE9jTwwwylBPeMB!hzyQ~~48_20.jpg

Fotos, Bilder, Musik Dokumente etc, sortiert und in eigene Ordner abgelegen! Desktop ist dafür nicht geeignet und nicht gedacht!

Zitat:

auf Desktop sollten nur Verknüpfungen für häufig verwendete Programme liegen, um sie schneller starten zu können, das erspart den Programmaufruf

4.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.tepela.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=pxCSpChA
IE - HKCU\..\SearchScopes\{57F65DD1-81C4-4203-ABB2-A174760C8461}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=dd990f0d-6ffd-4c2a-be73-17f4191d74f2&apn_sauid=E65AD59B-F911-422C-AF25-D558E3A1EBA4&
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2011.11.17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\askcom.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
[2012.04.19 16:33:05 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-987780610-3538441487-330058490-1000UA.job
[2012.04.18 17:33:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-987780610-3538441487-330058490-1000Core.job
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:07BF512B

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

5.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

6.

lade Dir SUPERAntiSpyware FREE Edition herunter.
Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

8.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

9.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

jaquess · 20.04.2012, 11:37

Hallo wieder,

danke schon mal für die Arbeit und für die Hinweise.
Um das etwas abzukürzen: Bis Punkt 7 habe ich alles verstanden und die anderen Einträge sind okay, die kann ich bestätigen.

Hier der OTL Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E :invalid edit format. No such root key.
64bit-Registry key Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E :invalid edit format. No such root key.
Registry key Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E :invalid edit format. No such root key.
Registry key Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key Software\Microsoft\Internet Explorer\SearchScopes\{57F65DD1-81C4-4203-ABB2-A174760C8461}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57F65DD1-81C4-4203-ABB2-A174760C8461}\ not found.
Registry key Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\*\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\*\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\askcom.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-987780610-3538441487-330058490-1000UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-987780610-3538441487-330058490-1000Core.job moved successfully.
ADS C:\ProgramData\TEMP:07BF512B deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\*\awc_*\Downloads\cmd.bat deleted successfully.
C:\Users\*\awc_*\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: *
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 231362025 bytes
->Java cache emptied: 425234266 bytes
->FireFox cache emptied: 1265377965 bytes
->Google Chrome cache emptied: 440273317 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 172937 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 4 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 12288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 280925 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 736 bytes
RecycleBin emptied: 6634525 bytes
 
Total Files Cleaned = 2.260,00 mb
 
 
OTL by OldTimer - Version 3.2.40.0 log created on 04202012_114025

Files\Folders moved on Reboot...
C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\data_4 moved successfully.
C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\data_5 moved successfully.
C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

Registry entries deleted on Reboot...

Hier der Superantispywarelog:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/20/2012 at 12:30 PM

Application Version : 5.0.1146

Core Rules Database Version : 8486
Trace Rules Database Version: 6298

Scan type       : Complete Scan
Total Scan Time : 00:33:25

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 528
Memory threats detected   : 0
Registry items scanned    : 65143
Registry threats detected : 0
File items scanned        : 55160
File threats detected     : 1

Trojan.Agent/Gen-MSFake
	C:\USERS\*\APPDATA\ROAMING\DESKTOPICONFORAMAZON\ICONFORAMAZON.EXE

9. wird bald nachgeliefert.

Hier der OTL Log, diesmal kein Extra dabei:

Code:

ATTFilter

OTL logfile created on: 20.04.2012 14:55:11 - Run 2
OTL by OldTimer - Version 3.2.40.0     Folder = C:\Users\*\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 4,26 Gb Available Physical Memory | 53,32% Memory free
14,00 Gb Paging File | 9,86 Gb Available in Paging File | 70,45% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 703,03 Gb Free Space | 75,47% Space Free | Partition Type: NTFS
 
