Counterstrike spielt nicht vorhandene Sounds ab (Nach Source SDK Download)

NichtBot · 23.04.2012, 07:01

Guten Morgen zusammen. Ich habe hier ein kleines nerviges Problem.
Da ich bei mir auf dem Rechner die "Skybox" meiner Counter-Strike Source Karten ändern wollte, habe ich mir über Steam "Source SDK" heruntergeladen.
Wenn ich nun auf einen Server komme, hört man einen Sound, wo sich 2 Jugendlich erheitert auf deutsch unterhalten. Beende ich CSS hören die Sounds auf. Joine ich jedoch nur auf einen anderen Server, bleibt der Sound am laufen. By the way, mir ist aufgefallen das beim abspielen dieses Sounds meine Latenz von 30ms auf ca. 100 ms hochgeht.
Bin so langsam am ende, mit meinem Latein. Google hilft zwar oft, aber diesesmal war Google überfordert :/

Zitat:

OTL logfile created on: 23.04.2012 07:38:20 - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Daniel\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

6,00 Gb Total Physical Memory | 4,62 Gb Available Physical Memory | 76,98% Memory free
12,00 Gb Paging File | 10,33 Gb Available in Paging File | 86,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,73 Gb Total Space | 38,66 Gb Free Space | 27,67% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 54,88 Gb Free Space | 93,66% Space Free | Partition Type: NTFS
Drive E: | 127,71 Gb Total Space | 107,43 Gb Free Space | 84,12% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.23 07:36:43 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Downloads\OTL.exe
PRC - [2012.04.16 17:49:06 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.exe
PRC - [2012.04.16 17:49:06 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BBSvc.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.03 19:18:00 | 001,262,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.04.03 07:15:44 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.03.13 14:36:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.08.02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2008.07.11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe

========== Modules (No Company Name) ==========

MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2008.07.11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.20 18:20:25 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.16 17:49:06 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.04.16 17:49:06 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BBSvc.exe -- (BBSvc)
SRV - [2012.04.14 21:14:39 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.03 19:18:00 | 001,262,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.04.03 07:15:44 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.03.13 14:36:17 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.07.05 11:28:46 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.04.06 20:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.08 13:20:01 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.03.08 13:20:01 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011.09.13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.08.08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.07.11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.07.11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.07.11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.07.11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.08.24 17:40:00 | 001,029,120 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)
DRV:64bit: - [2010.02.25 17:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012.04.04 11:34:04 | 000,017,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Daniel\AppData\Local\Temp\006A717.tmp -- (X6va006)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=110021&tt=290312_bexdll&babsrc=HP_ss&mntrId=48d5315d000000000000001bfc4f1889
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 15 5A 01 EB 12 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110021&tt=290312_bexdll&babsrc=SP_ss&mntrId=48d5315d000000000000001bfc4f1889
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=110021&tt=290312_bexdll&babsrc=adbartrp&mntrId=48d5315d000000000000001bfc4f1889&q="
FF - prefs.js..network.proxy.http: "206.208.183.97"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.03.13 08:28:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.13 09:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@2yourface.com: C:\Program Files (x86)\2YourFace\ffextension [2012.04.13 10:40:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.21 20:07:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 09:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.13 09:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.13 09:34:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@2yourface.com: C:\Program Files (x86)\2YourFace\ffextension [2012.04.13 10:40:33 | 000,000,000 | ---D | M]

[2012.03.08 13:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2012.04.13 11:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ip2mbkpe.default\extensions
[2012.04.21 20:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IP2MBKPE.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.13 10:40:24 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (2YourFace Addon) - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Program Files (x86)\2YourFace\bho.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [Cmaudio8768GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8768GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD132A5-85E2-437E-85CA-52D1F2AE10F3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.04.23 07:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.04.23 07:37:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.04.23 01:22:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\xdream
[2012.04.23 01:22:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Neues Verzeichnis
[2012.04.23 01:18:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Nem's Tools
[2012.04.23 01:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nem's Tools
[2012.04.23 01:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Nem's Tools
[2012.04.20 15:20:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2012.04.20 15:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.20 15:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.20 15:20:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.20 15:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.19 19:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN
[2012.04.19 19:16:32 | 000,029,696 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012.04.19 19:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN
[2012.04.19 11:05:37 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Diagnostics
[2012.04.18 12:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.04.18 12:33:26 | 025,720,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.04.18 12:33:26 | 025,246,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.04.18 12:33:26 | 019,584,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.04.18 12:33:26 | 017,984,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.04.18 12:33:26 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.04.18 12:33:26 | 008,138,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.04.18 12:33:26 | 005,981,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.04.18 12:33:26 | 002,881,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.04.18 12:33:26 | 002,681,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.04.18 12:33:26 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.04.18 12:33:26 | 002,444,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.04.15 15:36:16 | 000,000,000 | ---D | C] -- C:\Fraps
[2012.04.15 15:31:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012.04.15 15:12:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Fraps
[2012.04.14 21:14:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Zattoo
[2012.04.14 21:14:39 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.14 21:12:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012.04.14 21:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012.04.14 21:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4
[2012.04.13 10:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Domination
[2012.04.13 10:43:20 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2012.04.13 10:43:19 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2012.04.13 10:43:19 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2012.04.13 10:43:19 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2012.04.13 10:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2012.04.13 10:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hpmonitor
[2012.04.13 10:40:52 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012.04.13 10:40:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\systweak
[2012.04.13 10:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2YourFace
[2012.04.13 10:40:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Babylon
[2012.04.13 10:40:20 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll
[2012.04.13 10:40:20 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2012.04.13 10:40:20 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2012.04.13 10:40:20 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2012.04.13 10:40:20 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2012.04.13 10:40:20 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2012.04.13 10:40:20 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2012.04.13 10:40:20 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2012.04.13 10:40:20 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2012.04.13 10:40:20 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2012.04.13 10:40:20 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2012.04.13 10:40:20 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2012.04.13 10:40:20 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2012.04.13 10:40:20 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2012.04.13 10:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2012.04.13 10:40:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Babylon
[2012.04.13 10:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.04.13 10:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2012.04.13 10:01:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Masters of Hardcore
[2012.04.13 09:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
[2012.04.13 09:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\audiograbber
[2012.04.13 09:56:50 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2012.04.13 09:35:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\DDMSettings
[2012.04.13 09:34:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DivX
[2012.04.13 09:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.04.13 09:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.04.13 09:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012.04.13 09:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012.04.13 09:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012.04.13 09:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.04.13 09:25:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Apple Computer
[2012.04.13 09:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.04.13 09:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.04.13 09:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.04.13 09:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.04.13 09:19:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Apple
[2012.04.13 09:19:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.04.13 09:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.04.13 09:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012.04.13 09:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2012.04.11 13:06:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Publish Providers
[2012.04.11 13:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012.04.11 13:04:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.04.11 13:04:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Sony
[2012.04.11 13:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.04.11 13:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012.04.11 13:04:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Sony
[2012.04.11 12:59:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Foxit Software
[2012.04.11 10:06:21 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.11 10:06:20 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.11 10:06:20 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.11 10:06:07 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.11 10:06:07 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.11 10:06:06 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.11 09:51:51 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.04.11 09:51:50 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.04.11 09:51:50 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.04.11 09:51:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.04.11 09:51:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.11 09:51:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.04.11 09:51:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.11 09:51:50 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.11 09:51:50 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.11 09:51:50 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.11 09:51:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.11 09:51:50 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.04.11 09:51:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.04.11 09:51:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.04.11 09:51:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.04.07 19:39:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\gctmp
[2012.04.07 19:39:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Xenocode
[2012.04.07 19:39:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Cam V2
[2012.04.07 19:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Cam V2
[2012.04.06 20:15:10 | 000,038,632 | ---- | C] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys
[2012.04.06 14:36:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\PhotoFiltre7
[2012.04.05 04:44:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\riotsGamesLogs
[2012.04.05 04:43:49 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\LolClient
[2012.04.05 03:55:40 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012.04.05 03:55:40 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012.04.05 03:55:37 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012.04.05 03:53:02 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012.04.05 03:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012.04.05 02:46:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\LeagueOfLegends
[2012.04.05 02:46:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\PMB Files
[2012.04.05 02:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.04.05 02:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.04.04 16:06:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012.04.04 15:55:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Thunderbird
[2012.04.04 15:55:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Thunderbird
[2012.04.04 15:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.04.03 15:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1
[2012.04.03 15:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012.04.03 08:25:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\My Games
[2012.04.03 08:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012.04.03 08:23:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\terraria
[2012.03.31 12:45:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\enchant
[2012.03.31 12:39:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AbiSuite
[2012.03.31 12:39:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2012.03.31 12:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2012.03.31 12:38:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AbiWord
[2012.03.30 23:17:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\WinRAR
[2012.03.30 23:17:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.03.30 23:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.03.30 23:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.03.30 15:21:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Chip text pack
[2012.03.29 18:47:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Blümchen
[2012.03.29 18:40:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Schweinchen
[2012.03.29 18:39:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Bett
[2012.03.29 11:54:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Chromium
[2012.03.29 11:54:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\BrawlBusters
[2012.03.29 11:13:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.03.24 23:16:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\mc server
[2012.03.24 23:15:27 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.03.24 23:15:27 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.24 23:15:27 | 000,264,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.03.24 23:15:27 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.03.24 23:15:27 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.03.24 23:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.03.24 23:13:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\NVIDIA
[2012.03.24 23:12:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\.minecraft
[2012.03.24 19:18:24 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.03.24 19:18:24 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.23 07:37:59 | 000,002,981 | ---- | M] () -- C:\Users\Daniel\Desktop\HiJackThis.lnk
[2012.04.23 07:30:32 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.23 07:30:32 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.23 07:29:16 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.23 07:29:16 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.23 07:29:16 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.23 07:29:16 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.23 07:29:16 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.23 07:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.23 07:23:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.23 07:23:13 | 536,174,591 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.23 01:12:22 | 000,000,563 | ---- | M] () -- C:\Users\Daniel\Documents\- Top.vmf
[2012.04.22 19:07:32 | 000,050,486 | ---- | M] () -- C:\Users\Daniel\Desktop\Box.jpg
[2012.04.22 19:07:15 | 000,070,126 | ---- | M] () -- C:\Users\Daniel\Desktop\Vorlagen Box.pfi
[2012.04.22 13:05:21 | 095,913,577 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.04.21 20:07:56 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.21 17:35:15 | 000,337,449 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.04.20 15:20:16 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.19 19:16:34 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2012.04.19 12:22:37 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.04.19 12:22:37 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.19 12:19:02 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.04.17 17:12:17 | 000,017,408 | ---- | M] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2012.04.17 13:25:29 | 1246,378,496 | ---- | M] () -- C:\Users\Daniel\Documents\Intro.avi
[2012.04.17 13:25:29 | 000,000,030 | ---- | M] () -- C:\Users\Daniel\Documents\Intro.avi.sfl
[2012.04.15 15:31:40 | 000,000,615 | ---- | M] () -- C:\Users\Daniel\Desktop\Fraps.lnk
[2012.04.14 21:14:39 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.14 21:14:39 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.14 21:12:17 | 000,001,872 | ---- | M] () -- C:\Users\Daniel\Desktop\Zattoo.lnk
[2012.04.13 10:44:38 | 003,150,896 | ---- | M] () -- C:\Users\Daniel\Documents\Surf1.avi.AVI
[2012.04.13 10:40:28 | 000,000,059 | ---- | M] () -- C:\user.js
[2012.04.13 10:31:36 | 3751,387,648 | ---- | M] () -- C:\Users\Daniel\Documents\Surf1.avi
[2012.04.13 10:31:36 | 000,000,030 | ---- | M] () -- C:\Users\Daniel\Documents\Surf1.avi.sfl
[2012.04.13 10:22:06 | 088,264,800 | ---- | M] () -- C:\Users\Daniel\Documents\Ohne Titel.mxf
[2012.04.13 10:22:06 | 000,000,076 | ---- | M] () -- C:\Users\Daniel\Documents\Ohne Titel.mxf.sfl
[2012.04.13 10:06:21 | 000,000,034 | ---- | M] () -- C:\Windows\cdplayer.ini
[2012.04.13 09:57:00 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber 1.83.lnk
[2012.04.07 19:39:05 | 000,001,037 | ---- | M] () -- C:\Users\Daniel\Desktop\Game Cam V2.lnk
[2012.04.06 20:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys
[2012.04.06 18:08:39 | 000,013,688 | ---- | M] () -- C:\Users\Daniel\Desktop\himmel.jpg
[2012.04.06 15:00:10 | 000,285,811 | ---- | M] () -- C:\Users\Daniel\Desktop\MOH-Skull-edit-yellow.jpg
[2012.04.06 14:51:17 | 000,275,024 | ---- | M] () -- C:\Users\Daniel\Desktop\MOH-Skull-edit-red.jpg
[2012.04.06 14:37:45 | 000,069,637 | ---- | M] () -- C:\Users\Daniel\Desktop\MOH-Skull.jpg
[2012.04.06 13:26:19 | 000,137,233 | ---- | M] () -- C:\Users\Daniel\Desktop\419269_247434545335948_191175524295184_575649_1482311373_n.jpg
[2012.04.05 03:55:43 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.04.04 19:41:23 | 000,623,705 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.04 15:55:33 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.04.03 20:22:18 | 000,173,785 | ---- | M] () -- C:\Users\Daniel\Desktop\MCMap.rar
[2012.04.03 19:18:00 | 025,720,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.04.03 19:18:00 | 025,246,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.04.03 19:18:00 | 019,584,320 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.04.03 19:18:00 | 017,984,320 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.04.03 19:18:00 | 017,551,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.04.03 19:18:00 | 015,279,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.04.03 19:18:00 | 010,102,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.04.03 19:18:00 | 008,138,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.04.03 19:18:00 | 008,029,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.04.03 19:18:00 | 005,981,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.04.03 19:18:00 | 002,881,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.04.03 19:18:00 | 002,740,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.04.03 19:18:00 | 002,681,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.04.03 19:18:00 | 002,524,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.04.03 19:18:00 | 002,444,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.04.03 19:18:00 | 002,367,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.04.03 19:18:00 | 001,738,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.04.03 19:18:00 | 001,466,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012.04.03 19:18:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.04.03 19:18:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.04.03 19:18:00 | 000,014,252 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.04.03 15:52:00 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012.04.03 15:19:14 | 000,118,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.04.03 15:19:13 | 002,561,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.04.03 15:19:12 | 000,063,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.04.03 15:19:00 | 003,149,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.04.03 15:15:00 | 006,122,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.04.03 07:16:04 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.29 18:48:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.03.29 18:38:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.03.29 11:13:56 | 000,000,222 | ---- | M] () -- C:\Users\Daniel\Desktop\Brawl Busters.url
[2012.03.24 23:57:43 | 000,173,307 | ---- | M] () -- C:\Users\Daniel\Desktop\mc items.png
[2012.03.24 23:15:18 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.03.24 23:15:18 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.24 23:15:18 | 000,264,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.03.24 23:15:18 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.03.24 23:15:18 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.23 07:37:59 | 000,002,981 | ---- | C] () -- C:\Users\Daniel\Desktop\HiJackThis.lnk
[2012.04.23 01:12:22 | 000,000,563 | ---- | C] () -- C:\Users\Daniel\Documents\- Top.vmf
[2012.04.22 19:07:13 | 000,070,126 | ---- | C] () -- C:\Users\Daniel\Desktop\Vorlagen Box.pfi
[2012.04.22 18:54:20 | 000,050,486 | ---- | C] () -- C:\Users\Daniel\Desktop\Box.jpg
[2012.04.20 15:20:16 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.19 19:16:34 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2012.04.17 13:25:29 | 000,000,030 | ---- | C] () -- C:\Users\Daniel\Documents\Intro.avi.sfl
[2012.04.17 13:18:16 | 1246,378,496 | ---- | C] () -- C:\Users\Daniel\Documents\Intro.avi
[2012.04.14 21:14:51 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2012.04.14 21:14:40 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.14 21:12:17 | 000,001,872 | ---- | C] () -- C:\Users\Daniel\Desktop\Zattoo.lnk
[2012.04.13 10:43:59 | 003,150,896 | ---- | C] () -- C:\Users\Daniel\Documents\Surf1.avi.AVI
[2012.04.13 10:43:19 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.04.13 10:40:28 | 000,000,059 | ---- | C] () -- C:\user.js
[2012.04.13 10:40:20 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2012.04.13 10:40:20 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2012.04.13 10:40:20 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2012.04.13 10:40:20 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2012.04.13 10:40:20 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.04.13 10:40:20 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2012.04.13 10:40:20 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2012.04.13 10:40:20 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2012.04.13 10:40:20 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2012.04.13 10:40:20 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2012.04.13 10:31:36 | 000,000,030 | ---- | C] () -- C:\Users\Daniel\Documents\Surf1.avi.sfl
[2012.04.13 10:28:55 | 3751,387,648 | ---- | C] () -- C:\Users\Daniel\Documents\Surf1.avi
[2012.04.13 10:22:06 | 000,000,076 | ---- | C] () -- C:\Users\Daniel\Documents\Ohne Titel.mxf.sfl
[2012.04.13 10:16:55 | 088,264,800 | ---- | C] () -- C:\Users\Daniel\Documents\Ohne Titel.mxf
[2012.04.13 10:06:21 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.04.13 09:57:00 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber 1.83.lnk
[2012.04.13 09:48:30 | 000,000,615 | ---- | C] () -- C:\Users\Daniel\Desktop\Fraps.lnk
[2012.04.13 09:19:36 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.04.13 09:19:14 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2012.04.13 09:19:14 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.04.13 09:19:14 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2012.04.13 09:19:14 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.04.13 09:19:14 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2012.04.13 09:19:14 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012.04.07 19:39:05 | 000,001,037 | ---- | C] () -- C:\Users\Daniel\Desktop\Game Cam V2.lnk
[2012.04.06 18:08:38 | 000,013,688 | ---- | C] () -- C:\Users\Daniel\Desktop\himmel.jpg
[2012.04.06 15:00:07 | 000,285,811 | ---- | C] () -- C:\Users\Daniel\Desktop\MOH-Skull-edit-yellow.jpg
[2012.04.06 14:51:12 | 000,275,024 | ---- | C] () -- C:\Users\Daniel\Desktop\MOH-Skull-edit-red.jpg
[2012.04.06 14:37:44 | 000,069,637 | ---- | C] () -- C:\Users\Daniel\Desktop\MOH-Skull.jpg
[2012.04.06 13:26:18 | 000,137,233 | ---- | C] () -- C:\Users\Daniel\Desktop\419269_247434545335948_191175524295184_575649_1482311373_n.jpg
[2012.04.05 03:55:43 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.04.04 15:55:33 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.04.04 15:55:33 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.04.03 20:21:44 | 000,173,785 | ---- | C] () -- C:\Users\Daniel\Desktop\MCMap.rar
[2012.04.03 15:52:00 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012.04.03 07:16:04 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.29 18:48:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.03.29 18:38:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.03.29 11:13:56 | 000,000,222 | ---- | C] () -- C:\Users\Daniel\Desktop\Brawl Busters.url
[2012.03.24 23:57:42 | 000,173,307 | ---- | C] () -- C:\Users\Daniel\Desktop\mc items.png
[2012.03.13 08:41:28 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.13 08:41:26 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.12 12:27:51 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012.03.12 12:27:51 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll
[2012.03.12 12:27:51 | 000,000,309 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2012.03.12 12:27:28 | 000,003,518 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2012.03.12 12:27:28 | 000,000,613 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2012.03.12 12:27:27 | 000,002,754 | ---- | C] () -- C:\Windows\cmudax3.ini