Computer Name: *-PC | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.20 14:32:47 | 000,102,400 | ---- | M] (S2 Games) -- c:\Program Files (x86)\Heroes of Newerth\hon.exe
PRC - [2012.04.19 12:18:33 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\*\Downloads\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.25 19:33:06 | 000,237,872 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe
PRC - [2011.12.19 01:00:00 | 003,284,992 | ---- | M] () -- c:\program files (x86)\trillian\plugins\skypekit.exe
PRC - [2011.12.19 01:00:00 | 002,362,720 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2011.09.23 19:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.09.23 19:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.23 12:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.12.28 22:33:02 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.20 14:32:47 | 009,297,920 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\k2.dll
MOD - [2012.04.20 14:32:47 | 000,774,144 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\vid_d3d9.dll
MOD - [2012.04.20 14:32:23 | 004,603,904 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\game\game_shared.dll
MOD - [2012.04.20 14:32:23 | 001,896,448 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\game\cgame.dll
MOD - [2012.04.18 12:35:58 | 000,441,840 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\ppGoogleNaClPluginChrome.dll
MOD - [2012.04.18 12:35:56 | 003,921,904 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\pdf.dll
MOD - [2012.04.18 12:34:41 | 000,553,456 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\libglesv2.dll
MOD - [2012.04.18 12:34:40 | 000,117,744 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\libegl.dll
MOD - [2012.04.18 12:34:30 | 000,134,656 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\avutil-51.dll
MOD - [2012.04.18 12:34:29 | 000,250,368 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\avformat-54.dll
MOD - [2012.04.18 12:34:28 | 002,375,680 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\avcodec-54.dll
MOD - [2012.04.18 11:35:12 | 008,743,584 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\gcswf32.dll
MOD - [2012.04.18 11:35:12 | 008,743,584 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\APPLIC~1\190108~1.30\gcswf32.dll
MOD - [2012.04.12 21:26:26 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012.04.12 21:26:21 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012.03.23 13:59:23 | 002,275,328 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\libsndfile-1.dll
MOD - [2012.03.23 13:59:23 | 000,456,704 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\openal32.dll
MOD - [2012.02.16 22:28:36 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.16 22:28:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.16 22:28:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.02.03 15:47:21 | 000,102,400 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\sfml-audio.dll
MOD - [2012.02.03 15:47:21 | 000,033,792 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\sfml-system.dll
MOD - [2012.01.25 19:33:06 | 000,237,872 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe
MOD - [2011.12.19 01:00:00 | 003,284,992 | ---- | M] () -- c:\program files (x86)\trillian\plugins\skypekit.exe
MOD - [2011.12.19 01:00:00 | 000,193,024 | ---- | M] () -- C:\Program Files (x86)\Trillian\libspeex.dll
MOD - [2011.12.19 01:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng15.dll
MOD - [2011.12.19 01:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll
MOD - [2011.12.19 01:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll
MOD - [2011.12.19 01:00:00 | 000,011,264 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\buddy.dll
MOD - [2011.12.19 01:00:00 | 000,007,168 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\talk.dll
MOD - [2011.12.19 01:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\trillian.dll
MOD - [2011.12.19 01:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\events.dll
MOD - [2011.12.19 01:00:00 | 000,003,584 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\toolkit.dll
MOD - [2011.10.13 13:07:16 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011.10.13 13:06:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.01.28 00:59:18 | 000,074,240 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\zlibwapi.dll
MOD - [2009.06.05 07:16:26 | 000,664,576 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.05 12:34:24 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.14 00:55:09 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.05 12:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.04.05 12:34:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.11.17 18:39:02 | 003,993,576 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.09.23 19:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.23 19:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.23 13:44:37 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.28 22:33:02 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 14:33:30 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.01.25 19:32:58 | 000,339,760 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioDelta.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.09.21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011.09.16 00:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.09.16 00:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 12:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.09.22 21:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010.06.01 18:28:10 | 000,769,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\arusb_win7x.sys -- (arusb_win7x)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.08.24 07:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:36:04 | 000,694,272 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxusbase.sys -- (FXUSBASE)
DRV:64bit: - [2009.06.10 22:36:02 | 000,079,872 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmcowan.sys -- (AVMCOWAN)
DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.12 00:49:10 | 000,178,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.06.17 09:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007.10.12 02:00:22 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.10.12 01:56:34 | 000,582,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV561V64.sys -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2012.02.07 14:09:00 | 000,030,592 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Programme\HWiNFO64\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2011.10.31 17:22:10 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2011.06.02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.12.31 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 C7 B8 67 9B E4 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.tepela.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=pxCSpChA
IE - HKCU\..\SearchScopes\{57F65DD1-81C4-4203-ABB2-A174760C8461}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=dd990f0d-6ffd-4c2a-be73-17f4191d74f2&apn_sauid=E65AD59B-F911-422C-AF25-D558E3A1EBA4&
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..network.proxy.ftp: "184.58.38.65"
FF - prefs.js..network.proxy.http: "184.106.168.253:80"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.socks: "67.191.152.81 "
FF - prefs.js..network.proxy.socks_port: 1830
FF - prefs.js..network.proxy.ssl: "184.58.38.65"
FF - prefs.js..network.proxy.type: 4
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.19 16:20:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.15 14:03:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.19 12:26:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\*\AppData\Roaming\IDM\idmmzcc5
 