< End of report >

Schonmal vielen dank für die Hilfe.

kira · 23.04.2012, 08:00

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Frage dich, wieso hast Du nicht schon dein System aufgrüstet?!:

Code:

ATTFilter

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)

Service Pack 1 (SP1):-> umfasst die neuesten Aktualisierungen, wie z.B wichtige Sicherheits-, Stabilitäts- und Leistungsverbesserungen.
Allerdings in diesem Zustand (der Rechner aktuell durch Malware befallen ist), der alten Version eine Aufrüstung auf die nächste NICHT erfolgen darf, sonst schadet es mehr als es nutzt! Soll nun die Festplatte erst bereinigt werden, also absolut malwarefrei sein!
Nur am Ende der Reinigung der aktuelle Version installieren! - ich werde Dir Bescheid sagen wann!

1.
Unerwünschte "Gratishelfer" deinstallieren/entfernen (entweder weil unnötig oder schädlichen Funktionen verfügen bzw verweisen auf Adware ähnliches Verhalten):

Code:

ATTFilter

Babylon toolbar <-Adware -Toolbar
Bing Bar <- unnötig, meistens aus Unwissenheit oder Ignoranz wird mitinstalliert

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während der Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

Zitat:

Ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
-> Im Browser: die aktuelle Webseite als Startseite von dir festgelegt worden?
-> unter Extras ⇒ Erweiterungen ungewollte AddOns/PlugIns, Toolbars eingetragen sind?
-> In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!

Im Intenet Explorer:
-> Startseite einrichten
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Verwalten von Add-Ons in Internet Explorer 9
Im Mozilla Firefox:
Startseite festlegen
Erste Schritte mit Firefox

2.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:

Code:

ATTFilter

Malwarebytes
(alle vorhandenen Protokolle!)

3.
Hast Du absichtlich die IP so als Proxy eingestellt?

Code:

ATTFilter

FF - prefs.js..network.proxy.http: "206.208.183.97"
FF - prefs.js..network.proxy.http_port: 80

Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus

im Firefox:
Extras => Einstellungen => Erweitert => Netzwerk => Einstellungen.
Dort unter Verbindungs-Einstellungen => Kein Proxy anhaken.

4.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript (also - nach dem "Code", alles was in der Codebox steht -
):

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=110021&tt=290312_bexdll&babsrc=HP_ss&mntrId=48d5315d000000000000001bfc4f1889
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110021&tt=290312_bexdll&babsrc=SP_ss&mntrId=48d5315d000000000000001bfc4f1889
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

5.
MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.

6.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

7.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

NichtBot · 23.04.2012, 09:57

Vielen Dank für die fixe Antwort!

Hatte Windows auf "automatisch Updates installieren" eingestellt... schein ich wohl mal geändert zu haben

Daher ist SP1 noch nicht drauf, folgt aber auf dein Kommando.

zu 1. Sind nun entfernt (Muss ich vorher übersehen haben)

zu 2. Hänge ich als verpackt hinten an (in dem vom 20/21/23.04 sind 4 IP-Blocks outgoing zu sehen)

zu 3. Hab die Tage dauerhaft Forbidden 403 Fehler bekommen (egal auf welche Website ich wollte) Hat danach die Einstellungen nur auf "Kein Proxy" eingestellt, aber die Einträge noch nicht gelöscht => ist jetzt geschehen.

zu 4.

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Daniel\Downloads\cmd.bat deleted successfully.
C:\Users\Daniel\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Daniel
->Temp folder emptied: 143104055 bytes
->Temporary Internet Files folder emptied: 92706399 bytes
->Java cache emptied: 245634 bytes
->FireFox cache emptied: 60512796 bytes
->Flash cache emptied: 24549 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 142052594 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
RecycleBin emptied: 5592930085 bytes
 
Total Files Cleaned = 5.752,00 mb
 
 
OTL by OldTimer - Version 3.2.41.0 log created on 04232012_101356

Files\Folders moved on Reboot...
C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

zu 5.

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-23 10:45:09
-----------------------------
10:45:09.694    OS Version: Windows x64 6.1.7600 
10:45:09.694    Number of processors: 4 586 0x170A
10:45:09.695    ComputerName: DANIEL-PC  UserName: Daniel
10:45:10.163    Initialize success
10:45:13.237    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:45:13.239    Disk 0 Vendor: WDC_WD1500HLFS-01G6U0 04.04V01 Size: 143089MB BusType: 3
10:45:13.241    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
10:45:13.243    Disk 1 Vendor: WDC_WD2000JS-98MHB0 02.01C03 Size: 190782MB BusType: 3
10:45:13.249    Disk 0 MBR read successfully
10:45:13.252    Disk 0 MBR scan
10:45:13.254    Disk 0 Windows 7 default MBR code
10:45:13.263    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       143087 MB offset 2048
10:45:13.278    Disk 0 scanning C:\Windows\system32\drivers
10:45:16.176    Service scanning
10:45:24.047    Modules scanning
10:45:24.054    Disk 0 trace - called modules:
10:45:24.068    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
10:45:24.072    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800628a060]
10:45:24.078    3 CLASSPNP.SYS[fffff8800190c43f] -> nt!IofCallDriver -> [0xfffffa8006011520]
10:45:24.082    5 ACPI.sys[fffff88000f61781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006001060]
10:45:24.086    Scan finished successfully
10:45:38.488    Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
10:45:38.493    The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR log.txt"

zu 6.

Code:

ATTFilter

AbiWord 2.8.6	AbiSource Developers	30.03.2012		2.8.6
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	13.04.2012	6,00MB	11.2.202.233
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	09.03.2012	6,00MB	11.1.102.63
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	03.04.2012		11.6.4.634
Anno 1701	Sunflowers	06.03.2012		1.00
Apple Application Support	Apple Inc.	12.04.2012	61,2MB	2.1.5
Apple Software Update	Apple Inc.	12.04.2012	2,38MB	2.1.3.127
Audiograbber 1.83 SE	Audiograbber Deutschland	13.04.2012		1.83 SE
AVG 2012	AVG Technologies	12.03.2012		2012.0.1913
Battlefield 3™	Electronic Arts	12.03.2012		1.0.0.0
Battlelog Web Plugins	EA Digital Illusions CE AB	27.03.2012		1.118.0
Brawl Busters		28.03.2012		
CCleaner	Piriform	22.04.2012		3.17
CyberGhost VPN	CyberGhost S.R.L.	18.04.2012	59,6MB	
DivX-Setup	DivX, LLC	12.04.2012		2.6.1.8
ESN Sonar	ESN Social Software AB	12.03.2012		0.70.4
Foxit Reader 5.1	Foxit Corporation	02.04.2012	30,8MB	5.1.4.104
Fraps (remove only)		14.04.2012		
Game Cam 2.6.1.0	Game Cam Portal, Inc.	06.04.2012		2.6.1.0
GCFScape 1.8.2	Ryan Gregg	22.04.2012	1,18MB	
HiJackThis	Trend Micro	22.04.2012	0,36MB	1.0.0
Java(TM) 6 Update 31	Oracle	12.03.2012	95,1MB	6.0.310
Java(TM) 7 Update 3	Oracle	12.03.2012	97,5MB	7.0.30
Java(TM) 7 Update 3 (64-bit)	Oracle	23.03.2012	93,7MB	7.0.30
JavaFX 2.0.3	Oracle Corporation	12.03.2012	18,3MB	2.0.3
League of Legends	Riot Games	04.04.2012		1.02.0000
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	19.04.2012	18,0MB	1.61.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	09.03.2012	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	09.03.2012	2,94MB	4.0.30319
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	30.03.2012	1,42MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	12.03.2012	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	12.03.2012	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	06.03.2012	13,8MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	06.03.2012	11,1MB	10.0.40219
Microsoft XNA Framework Redistributable 4.0	Microsoft Corporation	02.04.2012	8,03MB	4.0.20823.0
Mozilla Firefox 11.0 (x86 de)	Mozilla	20.04.2012	35,8MB	11.0
Mozilla Thunderbird 11.0.1 (x86 de)	Mozilla	03.04.2012	37,5MB	11.0.1
Need for Speed Underground 2		06.03.2012		
NVIDIA 3D Vision Controller-Treiber 301.24	NVIDIA Corporation	17.04.2012		301.24
NVIDIA 3D Vision Treiber 301.24	NVIDIA Corporation	17.04.2012		301.24
NVIDIA Grafiktreiber 301.24	NVIDIA Corporation	17.04.2012		301.24
NVIDIA PhysX-Systemsoftware 9.12.0213	NVIDIA Corporation	23.03.2012		9.12.0213
NVIDIA Update 1.8.12	NVIDIA Corporation	17.04.2012		1.8.12
OpenAL		11.03.2012		
Origin	Electronic Arts, Inc.	11.03.2012		8.5.0.4554
Pando Media Booster	Pando Networks Inc.	04.04.2012	5,47MB	2.6.0.7
PokerStars	PokerStars	12.03.2012		
PunkBuster Services	Even Balance, Inc.	12.03.2012		0.991
QuickTime	Apple Inc.	12.04.2012	73,3MB	7.71.80.42
Source SDK	Valve	22.04.2012		
Steam	Valve Corporation	07.03.2012	35,5MB	1.0.0.0
Theatron Agrippa		11.03.2012		
Vegas Pro 11.0	Sony	10.04.2012	424MB	11.0.594
Visual Studio 2008 x64 Redistributables	AVG Technologies	12.03.2012	11,8MB	10.0.0.2
WinRAR 4.11 (64-Bit)	win.rar GmbH	29.03.2012		4.11.0
WinZip 16.0	WinZip Computing, S.L. 	22.04.2012	71,5MB	16.0.9715
Xvid Video Codec	Xvid Team	12.04.2012		1.3.2
Zattoo4 4.0.5	Zattoo Inc.	13.04.2012		4.0.5

zu 7.

Code:

ATTFilter

OTL Extras logfile created on: 23.04.2012 10:50:53 - Run 2
OTL by OldTimer - Version 3.2.41.0     Folder = C:\Users\Daniel\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,37 Gb Available Physical Memory | 72,79% Memory free
12,00 Gb Paging File | 9,88 Gb Available in Paging File | 82,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,73 Gb Total Space | 47,96 Gb Free Space | 34,33% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 54,88 Gb Free Space | 93,66% Space Free | Partition Type: NTFS
Drive E: | 127,71 Gb Total Space | 107,43 Gb Free Space | 84,12% Space Free | Partition Type: NTFS
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{E51A1789-9C20-43FC-AF13-C7AC29FAF111}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"C-Media PCI Audio Driver" = Theatron Agrippa
"CyberGhost VPN_is1" = CyberGhost VPN
"GCFScape_is1" = GCFScape 1.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0FF3D021-5ED4-11E1-8FD8-F04DA23A5C58}" = Vegas Pro 11.0
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AbiWord2" = AbiWord 2.8.6
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audiograbber" = Audiograbber 1.83 SE 
"Battlelog Web Plugins" = Battlelog Web Plugins
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Foxit Reader_is1" = Foxit Reader 5.1
"Fraps" = Fraps (remove only)
"Game Cam" = Game Cam 2.6.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"Steam App 109410" = Brawl Busters
"Steam App 211" = Source SDK
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.04.2012 18:43:43 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
 0x4f330b4d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0031e892  ID des fehlerhaften Prozesses:
 0xfcc  Startzeit der fehlerhaften Anwendung: 0x01cd11e7cc3b1d17  Pfad der fehlerhaften
 Anwendung: c:\program files (x86)\steam\steamapps\evilsnightmare\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\evilsnightmare\counter-strike
 source\cstrike\bin\client.dll  Berichtskennung: 76913e2e-7dde-11e1-879d-001bfc4f1889
 
Error - 03.04.2012 21:46:58 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f28cccc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6646f1c9
ID
 des fehlerhaften Prozesses: 0x1600  Startzeit der fehlerhaften Anwendung: 0x01cd1203c50e91a8
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\evilsnightmare\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 10180f02-7df8-11e1-879d-001bfc4f1889
 
Error - 03.04.2012 22:09:28 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f28cccc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7019f1c9
ID
 des fehlerhaften Prozesses: 0x14f8  Startzeit der fehlerhaften Anwendung: 0x01cd1204dbdf49d3
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\evilsnightmare\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 3513d135-7dfb-11e1-879d-001bfc4f1889
 
Error - 04.04.2012 10:18:56 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 11.0.0.4454,
 Zeitstempel: 0x4f5ecbd4  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x12f4  Startzeit der fehlerhaften Anwendung: 0x01cd126c30633072  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 1c9e5076-7e61-11e1-8be5-001bfc4f1889
 
Error - 06.04.2012 19:56:05 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f28cccc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x71b9f1c9
ID
 des fehlerhaften Prozesses: 0x11f0  Startzeit der fehlerhaften Anwendung: 0x01cd144e43d7d122
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\evilsnightmare\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 11c49e8d-8044-11e1-b5f3-001bfc4f1889
 
Error - 09.04.2012 06:30:46 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f28cccc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6dcbf1c9
ID
 des fehlerhaften Prozesses: 0x1384  Startzeit der fehlerhaften Anwendung: 0x01cd16389430c4a2
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\evilsnightmare\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 110e85a9-822f-11e1-a3a7-001bfc4f1889
 
Error - 09.04.2012 13:13:27 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Foxit Reader.exe, Version: 5.1.4.104,
 Zeitstempel: 0x4f03f742  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6d657449  ID des fehlerhaften
 Prozesses: 0x1324  Startzeit der fehlerhaften Anwendung: 0x01cd1674123e7b6b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit
 Reader.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung: 51a96e4d-8267-11e1-b1c7-001bfc4f1889
 
Error - 09.04.2012 13:13:27 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 11.0.0.4454,
 Zeitstempel: 0x4f5ecbd4  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 2.1.1.720,
 Zeitstempel: 0x4e607dd8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000052bd  ID des fehlerhaften
 Prozesses: 0x143c  Startzeit der fehlerhaften Anwendung: 0x01cd1673ddedaff0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 521ddcb1-8267-11e1-b1c7-001bfc4f1889
 
Error - 09.04.2012 13:13:28 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Foxit Reader.exe, Version: 5.1.4.104,
 Zeitstempel: 0x4f03f742  Name des fehlerhaften Moduls: facebook_plugin.fpi_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4ed5d143  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x06bf2978  ID des fehlerhaften Prozesses: 0x1324  Startzeit der fehlerhaften Anwendung:
 0x01cd1674123e7b6b  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Foxit
 Software\Foxit Reader\Foxit Reader.exe  Pfad des fehlerhaften Moduls: facebook_plugin.fpi
Berichtskennung:
 523fbd10-8267-11e1-b1c7-001bfc4f1889
 
Error - 14.04.2012 11:51:49 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f28cccc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6c1cf1c9
ID
 des fehlerhaften Prozesses: 0x6a0  Startzeit der fehlerhaften Anwendung: 0x01cd1a534a69ebe1
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\evilsnightmare\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 be4617d5-8649-11e1-a618-001bfc4f1889
 
[ System Events ]
Error - 14.04.2012 13:37:29 | Computer Name = Daniel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?04.?2012 um 18:24:18 unerwartet heruntergefahren.
 
Error - 14.04.2012 15:38:37 | Computer Name = Daniel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?04.?2012 um 21:19:46 unerwartet heruntergefahren.
 
Error - 18.04.2012 12:15:22 | Computer Name = Daniel-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 19.04.2012 12:57:17 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Hotspot Shield Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 19.04.2012 13:14:51 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Routing Service" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
Error - 19.04.2012 13:14:53 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 20.04.2012 12:20:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 20.04.2012 12:20:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.04.2012 12:25:46 | Computer Name = Daniel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?04.?2012 um 18:23:42 unerwartet heruntergefahren.
 
Error - 23.04.2012 04:13:57 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
 
< End of report >

Code:

ATTFilter

OTL logfile created on: 23.04.2012 10:50:53 - Run 2
OTL by OldTimer - Version 3.2.41.0     Folder = C:\Users\Daniel\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,37 Gb Available Physical Memory | 72,79% Memory free
12,00 Gb Paging File | 9,88 Gb Available in Paging File | 82,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,73 Gb Total Space | 47,96 Gb Free Space | 34,33% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 54,88 Gb Free Space | 93,66% Space Free | Partition Type: NTFS
Drive E: | 127,71 Gb Total Space | 107,43 Gb Free Space | 84,12% Space Free | Partition Type: NTFS
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.23 07:36:43 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Downloads\OTL.exe
PRC - [2012.04.20 18:20:25 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.03 19:18:00 | 001,262,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.04.03 07:15:44 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.03.13 14:36:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.13 06:36:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.03.08 14:01:44 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012.01.24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.08.02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2008.07.11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.20 18:20:25 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.04.20 18:20:25 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.04.20 18:20:25 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012.04.20 18:20:25 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.04.20 18:20:25 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.04.14 21:14:39 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012.04.03 07:15:22 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012.03.13 06:36:53 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2008.07.11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.20 18:20:25 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.14 21:14:39 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.03 19:18:00 | 001,262,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.04.03 07:15:44 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.03.13 14:36:17 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.07.05 11:28:46 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.12.21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.06 20:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.08 13:20:01 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.03.08 13:20:01 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011.09.13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.08.08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.07.11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.07.11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.07.11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.07.11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.08.24 17:40:00 | 001,029,120 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)
DRV:64bit: - [2010.02.25 17:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 15 5A 01 EB 12 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=110021&tt=290312_bexdll&babsrc=adbartrp&mntrId=48d5315d000000000000001bfc4f1889&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.03.13 08:28:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.13 09:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.21 20:07:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 09:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.13 09:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.13 09:34:41 | 000,000,000 | ---D | M]
 