[2011.02.27 01:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2012.04.14 02:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions
[2011.04.25 18:47:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.03.24 11:53:24 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2011.07.23 14:45:44 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012.03.28 23:55:14 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\cacaoweb@cacaoweb.org
[2011.03.16 20:31:17 | 000,002,198 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\google-search.xml
[2012.04.18 11:46:08 | 000,000,950 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\icqplugin-1.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\icqplugin.xml
[2012.04.08 01:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.08 01:46:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\LDSI_PLASHCOR@GMAIL.COM.XPI
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.08 01:45:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\*\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.132\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Google Update (Enabled) = C:\Users\*\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.0_0\
CHR - Extension: Angry Birds = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Session Manager = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\
CHR - Extension: YouTube = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.31_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\
CHR - Extension: Timer = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\khkndikhbnfgibpkpdgdnmdlcfpkichc\1.3_0\
CHR - Extension: Little Alchemy = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.11_0\
CHR - Extension: Nik Daum = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmkmldnjgfdccdgolepaifdniikpejma\2_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.11_0\
CHR - Extension: Pocket Legends = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp\1.7.5.3_0\
CHR - Extension: Google Mail Checker = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Connected Mind = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkffmgahaepmhkhkblhopnpleeikokc\1.1.5_0\
 
O1 HOSTS File: ([2012.03.19 16:43:58 | 000,440,678 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15173 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\DeltaIITray.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{919CA3F9-C138-431A-9882-49E391217ABA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.20 15:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.04.20 12:51:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F7464888-C73D-4680-8DE5-3E425914F249}
[2012.04.20 12:50:44 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E18F1A96-0041-40E9-B231-F46D9FB7F910}
[2012.04.20 11:55:03 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\SUPERAntiSpyware.com
[2012.04.20 11:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.04.20 11:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.04.20 11:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.04.20 11:40:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.20 00:39:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{34D634BC-1066-44AE-9D58-BF841DDB8AC8}
[2012.04.20 00:38:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{87B75A8D-D9A2-4F4E-8E0B-00B75DCA30FD}
[2012.04.19 17:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\seRapid
[2012.04.19 16:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.04.19 12:33:37 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F97151B6-C15C-46A6-9060-7EAE240C79C3}
[2012.04.19 12:33:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{27DBF578-C391-4F85-81F7-36F6F31F5BEA}
[2012.04.19 12:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.19 12:09:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.04.19 12:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.19 12:04:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.19 11:39:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.04.19 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{063FDBBC-0155-47B9-9B69-EDA831C42C6E}
[2012.04.19 00:01:19 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{5E276D00-1A86-4FD0-AE26-6F87829B0B0F}
[2012.04.18 23:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg
[2012.04.18 23:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.04.18 12:00:54 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F8EF2ABD-277F-4028-946E-A577D15E5114}
[2012.04.18 12:00:32 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{04368897-ED2C-452E-8E5D-F38DD7B97311}
[2012.04.18 00:00:05 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{262631B2-9E3F-41EE-A1AC-9217430B12A6}
[2012.04.17 23:59:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{87798669-6205-45F7-9DE8-B5B1E8AD2856}
[2012.04.17 15:11:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.04.17 11:59:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{95A8D1CA-E3FA-4212-933D-CE736338B9BD}
[2012.04.17 11:58:55 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FA49D5E4-A201-43BD-93B4-291E503BAEB6}
[2012.04.16 23:58:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1D9AE958-8366-46B3-9DD7-642DBDA3AB25}
[2012.04.16 23:58:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{81C72D88-C36A-4361-A645-2C4EF4F96F0F}