[2012.03.08 13:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2012.04.13 11:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ip2mbkpe.default\extensions
[2012.04.21 20:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IP2MBKPE.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.13 10:40:24 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8768GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8768GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD132A5-85E2-437E-85CA-52D1F2AE10F3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.23 10:45:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe
[2012.04.23 10:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.04.23 10:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.04.23 10:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.04.23 10:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.04.23 10:13:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.23 09:58:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.04.23 07:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.04.23 07:37:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.04.23 01:22:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\xdream
[2012.04.23 01:22:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Neues Verzeichnis
[2012.04.23 01:18:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Nem's Tools
[2012.04.23 01:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nem's Tools
[2012.04.23 01:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Nem's Tools
[2012.04.20 15:20:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2012.04.20 15:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.20 15:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.20 15:20:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.20 15:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.19 19:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN
[2012.04.19 19:16:32 | 000,029,696 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012.04.19 19:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN
[2012.04.19 11:05:37 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Diagnostics
[2012.04.18 12:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.04.18 12:33:26 | 025,720,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.04.18 12:33:26 | 025,246,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.04.18 12:33:26 | 019,584,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.04.18 12:33:26 | 017,984,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.04.18 12:33:26 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.04.18 12:33:26 | 008,138,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.04.18 12:33:26 | 005,981,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.04.18 12:33:26 | 002,881,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.04.18 12:33:26 | 002,681,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.04.18 12:33:26 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.04.18 12:33:26 | 002,444,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.04.15 15:36:16 | 000,000,000 | ---D | C] -- C:\Fraps
[2012.04.15 15:31:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012.04.15 15:12:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Fraps
[2012.04.14 21:14:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Zattoo
[2012.04.14 21:14:39 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.14 21:12:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012.04.14 21:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012.04.14 21:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4
[2012.04.13 10:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Domination
[2012.04.13 10:43:20 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2012.04.13 10:43:19 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2012.04.13 10:43:19 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2012.04.13 10:43:19 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2012.04.13 10:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2012.04.13 10:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hpmonitor
[2012.04.13 10:40:52 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012.04.13 10:40:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\systweak
[2012.04.13 10:40:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Babylon
[2012.04.13 10:40:20 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll
[2012.04.13 10:40:20 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2012.04.13 10:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2012.04.13 10:01:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Masters of Hardcore
[2012.04.13 09:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
[2012.04.13 09:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\audiograbber
[2012.04.13 09:56:50 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2012.04.13 09:35:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\DDMSettings
[2012.04.13 09:34:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DivX
[2012.04.13 09:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.04.13 09:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.04.13 09:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012.04.13 09:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012.04.13 09:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012.04.13 09:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.04.13 09:25:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Apple Computer
[2012.04.13 09:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.04.13 09:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.04.13 09:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.04.13 09:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.04.13 09:19:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Apple
[2012.04.13 09:19:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.04.13 09:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.04.13 09:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012.04.13 09:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2012.04.11 13:06:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Publish Providers
[2012.04.11 13:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012.04.11 13:04:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.04.11 13:04:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Sony
[2012.04.11 13:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.04.11 13:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012.04.11 13:04:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Sony
[2012.04.11 12:59:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Foxit Software
[2012.04.11 10:06:21 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.11 10:06:20 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.11 10:06:20 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.11 10:06:07 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.11 10:06:07 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.11 10:06:06 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.11 09:51:51 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.04.11 09:51:50 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.04.11 09:51:50 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.04.11 09:51:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.04.11 09:51:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.11 09:51:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.04.11 09:51:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.11 09:51:50 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.11 09:51:50 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.11 09:51:50 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.11 09:51:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.11 09:51:50 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.04.11 09:51:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.04.11 09:51:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.04.11 09:51:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.04.07 19:39:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\gctmp
[2012.04.07 19:39:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Xenocode
[2012.04.07 19:39:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Cam V2
[2012.04.07 19:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Cam V2
[2012.04.06 20:15:10 | 000,038,632 | ---- | C] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys
[2012.04.06 14:36:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\PhotoFiltre7
[2012.04.05 04:44:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\riotsGamesLogs
[2012.04.05 04:43:49 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\LolClient
[2012.04.05 03:55:40 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012.04.05 03:55:40 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012.04.05 03:55:37 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012.04.05 03:53:02 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012.04.05 03:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012.04.05 02:46:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\LeagueOfLegends
[2012.04.05 02:46:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\PMB Files
[2012.04.05 02:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.04.05 02:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.04.04 16:06:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012.04.04 15:55:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Thunderbird
[2012.04.04 15:55:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Thunderbird
[2012.04.04 15:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.04.03 15:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1
[2012.04.03 15:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012.04.03 08:25:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\My Games
[2012.04.03 08:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012.04.03 08:23:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\terraria
[2012.03.31 12:45:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\enchant
[2012.03.31 12:39:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AbiSuite
[2012.03.31 12:39:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2012.03.31 12:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2012.03.31 12:38:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AbiWord
[2012.03.30 23:17:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\WinRAR
[2012.03.30 23:17:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.03.30 23:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.03.30 23:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.03.30 15:21:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Chip text pack
[2012.03.29 18:47:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Blümchen
[2012.03.29 18:40:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Schweinchen
[2012.03.29 18:39:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Bett
[2012.03.29 11:54:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Chromium
[2012.03.29 11:54:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\BrawlBusters
[2012.03.29 11:13:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.03.24 23:16:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\mc server
[2012.03.24 23:15:27 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.03.24 23:15:27 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.24 23:15:27 | 000,264,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.03.24 23:15:27 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.03.24 23:15:27 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.03.24 23:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.03.24 23:13:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\NVIDIA
[2012.03.24 23:12:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\.minecraft
[2012.03.24 19:18:24 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.03.24 19:18:24 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.23 10:45:38 | 000,000,512 | ---- | M] () -- C:\Users\Daniel\Desktop\MBR.dat
[2012.04.23 10:45:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe
[2012.04.23 10:41:34 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.23 10:36:51 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.04.23 10:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.23 10:23:34 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.23 10:23:34 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.23 10:20:27 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.23 10:20:27 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.23 10:20:27 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.23 10:20:27 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.23 10:20:27 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.23 10:16:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.23 10:15:56 | 536,174,591 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.23 09:53:30 | 095,956,543 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.04.23 07:37:59 | 000,002,981 | ---- | M] () -- C:\Users\Daniel\Desktop\HiJackThis.lnk
[2012.04.23 01:12:22 | 000,000,563 | ---- | M] () -- C:\Users\Daniel\Documents\- Top.vmf
[2012.04.22 19:07:32 | 000,050,486 | ---- | M] () -- C:\Users\Daniel\Desktop\Box.jpg
[2012.04.22 19:07:15 | 000,070,126 | ---- | M] () -- C:\Users\Daniel\Desktop\Vorlagen Box.pfi
[2012.04.21 20:07:56 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.21 17:35:15 | 000,337,449 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.04.20 15:20:16 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.19 19:16:34 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2012.04.19 12:22:37 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.04.19 12:22:37 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.19 12:19:02 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.04.17 17:12:17 | 000,017,408 | ---- | M] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2012.04.17 13:25:29 | 1246,378,496 | ---- | M] () -- C:\Users\Daniel\Documents\Intro.avi
[2012.04.17 13:25:29 | 000,000,030 | ---- | M] () -- C:\Users\Daniel\Documents\Intro.avi.sfl
[2012.04.15 15:31:40 | 000,000,615 | ---- | M] () -- C:\Users\Daniel\Desktop\Fraps.lnk
[2012.04.14 21:14:39 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.14 21:14:39 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.14 21:12:17 | 000,001,872 | ---- | M] () -- C:\Users\Daniel\Desktop\Zattoo.lnk
[2012.04.13 10:44:38 | 003,150,896 | ---- | M] () -- C:\Users\Daniel\Documents\Surf1.avi.AVI
[2012.04.13 10:40:28 | 000,000,059 | ---- | M] () -- C:\user.js
[2012.04.13 10:31:36 | 3751,387,648 | ---- | M] () -- C:\Users\Daniel\Documents\Surf1.avi
[2012.04.13 10:31:36 | 000,000,030 | ---- | M] () -- C:\Users\Daniel\Documents\Surf1.avi.sfl
[2012.04.13 10:22:06 | 088,264,800 | ---- | M] () -- C:\Users\Daniel\Documents\Ohne Titel.mxf
[2012.04.13 10:22:06 | 000,000,076 | ---- | M] () -- C:\Users\Daniel\Documents\Ohne Titel.mxf.sfl
[2012.04.13 10:06:21 | 000,000,034 | ---- | M] () -- C:\Windows\cdplayer.ini
[2012.04.13 09:57:00 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber 1.83.lnk
[2012.04.07 19:39:05 | 000,001,037 | ---- | M] () -- C:\Users\Daniel\Desktop\Game Cam V2.lnk
[2012.04.06 20:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys
[2012.04.06 18:08:39 | 000,013,688 | ---- | M] () -- C:\Users\Daniel\Desktop\himmel.jpg
[2012.04.06 15:00:10 | 000,285,811 | ---- | M] () -- C:\Users\Daniel\Desktop\MOH-Skull-edit-yellow.jpg
[2012.04.06 14:51:17 | 000,275,024 | ---- | M] () -- C:\Users\Daniel\Desktop\MOH-Skull-edit-red.jpg
[2012.04.06 14:37:45 | 000,069,637 | ---- | M] () -- C:\Users\Daniel\Desktop\MOH-Skull.jpg
[2012.04.06 13:26:19 | 000,137,233 | ---- | M] () -- C:\Users\Daniel\Desktop\419269_247434545335948_191175524295184_575649_1482311373_n.jpg
[2012.04.05 03:55:43 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.04.04 19:41:23 | 000,623,705 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.04 15:55:33 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.04.03 20:22:18 | 000,173,785 | ---- | M] () -- C:\Users\Daniel\Desktop\MCMap.rar
[2012.04.03 19:18:00 | 025,720,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.04.03 19:18:00 | 025,246,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.04.03 19:18:00 | 019,584,320 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.04.03 19:18:00 | 017,984,320 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.04.03 19:18:00 | 017,551,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.04.03 19:18:00 | 015,279,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.04.03 19:18:00 | 010,102,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.04.03 19:18:00 | 008,138,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.04.03 19:18:00 | 008,029,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.04.03 19:18:00 | 005,981,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.04.03 19:18:00 | 002,881,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.04.03 19:18:00 | 002,740,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.04.03 19:18:00 | 002,681,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.04.03 19:18:00 | 002,524,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.04.03 19:18:00 | 002,444,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.04.03 19:18:00 | 002,367,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.04.03 19:18:00 | 001,738,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.04.03 19:18:00 | 001,466,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012.04.03 19:18:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.04.03 19:18:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.04.03 19:18:00 | 000,014,252 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.04.03 15:52:00 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012.04.03 15:19:14 | 000,118,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.04.03 15:19:13 | 002,561,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.04.03 15:19:12 | 000,063,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.04.03 15:19:00 | 003,149,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.04.03 15:15:00 | 006,122,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.04.03 07:16:04 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.29 18:48:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.03.29 18:38:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.03.29 11:13:56 | 000,000,222 | ---- | M] () -- C:\Users\Daniel\Desktop\Brawl Busters.url
[2012.03.24 23:57:43 | 000,173,307 | ---- | M] () -- C:\Users\Daniel\Desktop\mc items.png
[2012.03.24 23:15:18 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.03.24 23:15:18 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.24 23:15:18 | 000,264,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.03.24 23:15:18 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.03.24 23:15:18 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
 