[2012.04.16 11:57:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{25BBEAEC-0EFD-4F96-8ECA-6B536BE88BCE}
[2012.04.16 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{D9CAEED7-6ACF-443D-801F-59B12859DE3C}
[2012.04.16 00:38:16 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\GaiaMachina
[2012.04.15 23:56:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{7EC193CB-6C08-4A83-B873-4CE5F797B17C}
[2012.04.15 23:56:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A8B09E70-71E1-4B63-9AAE-70811D6653E0}
[2012.04.15 20:45:48 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.04.15 20:45:48 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.04.15 20:45:48 | 000,133,632 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012.04.15 20:45:48 | 000,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012.04.15 20:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.04.15 20:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
[2012.04.15 20:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grinding Gear Games
[2012.04.15 11:56:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F75CAB67-1706-4C00-B357-4908932F6BDD}
[2012.04.15 11:55:39 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F10E97FA-ED03-41FB-9E97-D47194345A14}
[2012.04.14 23:55:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E4E2E912-2CE8-4DEF-AB43-91F637591325}
[2012.04.14 23:54:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{9A45173C-D124-4D72-B47F-052416D65329}
[2012.04.14 11:54:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{51BF5AC6-FCEA-4C1C-987A-59640B5B80B3}
[2012.04.14 11:54:03 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{97E873B6-CE46-4BC1-A8AB-7D2E4553953F}
[2012.04.14 02:49:42 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys
[2012.04.14 02:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012.04.14 02:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012.04.14 02:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012.04.13 23:53:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A09F1F6E-0D89-4723-9E98-E669EF1A48D2}
[2012.04.13 23:53:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{7EE96697-7DD9-47A9-A890-9FDBE024DE91}
[2012.04.13 19:33:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\TeamViewer
[2012.04.13 18:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.04.13 15:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
[2012.04.13 15:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO64
[2012.04.13 11:52:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{46986B76-F4EB-4D0D-A39A-B1D5ED185BE1}
[2012.04.13 11:52:39 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{592354DB-6FAA-4153-826C-362226A153E3}
[2012.04.13 11:51:11 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012.04.13 11:50:40 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.04.13 11:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.04.13 11:41:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B4C0C2CB-16BD-497F-808F-41646A5614B5}
[2012.04.12 23:40:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{00D7D815-33CB-4A8C-AA2D-59DB5502104D}
[2012.04.12 23:34:37 | 004,777,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\*\Desktop\procexp.exe
[2012.04.12 21:55:07 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.12 21:24:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.12 17:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012.04.12 17:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012.04.12 17:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012.04.12 11:39:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{99C37F54-8615-451C-BEEA-7B06DE2211CB}
[2012.04.11 23:39:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0A8B169E-DC78-4AD3-B920-DFEC9906FDD2}
[2012.04.11 21:31:56 | 003,993,576 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2012.04.11 21:31:49 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2012.04.11 21:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2012.04.11 20:44:58 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\JDownloaderUpdater2b
[2012.04.11 20:35:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\DesktopIconForAmazon
[2012.04.11 20:28:06 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.11 20:28:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.11 20:28:06 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.11 20:26:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.11 20:26:36 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.11 20:26:35 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.11 20:25:45 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.04.11 20:25:44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.11 20:25:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.11 20:25:44 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.11 20:25:44 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.11 20:25:44 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.11 20:25:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.11 11:38:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{5E58F638-1901-4F3D-B6C2-72A9C887F51F}
[2012.04.10 23:38:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{3B58B1AA-3818-4231-8179-401DFEFC9F4D}
[2012.04.10 11:29:37 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1266F8D2-ED09-4CE8-95E8-29144A9D6E80}
[2012.04.09 23:29:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1658D8A0-938A-4B38-90D5-2CAD6BCFF066}
[2012.04.09 10:30:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A5735F8E-16C8-4792-AF87-D68DDE3B2427}
[2012.04.08 17:10:06 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\GUILD WARS 2
[2012.04.08 17:09:57 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\GUILD WARS
[2012.04.08 13:34:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6DDC8B4B-1EEE-4D72-96C9-0AD21374EC12}
[2012.04.08 01:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.04.08 01:46:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.04.08 01:46:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.04.08 01:46:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.04.08 01:20:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{BAF2E003-BC3B-4376-A625-C655CBCD9F31}
[2012.04.07 13:19:47 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FA671320-2524-4D43-8767-B29E69724657}
[2012.04.07 01:19:22 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2BD297B0-F4CF-403B-85AD-F5BE18686809}
[2012.04.06 12:50:59 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{76E904C0-4EE5-457C-8170-4FB2E36F831B}
[2012.04.06 00:41:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{561CEC4A-71AD-4A31-9312-319F1B4E580A}
[2012.04.05 12:41:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{78F7DDB0-43EC-4724-837B-54451463E092}
[2012.04.05 00:40:43 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{03AAAD0C-53A6-44F3-81A7-C40AC1DD5501}
[2012.04.04 15:06:25 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\beh
[2012.04.04 12:00:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{063C53A3-B296-4A13-AA1C-0AAD213B22E6}
[2012.04.03 23:47:39 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2D73F493-25A2-467D-ADAA-84BF1C1D1E56}
[2012.04.03 18:27:15 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Neuer Ordner
[2012.04.03 10:23:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{CCD59EB0-49A1-4DBE-8D14-39CFA8322E9D}
[2012.04.02 14:59:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6CF3AF00-78B6-44D7-A6F7-6AD3C0DCD78C}
[2012.04.02 01:29:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{72A50365-78BA-455B-9F1D-9F725B83BDE7}
[2012.04.01 11:28:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{787D1099-AF38-4E65-A8A7-29A3654877AE}
[2012.03.31 23:28:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F3ABD55F-867F-487E-A365-6077E53EC51D}
[2012.03.31 11:27:43 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0EF3E41F-CED2-4804-8707-6432CC587A9C}
[2012.03.30 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{EBFF16E4-5A27-498F-9FBC-34AA19B646ED}
[2012.03.30 10:34:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FEBFC2AF-8A2A-4665-AAB2-4259012FCE01}
[2012.03.29 17:33:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0D04ABF7-D356-4850-B6F1-AE52D5F33AEB}
[2012.03.29 05:29:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{EBE059D3-48CD-4425-9108-F3E6BF39B2DD}
[2012.03.28 16:42:09 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{20953C6F-1F30-42DD-97B1-DD9BF8A8542B}
[2012.03.28 16:41:46 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1A85413B-438A-46A1-BFBC-1A10496DA5F2}
[2012.03.27 23:58:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{96D1F40F-14D0-4A4F-B874-8CC1CE54D4F8}
[2012.03.27 23:58:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E7C66D10-8241-4BDD-81C3-1A2420377C09}
[2012.03.27 10:58:59 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{87BA0DCF-4B50-4534-B3CD-60B20605B3B3}
[2012.03.27 10:58:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0EC87842-E126-4BB3-AEA8-36DC45D2783A}
[2012.03.26 14:25:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{13961169-CAD4-4767-ACC0-AC9B380BC8F1}
[2012.03.26 13:36:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2D42F454-D18C-484D-857D-0EDB18D8D450}
[2012.03.26 13:36:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{524D5408-5477-4658-BD54-659CF3AEAD95}
[2012.03.25 16:52:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B8D0A01E-33AD-4941-855D-60526C926770}
[2012.03.25 16:52:14 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6A7DF72F-C2EE-4217-A698-BA1DFE016B88}
[2012.03.25 14:12:55 | 000,532,480 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysNative\drivers\PAC7302.SYS
[2012.03.25 14:12:55 | 000,141,824 | ---- | C] (PixArt Imaging Incorporation) -- C:\Windows\SysWow64\SP7302.AX
[2012.03.25 14:12:55 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\AMCap.exe
[2012.03.25 14:12:55 | 000,008,704 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysNative\CoInst.dll
[2012.03.25 14:12:54 | 000,000,000 | ---D | C] -- C:\Windows\Pixart
[2012.03.25 03:17:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{D41DF2CB-BB63-43C9-878C-7671B7534062}
[2012.03.25 03:17:29 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A9E41C2D-91C2-4C78-9023-C8F7E62067E6}
[2012.03.24 15:17:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A4812894-97C8-4561-907C-0EF242BEFAE8}
[2012.03.24 15:16:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{8AABCBD9-A138-41FD-AC9A-8CD1150845AA}
[2012.03.24 02:30:35 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{240789B6-0A91-4296-83FE-53AC51A28056}
[2012.03.24 02:30:24 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2E3AAC33-F1E0-4903-B1EF-D630BE5C2C3E}