========== Files Created - No Company Name ==========
 
[2012.04.23 10:41:34 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.23 10:38:08 | 000,000,512 | ---- | C] () -- C:\Users\Daniel\Desktop\MBR.dat
[2012.04.23 10:36:51 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.04.23 07:37:59 | 000,002,981 | ---- | C] () -- C:\Users\Daniel\Desktop\HiJackThis.lnk
[2012.04.23 01:12:22 | 000,000,563 | ---- | C] () -- C:\Users\Daniel\Documents\- Top.vmf
[2012.04.22 19:07:13 | 000,070,126 | ---- | C] () -- C:\Users\Daniel\Desktop\Vorlagen Box.pfi
[2012.04.22 18:54:20 | 000,050,486 | ---- | C] () -- C:\Users\Daniel\Desktop\Box.jpg
[2012.04.20 15:20:16 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.19 19:16:34 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2012.04.17 13:25:29 | 000,000,030 | ---- | C] () -- C:\Users\Daniel\Documents\Intro.avi.sfl
[2012.04.17 13:18:16 | 1246,378,496 | ---- | C] () -- C:\Users\Daniel\Documents\Intro.avi
[2012.04.14 21:14:51 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2012.04.14 21:14:40 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.14 21:12:17 | 000,001,872 | ---- | C] () -- C:\Users\Daniel\Desktop\Zattoo.lnk
[2012.04.13 10:43:59 | 003,150,896 | ---- | C] () -- C:\Users\Daniel\Documents\Surf1.avi.AVI
[2012.04.13 10:43:19 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.04.13 10:40:28 | 000,000,059 | ---- | C] () -- C:\user.js
[2012.04.13 10:31:36 | 000,000,030 | ---- | C] () -- C:\Users\Daniel\Documents\Surf1.avi.sfl
[2012.04.13 10:28:55 | 3751,387,648 | ---- | C] () -- C:\Users\Daniel\Documents\Surf1.avi
[2012.04.13 10:22:06 | 000,000,076 | ---- | C] () -- C:\Users\Daniel\Documents\Ohne Titel.mxf.sfl
[2012.04.13 10:16:55 | 088,264,800 | ---- | C] () -- C:\Users\Daniel\Documents\Ohne Titel.mxf
[2012.04.13 10:06:21 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.04.13 09:57:00 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber 1.83.lnk
[2012.04.13 09:48:30 | 000,000,615 | ---- | C] () -- C:\Users\Daniel\Desktop\Fraps.lnk
[2012.04.13 09:19:36 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.04.13 09:19:14 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2012.04.13 09:19:14 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.04.13 09:19:14 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2012.04.13 09:19:14 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.04.13 09:19:14 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2012.04.13 09:19:14 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012.04.07 19:39:05 | 000,001,037 | ---- | C] () -- C:\Users\Daniel\Desktop\Game Cam V2.lnk
[2012.04.06 18:08:38 | 000,013,688 | ---- | C] () -- C:\Users\Daniel\Desktop\himmel.jpg
[2012.04.06 15:00:07 | 000,285,811 | ---- | C] () -- C:\Users\Daniel\Desktop\MOH-Skull-edit-yellow.jpg
[2012.04.06 14:51:12 | 000,275,024 | ---- | C] () -- C:\Users\Daniel\Desktop\MOH-Skull-edit-red.jpg
[2012.04.06 14:37:44 | 000,069,637 | ---- | C] () -- C:\Users\Daniel\Desktop\MOH-Skull.jpg
[2012.04.06 13:26:18 | 000,137,233 | ---- | C] () -- C:\Users\Daniel\Desktop\419269_247434545335948_191175524295184_575649_1482311373_n.jpg
[2012.04.05 03:55:43 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.04.04 15:55:33 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.04.04 15:55:33 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.04.03 20:21:44 | 000,173,785 | ---- | C] () -- C:\Users\Daniel\Desktop\MCMap.rar
[2012.04.03 15:52:00 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012.04.03 07:16:04 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.29 18:48:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.03.29 18:38:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.03.29 11:13:56 | 000,000,222 | ---- | C] () -- C:\Users\Daniel\Desktop\Brawl Busters.url
[2012.03.24 23:57:42 | 000,173,307 | ---- | C] () -- C:\Users\Daniel\Desktop\mc items.png
[2012.03.13 08:41:28 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.13 08:41:26 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.12 12:27:51 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012.03.12 12:27:51 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll
[2012.03.12 12:27:51 | 000,000,309 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2012.03.12 12:27:28 | 000,003,518 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2012.03.12 12:27:28 | 000,000,613 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2012.03.12 12:27:27 | 000,002,754 | ---- | C] () -- C:\Windows\cmudax3.ini
 
========== LOP Check ==========
 
[2012.03.30 19:29:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\.minecraft
[2012.03.13 08:28:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\AVG2012
[2012.03.31 12:45:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\enchant
[2012.04.11 12:59:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Foxit Software
[2012.04.05 04:43:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient
[2012.03.12 13:28:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Origin
[2012.04.11 13:06:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Publish Providers
[2012.04.13 10:16:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Sony
[2012.04.13 11:14:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\systweak
[2012.04.04 15:55:35 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird
[2009.07.14 07:08:49 | 000,022,806 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Hat da jemand studiert oder sich schon so lange mit diesem Thema beschäftigt?

Grüße Daniel

Ps: Die Anleitung scheint Idiotensicher

Pps: Mir fällt grad auf, ich muss noch mehr Babylon-Kram suchen, bin ich nicht ganz los geworden

Code:

ATTFilter

Ppps: ========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=110021&tt=290312_bexdll&babsrc=adbartrp&mntrId=48d5315d000000000000001bfc4f1889&q="

wie werd ich denn den Entry los? =( Hab im Firefox-Ordner nun auch alle Search-Plugins entfernt, und finde nun nichts mehr dazu...

kira · 23.04.2012, 12:45

Systemreinigung und Prüfung:

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=110021&tt=290312_bexdll&babsrc=adbartrp&mntrId=48d5315d000000000000001bfc4f1889&q="
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.13 10:40:24 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found

:Files
C:\Users\Daniel\AppData\Local\Babylon
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
Tipps:
IE 9: Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?
->Verwalten von Add-Ons in Internet Explorer
-> Firefox mit Add-ons anpassen
-> Firefox Add-Ons endgültig löschen | PcBeirat.de

3.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

4.

lade Dir SUPERAntiSpyware FREE Edition herunter.
Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

6.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

7.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

NichtBot · 23.04.2012, 20:03

So, wieder da, und direkt mal angefangen

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.babylon.com/?AF=110021&tt=290312_bexdll&babsrc=adbartrp&mntrId=48d5315d000000000000001bfc4f1889&q=" removed from keyword.URL
File C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
========== FILES ==========
C:\Users\Daniel\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Daniel\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Daniel\AppData\Local\Babylon folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Daniel\Downloads\cmd.bat deleted successfully.
C:\Users\Daniel\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Daniel
->Temp folder emptied: 29789531 bytes
->Temporary Internet Files folder emptied: 64204 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67931525 bytes
->Flash cache emptied: 456 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 750 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 4751707 bytes
 
Total Files Cleaned = 98,00 mb
 
 
OTL by OldTimer - Version 3.2.41.0 log created on 04232012_192007

Files\Folders moved on Reboot...
C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

zu 2.
Nochmal alles durchgearbeitet.

zu 3.
ist geschehen.

zu 4.

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/23/2012 at 08:07 PM

Application Version : 5.0.1146

Core Rules Database Version : 8496
Trace Rules Database Version: 6308

Scan type       : Complete Scan
Total Scan Time : 00:25:15

Operating System Information
Windows 7 Ultimate 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned      : 513
Memory threats detected   : 0
Registry items scanned    : 69806
Registry threats detected : 0
File items scanned        : 52949
File threats detected     : 2

Adware.Tracking Cookie
	.doubleclick.net [ C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IP2MBKPE.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IP2MBKPE.DEFAULT\COOKIES.SQLITE ]

zu 6.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5d71af7ed06def4bb241dfcf1d5c4e39
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-23 06:48:43
# local_time=2012-04-23 08:48:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 45479 45479 0 0
# compatibility_mode=1024 16777215 100 0 3588683 3588683 0 0
# compatibility_mode=5893 16776574 100 94 3588447 87610629 0 0
# compatibility_mode=8192 67108863 100 0 95 95 0 0
# scanned=161927
# found=0
# cleaned=0
# scan_time=1965

zu 7.

Code:

ATTFilter

OTL logfile created on: 23.04.2012 20:51:51 - Run 3
OTL by OldTimer - Version 3.2.41.0     Folder = C:\Users\Daniel\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,12 Gb Available Physical Memory | 68,67% Memory free
12,00 Gb Paging File | 9,99 Gb Available in Paging File | 83,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,73 Gb Total Space | 47,05 Gb Free Space | 33,67% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 54,88 Gb Free Space | 93,66% Space Free | Partition Type: NTFS
Drive E: | 127,71 Gb Total Space | 107,43 Gb Free Space | 84,12% Space Free | Partition Type: NTFS
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.23 07:36:43 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Downloads\OTL.exe
PRC - [2012.04.20 18:20:25 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.03 19:18:00 | 001,262,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.04.03 07:15:44 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.03.13 14:36:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.13 06:36:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.03.08 14:01:44 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012.01.24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.08.02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2008.07.11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.20 18:20:25 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.04.20 18:20:25 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.04.20 18:20:25 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012.04.20 18:20:25 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.04.20 18:20:25 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.04.14 21:14:39 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012.04.03 07:15:22 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012.03.13 06:36:53 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2008.07.11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.20 18:20:25 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.14 21:14:39 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.03 19:18:00 | 001,262,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.04.03 07:15:44 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.03.13 14:36:17 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.08.02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.07.05 11:28:46 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.12.21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.06 20:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.08 13:20:01 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.03.08 13:20:01 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011.09.13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.08.08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.07.11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.07.11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.07.11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.07.11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.08.24 17:40:00 | 001,029,120 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)
DRV:64bit: - [2010.02.25 17:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 15 5A 01 EB 12 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.03.13 08:28:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.13 09:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.21 20:07:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 09:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.13 09:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.13 09:34:41 | 000,000,000 | ---D | M]
 
[2012.03.08 13:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2012.04.13 11:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ip2mbkpe.default\extensions
[2012.04.23 19:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IP2MBKPE.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8768GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8768GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD132A5-85E2-437E-85CA-52D1F2AE10F3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.23 20:14:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.23 19:41:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
[2012.04.23 19:40:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.04.23 19:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.04.23 19:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.04.23 10:45:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe
[2012.04.23 10:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.04.23 10:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.04.23 10:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.04.23 10:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.04.23 10:13:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.23 09:58:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.04.23 07:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.04.23 07:37:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.04.23 01:22:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\xdream
[2012.04.23 01:22:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Neues Verzeichnis
[2012.04.23 01:18:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Nem's Tools
[2012.04.23 01:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nem's Tools
[2012.04.23 01:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Nem's Tools
[2012.04.20 15:20:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2012.04.20 15:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.20 15:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.20 15:20:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.20 15:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.19 19:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN
[2012.04.19 19:16:32 | 000,029,696 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012.04.19 19:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN
[2012.04.19 11:05:37 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Diagnostics
[2012.04.18 12:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.04.18 12:33:26 | 025,720,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.04.18 12:33:26 | 025,246,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.04.18 12:33:26 | 019,584,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.04.18 12:33:26 | 017,984,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.04.18 12:33:26 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.04.18 12:33:26 | 008,138,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.04.18 12:33:26 | 005,981,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.04.18 12:33:26 | 002,881,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.04.18 12:33:26 | 002,681,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.04.18 12:33:26 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.04.18 12:33:26 | 002,444,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.04.15 15:36:16 | 000,000,000 | ---D | C] -- C:\Fraps
[2012.04.15 15:31:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012.04.15 15:12:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Fraps
[2012.04.14 21:14:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Zattoo
[2012.04.14 21:14:39 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.14 21:12:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012.04.14 21:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012.04.14 21:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4
[2012.04.13 10:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Domination
[2012.04.13 10:43:20 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2012.04.13 10:43:19 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2012.04.13 10:43:19 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2012.04.13 10:43:19 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2012.04.13 10:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2012.04.13 10:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hpmonitor
[2012.04.13 10:40:52 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012.04.13 10:40:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\systweak
[2012.04.13 10:40:20 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll
[2012.04.13 10:40:20 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2012.04.13 10:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2012.04.13 10:01:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Masters of Hardcore
[2012.04.13 09:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
[2012.04.13 09:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\audiograbber
[2012.04.13 09:56:50 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2012.04.13 09:35:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\DDMSettings
[2012.04.13 09:34:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DivX
[2012.04.13 09:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.04.13 09:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.04.13 09:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012.04.13 09:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012.04.13 09:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012.04.13 09:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.04.13 09:25:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Apple Computer
[2012.04.13 09:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.04.13 09:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.04.13 09:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.04.13 09:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.04.13 09:19:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Apple
[2012.04.13 09:19:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.04.13 09:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.04.13 09:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012.04.13 09:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2012.04.11 13:06:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Publish Providers
[2012.04.11 13:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012.04.11 13:04:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.04.11 13:04:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Sony
[2012.04.11 13:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.04.11 13:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012.04.11 13:04:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Sony
[2012.04.11 12:59:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Foxit Software
[2012.04.11 10:06:21 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.11 10:06:20 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.11 10:06:20 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.11 10:06:07 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.11 10:06:07 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.11 10:06:06 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.11 09:51:51 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.04.11 09:51:50 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.04.11 09:51:50 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.04.11 09:51:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.04.11 09:51:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.11 09:51:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.04.11 09:51:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.11 09:51:50 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.11 09:51:50 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.11 09:51:50 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.11 09:51:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.11 09:51:50 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.04.11 09:51:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.04.11 09:51:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.04.11 09:51:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.04.07 19:39:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\gctmp
[2012.04.07 19:39:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Xenocode
[2012.04.07 19:39:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Cam V2
[2012.04.07 19:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Cam V2
[2012.04.06 20:15:10 | 000,038,632 | ---- | C] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys
[2012.04.06 14:36:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\PhotoFiltre7
[2012.04.05 04:44:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\riotsGamesLogs
[2012.04.05 04:43:49 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\LolClient
[2012.04.05 03:55:40 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012.04.05 03:55:40 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012.04.05 03:55:37 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012.04.05 03:53:02 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012.04.05 03:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012.04.05 02:46:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\LeagueOfLegends
[2012.04.05 02:46:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\PMB Files
[2012.04.05 02:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.04.05 02:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.04.04 16:06:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012.04.04 15:55:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Thunderbird
[2012.04.04 15:55:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Thunderbird
[2012.04.04 15:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.04.03 15:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1
[2012.04.03 15:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012.04.03 08:25:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\My Games
[2012.04.03 08:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012.04.03 08:23:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\terraria
[2012.03.31 12:45:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\enchant
[2012.03.31 12:39:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AbiSuite
[2012.03.31 12:39:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2012.03.31 12:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2012.03.31 12:38:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AbiWord
[2012.03.30 23:17:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\WinRAR
[2012.03.30 23:17:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.03.30 23:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.03.30 23:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.03.30 15:21:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Chip text pack
[2012.03.29 18:47:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Blümchen
[2012.03.29 18:40:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Schweinchen
[2012.03.29 18:39:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Bett
[2012.03.29 11:54:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Chromium
[2012.03.29 11:54:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\BrawlBusters
[2012.03.29 11:13:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.03.24 23:16:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\mc server
[2012.03.24 23:15:27 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.03.24 23:15:27 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.24 23:15:27 | 000,264,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.03.24 23:15:27 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.03.24 23:15:27 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.03.24 23:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.03.24 23:13:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\NVIDIA
[2012.03.24 23:12:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\.minecraft
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.23 20:24:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.23 19:40:42 | 000,001,808 | ---- | M] () -- C:\Users\Daniel\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.23 19:28:55 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.23 19:28:55 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.23 19:27:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.23 19:27:34 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.23 19:27:34 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.23 19:27:34 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.23 19:27:34 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.23 19:21:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.23 19:21:30 | 536,174,591 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.23 19:19:14 | 095,997,857 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.04.23 10:45:38 | 000,000,512 | ---- | M] () -- C:\Users\Daniel\Desktop\MBR.dat
[2012.04.23 10:45:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe
[2012.04.23 10:41:34 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.23 10:36:51 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.04.23 07:37:59 | 000,002,981 | ---- | M] () -- C:\Users\Daniel\Desktop\HiJackThis.lnk
[2012.04.23 01:12:22 | 000,000,563 | ---- | M] () -- C:\Users\Daniel\Documents\- Top.vmf
[2012.04.22 19:07:32 | 000,050,486 | ---- | M] () -- C:\Users\Daniel\Desktop\Box.jpg
[2012.04.22 19:07:15 | 000,070,126 | ---- | M] () -- C:\Users\Daniel\Desktop\Vorlagen Box.pfi
[2012.04.21 20:07:56 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.21 17:35:15 | 000,337,449 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.04.20 15:20:16 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.19 19:16:34 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2012.04.19 12:22:37 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.04.19 12:22:37 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.19 12:19:02 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.04.17 17:12:17 | 000,017,408 | ---- | M] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2012.04.17 13:25:29 | 1246,378,496 | ---- | M] () -- C:\Users\Daniel\Documents\Intro.avi
[2012.04.17 13:25:29 | 000,000,030 | ---- | M] () -- C:\Users\Daniel\Documents\Intro.avi.sfl
[2012.04.15 15:31:40 | 000,000,615 | ---- | M] () -- C:\Users\Daniel\Desktop\Fraps.lnk
[2012.04.14 21:14:39 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.14 21:14:39 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.14 21:12:17 | 000,001,872 | ---- | M] () -- C:\Users\Daniel\Desktop\Zattoo.lnk
[2012.04.13 10:44:38 | 003,150,896 | ---- | M] () -- C:\Users\Daniel\Documents\Surf1.avi.AVI
[2012.04.13 10:40:28 | 000,000,059 | ---- | M] () -- C:\user.js
[2012.04.13 10:31:36 | 3751,387,648 | ---- | M] () -- C:\Users\Daniel\Documents\Surf1.avi
[2012.04.13 10:31:36 | 000,000,030 | ---- | M] () -- C:\Users\Daniel\Documents\Surf1.avi.sfl
[2012.04.13 10:22:06 | 088,264,800 | ---- | M] () -- C:\Users\Daniel\Documents\Ohne Titel.mxf
[2012.04.13 10:22:06 | 000,000,076 | ---- | M] () -- C:\Users\Daniel\Documents\Ohne Titel.mxf.sfl
[2012.04.13 10:06:21 | 000,000,034 | ---- | M] () -- C:\Windows\cdplayer.ini
[2012.04.13 09:57:00 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber 1.83.lnk
[2012.04.07 19:39:05 | 000,001,037 | ---- | M] () -- C:\Users\Daniel\Desktop\Game Cam V2.lnk
[2012.04.06 20:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys
[2012.04.06 18:08:39 | 000,013,688 | ---- | M] () -- C:\Users\Daniel\Desktop\himmel.jpg
[2012.04.06 15:00:10 | 000,285,811 | ---- | M] () -- C:\Users\Daniel\Desktop\MOH-Skull-edit-yellow.jpg
[2012.04.06 14:51:17 | 000,275,024 | ---- | M] () -- C:\Users\Daniel\Desktop\MOH-Skull-edit-red.jpg
[2012.04.06 14:37:45 | 000,069,637 | ---- | M] () -- C:\Users\Daniel\Desktop\MOH-Skull.jpg
[2012.04.06 13:26:19 | 000,137,233 | ---- | M] () -- C:\Users\Daniel\Desktop\419269_247434545335948_191175524295184_575649_1482311373_n.jpg
[2012.04.05 03:55:43 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.04.04 19:41:23 | 000,623,705 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.04 15:55:33 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.04.03 20:22:18 | 000,173,785 | ---- | M] () -- C:\Users\Daniel\Desktop\MCMap.rar
[2012.04.03 19:18:00 | 025,720,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.04.03 19:18:00 | 025,246,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.04.03 19:18:00 | 019,584,320 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.04.03 19:18:00 | 017,984,320 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.04.03 19:18:00 | 017,551,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.04.03 19:18:00 | 015,279,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.04.03 19:18:00 | 010,102,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.04.03 19:18:00 | 008,138,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.04.03 19:18:00 | 008,029,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.04.03 19:18:00 | 005,981,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.04.03 19:18:00 | 002,881,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.04.03 19:18:00 | 002,740,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.04.03 19:18:00 | 002,681,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.04.03 19:18:00 | 002,524,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.04.03 19:18:00 | 002,444,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.04.03 19:18:00 | 002,367,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.04.03 19:18:00 | 001,738,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.04.03 19:18:00 | 001,466,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012.04.03 19:18:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.04.03 19:18:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.04.03 19:18:00 | 000,014,252 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.04.03 15:52:00 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012.04.03 15:19:14 | 000,118,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.04.03 15:19:13 | 002,561,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.04.03 15:19:12 | 000,063,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.04.03 15:19:00 | 003,149,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.04.03 15:15:00 | 006,122,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.04.03 07:16:04 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.29 18:48:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.03.29 18:38:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.03.29 11:13:56 | 000,000,222 | ---- | M] () -- C:\Users\Daniel\Desktop\Brawl Busters.url
[2012.03.24 23:57:43 | 000,173,307 | ---- | M] () -- C:\Users\Daniel\Desktop\mc items.png
[2012.03.24 23:15:18 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.03.24 23:15:18 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.24 23:15:18 | 000,264,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.03.24 23:15:18 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.03.24 23:15:18 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
 