[2012.03.23 10:17:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{9BE931B5-E1C1-4BF7-806E-00A844D2A83F}
[2012.03.23 10:17:20 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{68BF5D3C-7931-4416-9E6A-407F087A013A}
[2012.03.22 15:23:24 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{178B9A57-E153-4CDC-B165-49606336DCA6}
[2012.03.22 15:23:01 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Local\{4182FD70-04A4-49A7-82D7-6F37B71EC325}
[2012.03.22 02:59:19 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A0E1C79C-730E-4BC7-A7F9-BB808543BBD2}
[2012.03.22 02:58:57 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{9EBD3D06-95F2-4C74-B26E-E83BB54F547F}
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.20 14:55:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.20 11:54:44 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.20 11:53:03 | 000,013,536 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.20 11:53:03 | 000,013,536 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.20 11:51:23 | 001,506,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.20 11:51:23 | 000,658,700 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.20 11:51:23 | 000,619,246 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.20 11:51:23 | 000,131,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.20 11:51:23 | 000,108,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.20 11:45:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.20 11:45:33 | 2146,832,383 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.19 21:31:22 | 000,001,084 | ---- | M] () -- C:\Windows\seRapid.INI
[2012.04.19 17:23:30 | 000,000,929 | ---- | M] () -- C:\Users\*\Desktop\InfoRapid Suchen & Ersetzen.lnk
[2012.04.19 12:02:53 | 000,042,672 | ---- | M] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012.04.19 11:38:27 | 001,536,142 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.19 11:38:06 | 000,019,552 | ---- | M] () -- C:\Windows\prodsett_copy.ini
[2012.04.18 16:55:15 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012.04.18 16:55:15 | 000,000,913 | ---- | M] () -- C:\Users\*\Desktop\CPUID CPU-Z.lnk
[2012.04.17 08:23:20 | 000,001,321 | ---- | M] () -- C:\Users\*\Desktop\11 Jesus On Acid.mp3 - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,291 | ---- | M] () -- C:\Users\*\Desktop\150-McKennaUFOs.mp3 - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,245 | ---- | M] () -- C:\Users\*\Desktop\02 - Closet.mp3 - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,174 | ---- | M] () -- C:\Users\*\Desktop\DSC01609.JPG - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,085 | ---- | M] () -- C:\Users\*\Desktop\DotHacker - Eye Opener.mp3 - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,017 | ---- | M] () -- C:\Users\*\Desktop\avfgdb jhm.jpg - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,999 | ---- | M] () -- C:\Users\*\Desktop\g6kssfib.png - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,979 | ---- | M] () -- C:\Users\*\Desktop\Avatar.png - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,951 | ---- | M] () -- C:\Users\*\Desktop\True Hallucinations (Audio Book) - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,944 | ---- | M] () -- C:\Users\*\Desktop\gw2.png - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,720 | ---- | M] () -- C:\Users\*\Desktop\Scanner - Verknüpfung.lnk
[2012.04.15 20:45:48 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.04.15 20:45:48 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.04.15 20:45:48 | 000,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012.04.15 20:45:48 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012.04.15 20:45:48 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2012.04.14 20:50:18 | 000,037,496 | ---- | M] () -- C:\Users\*\Desktop\annegarcia.png
[2012.04.14 15:11:31 | 000,007,589 | ---- | M] () -- C:\Users\*\AppData\Local\resmon.resmoncfg
[2012.04.14 00:55:09 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.14 00:55:09 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.14 00:55:06 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.13 19:10:15 | 000,104,181 | ---- | M] () -- C:\Users\*\Desktop\Ghost-Recon-Online-Classes.jpg
[2012.04.13 18:58:50 | 000,317,902 | ---- | M] () -- C:\Users\*\Desktop\Trillian.jpg
[2012.04.13 18:52:07 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.04.12 17:41:00 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012.04.12 01:18:59 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.04.09 15:54:33 | 000,103,902 | ---- | M] () -- C:\Users\*\Desktop\g6kssfib.png
[2012.04.08 01:45:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.04.08 01:45:58 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.04.08 01:45:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.04.08 01:45:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.04.05 12:34:28 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.04.05 12:34:26 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.04.05 12:34:26 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.04.05 12:34:24 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.04.05 12:34:22 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.25 14:16:04 | 000,921,636 | ---- | M] () -- C:\PA7302.DAT
[2012.03.23 18:45:11 | 000,000,000 | ---- | M] () -- C:\Users\*\Documents\ts3_clientui-win64-1329301801-2012-03-23 17_45_11.459092.dmp
 
========== Files Created - No Company Name ==========
 
[2012.04.20 11:54:44 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.19 17:32:50 | 000,001,084 | ---- | C] () -- C:\Windows\seRapid.INI
[2012.04.19 17:23:30 | 000,000,941 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfoRapid Suchen & Ersetzen.lnk
[2012.04.19 17:23:30 | 000,000,929 | ---- | C] () -- C:\Users\*\Desktop\InfoRapid Suchen & Ersetzen.lnk
[2012.04.19 12:02:53 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012.04.19 11:38:06 | 000,019,552 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2012.04.17 08:23:20 | 000,001,291 | ---- | C] () -- C:\Users\*\Desktop\150-McKennaUFOs.mp3 - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,245 | ---- | C] () -- C:\Users\*\Desktop\02 - Closet.mp3 - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,174 | ---- | C] () -- C:\Users\*\Desktop\DSC01609.JPG - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,085 | ---- | C] () -- C:\Users\*\Desktop\DotHacker - Eye Opener.mp3 - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,001,017 | ---- | C] () -- C:\Users\*\Desktop\avfgdb jhm.jpg - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,999 | ---- | C] () -- C:\Users\*\Desktop\g6kssfib.png - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,979 | ---- | C] () -- C:\Users\*\Desktop\Avatar.png - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,951 | ---- | C] () -- C:\Users\*\Desktop\True Hallucinations (Audio Book) - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,944 | ---- | C] () -- C:\Users\*\Desktop\gw2.png - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,913 | ---- | C] () -- C:\Users\*\Desktop\CPUID CPU-Z.lnk
[2012.04.17 08:23:20 | 000,000,789 | ---- | C] () -- C:\Users\*\Desktop\VA-2001-WL-OST - Verknüpfung.lnk
[2012.04.17 08:23:20 | 000,000,720 | ---- | C] () -- C:\Users\*\Desktop\Scanner - Verknüpfung.lnk
[2012.04.15 20:45:48 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2012.04.14 02:49:42 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012.04.13 19:10:18 | 000,104,181 | ---- | C] () -- C:\Users\*\Desktop\Ghost-Recon-Online-Classes.jpg
[2012.04.13 18:58:50 | 000,317,902 | ---- | C] () -- C:\Users\*\Desktop\Trillian.jpg
[2012.04.13 18:52:07 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.04.13 18:52:07 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.04.12 21:24:29 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.12 17:41:00 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012.04.11 21:31:49 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2012.03.25 14:15:14 | 000,921,636 | ---- | C] () -- C:\PA7302.DAT
[2012.03.25 14:12:55 | 000,000,868 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI
[2012.03.23 18:45:11 | 000,000,000 | ---- | C] () -- C:\Users\**\Documents\ts3_clientui-win64-1329301801-2012-03-23 17_45_11.459092.dmp
[2012.01.25 19:33:06 | 000,237,872 | ---- | C] () -- C:\Windows\SysWow64\DeltaIITray.exe
[2011.11.15 03:42:04 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.11.14 02:49:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.11.14 02:49:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.11.14 02:49:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.11.14 02:49:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.11.14 02:49:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.11.10 15:25:12 | 000,182,222 | ---- | C] () -- C:\ProgramData\1320930928.bdinstall.bin
[2011.11.03 22:04:49 | 000,102,248 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.10.23 12:19:31 | 000,022,528 | ---- | C] () -- C:\Windows\exeshl.dll
[2011.10.17 04:44:40 | 000,237,956 | ---- | C] () -- C:\ProgramData\1318819109.bdinstall.bin
[2011.10.17 03:43:48 | 000,643,821 | ---- | C] () -- C:\ProgramData\1318808714.bdinstall.bin
[2011.10.17 00:02:34 | 000,000,502 | ---- | C] () -- C:\ProgramData\1318802548.bdinstall.bin
[2011.10.13 04:43:40 | 000,000,496 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.10.06 02:27:52 | 000,017,408 | ---- | C] () -- C:\Users\*\AppData\Local\WebpageIcons.db
[2011.09.22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.03 14:17:10 | 000,000,600 | ---- | C] () -- C:\Users\*\AppData\Roaming\winscp.rnd
[2011.06.10 18:26:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.06.10 14:34:37 | 000,000,049 | ---- | C] () -- C:\Windows\SamControlpanel95.INI
[2011.04.25 18:52:22 | 000,000,336 | ---- | C] () -- C:\ProgramData\44228360
[2011.04.25 18:36:00 | 000,007,589 | ---- | C] () -- C:\Users\*\AppData\Local\resmon.resmoncfg
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.04.03 02:04:51 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.03.22 03:37:08 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011.03.02 20:49:06 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.02.27 20:53:09 | 001,536,142 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.27 08:08:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.02.27 07:58:47 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.02.27 07:58:47 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.02.27 01:28:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.26 22:44:22 | 000,000,015 | ---- | C] () -- C:\Windows\Firestorm.INI
 
========== LOP Check ==========
 
[2011.07.23 22:55:04 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\.minecraft
[2011.11.05 13:47:23 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\.purple
[2011.10.10 14:52:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\2K Sports
[2011.11.01 14:55:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Atari
[2011.11.19 17:39:40 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Auslogics
[2011.03.26 16:07:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Cuuq
[2012.04.14 14:32:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DesktopIconForAmazon
[2011.09.03 16:29:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DMCache
[2011.08.28 12:54:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FileZilla
[2012.04.06 16:23:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQ
[2012.02.06 10:39:22 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\IDM
[2011.09.01 23:47:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\JoyChina
[2011.09.02 14:46:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Kalypso Media
[2011.08.03 20:26:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Leadertech
[2011.04.22 20:14:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\LolClient
[2011.08.07 18:19:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MAGIX
[2011.11.19 17:53:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ManyCam
[2012.01.24 16:44:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Maxthon3
[2011.04.28 22:41:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MMOUI
[2011.03.23 18:53:55 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mumble
[2011.10.20 20:34:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenCandy
[2011.05.30 16:16:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenOffice.org
[2011.09.02 19:41:56 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Opera
[2012.03.20 19:36:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Origin
[2011.10.17 01:46:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\QuickScan
[2012.03.19 17:51:18 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Rebeed
[2012.03.18 00:27:36 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Rift
[2011.04.23 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Stardock
[2011.08.06 21:49:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\streamWriter
[2012.04.13 20:12:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer
[2012.04.02 21:10:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Trillian
[2012.04.20 11:52:23 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TS3Client
[2012.01.05 05:54:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ts3overlay
[2011.09.01 18:45:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2011.10.20 19:01:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Tunngle
[2011.12.25 21:22:22 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Unity
[2012.03.19 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Uwsoo
[2011.03.31 00:59:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Weba
[2011.02.27 16:37:24 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Windows Live Writer
[2012.03.08 19:39:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Xeip
[2012.03.08 19:37:09 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zio
[2012.02.16 22:26:15 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

HTML/Infected.WebPage.Gen2 meldet Antivir

Log-Analyse und Auswertung: HTML/Infected.WebPage.Gen2 meldet Antivir