========== Files Created - No Company Name ==========
 
[2012.04.23 19:40:42 | 000,001,808 | ---- | C] () -- C:\Users\Daniel\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.23 10:41:34 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.23 10:38:08 | 000,000,512 | ---- | C] () -- C:\Users\Daniel\Desktop\MBR.dat
[2012.04.23 10:36:51 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.04.23 07:37:59 | 000,002,981 | ---- | C] () -- C:\Users\Daniel\Desktop\HiJackThis.lnk
[2012.04.23 01:12:22 | 000,000,563 | ---- | C] () -- C:\Users\Daniel\Documents\- Top.vmf
[2012.04.22 19:07:13 | 000,070,126 | ---- | C] () -- C:\Users\Daniel\Desktop\Vorlagen Box.pfi
[2012.04.22 18:54:20 | 000,050,486 | ---- | C] () -- C:\Users\Daniel\Desktop\Box.jpg
[2012.04.20 15:20:16 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.19 19:16:34 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2012.04.17 13:25:29 | 000,000,030 | ---- | C] () -- C:\Users\Daniel\Documents\Intro.avi.sfl
[2012.04.17 13:18:16 | 1246,378,496 | ---- | C] () -- C:\Users\Daniel\Documents\Intro.avi
[2012.04.14 21:14:51 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2012.04.14 21:14:40 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.14 21:12:17 | 000,001,872 | ---- | C] () -- C:\Users\Daniel\Desktop\Zattoo.lnk
[2012.04.13 10:43:59 | 003,150,896 | ---- | C] () -- C:\Users\Daniel\Documents\Surf1.avi.AVI
[2012.04.13 10:43:19 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.04.13 10:40:28 | 000,000,059 | ---- | C] () -- C:\user.js
[2012.04.13 10:31:36 | 000,000,030 | ---- | C] () -- C:\Users\Daniel\Documents\Surf1.avi.sfl
[2012.04.13 10:28:55 | 3751,387,648 | ---- | C] () -- C:\Users\Daniel\Documents\Surf1.avi
[2012.04.13 10:22:06 | 000,000,076 | ---- | C] () -- C:\Users\Daniel\Documents\Ohne Titel.mxf.sfl
[2012.04.13 10:16:55 | 088,264,800 | ---- | C] () -- C:\Users\Daniel\Documents\Ohne Titel.mxf
[2012.04.13 10:06:21 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.04.13 09:57:00 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber 1.83.lnk
[2012.04.13 09:48:30 | 000,000,615 | ---- | C] () -- C:\Users\Daniel\Desktop\Fraps.lnk
[2012.04.13 09:19:36 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.04.13 09:19:14 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2012.04.13 09:19:14 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.04.13 09:19:14 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2012.04.13 09:19:14 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.04.13 09:19:14 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2012.04.13 09:19:14 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012.04.07 19:39:05 | 000,001,037 | ---- | C] () -- C:\Users\Daniel\Desktop\Game Cam V2.lnk
[2012.04.06 18:08:38 | 000,013,688 | ---- | C] () -- C:\Users\Daniel\Desktop\himmel.jpg
[2012.04.06 15:00:07 | 000,285,811 | ---- | C] () -- C:\Users\Daniel\Desktop\MOH-Skull-edit-yellow.jpg
[2012.04.06 14:51:12 | 000,275,024 | ---- | C] () -- C:\Users\Daniel\Desktop\MOH-Skull-edit-red.jpg
[2012.04.06 14:37:44 | 000,069,637 | ---- | C] () -- C:\Users\Daniel\Desktop\MOH-Skull.jpg
[2012.04.06 13:26:18 | 000,137,233 | ---- | C] () -- C:\Users\Daniel\Desktop\419269_247434545335948_191175524295184_575649_1482311373_n.jpg
[2012.04.05 03:55:43 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.04.04 15:55:33 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.04.04 15:55:33 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.04.03 20:21:44 | 000,173,785 | ---- | C] () -- C:\Users\Daniel\Desktop\MCMap.rar
[2012.04.03 15:52:00 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012.04.03 07:16:04 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.29 18:48:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.03.29 18:38:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.03.29 11:13:56 | 000,000,222 | ---- | C] () -- C:\Users\Daniel\Desktop\Brawl Busters.url
[2012.03.24 23:57:42 | 000,173,307 | ---- | C] () -- C:\Users\Daniel\Desktop\mc items.png
[2012.03.13 08:41:28 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.13 08:41:26 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.12 12:27:51 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012.03.12 12:27:51 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll
[2012.03.12 12:27:51 | 000,000,309 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2012.03.12 12:27:28 | 000,003,518 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2012.03.12 12:27:28 | 000,000,613 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2012.03.12 12:27:27 | 000,002,754 | ---- | C] () -- C:\Windows\cmudax3.ini
 
========== LOP Check ==========
 
[2012.03.30 19:29:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\.minecraft
[2012.03.13 08:28:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\AVG2012
[2012.03.31 12:45:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\enchant
[2012.04.11 12:59:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Foxit Software
[2012.04.05 04:43:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient
[2012.03.12 13:28:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Origin
[2012.04.11 13:06:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Publish Providers
[2012.04.13 10:16:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Sony
[2012.04.13 11:14:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\systweak
[2012.04.04 15:55:35 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird
[2009.07.14 07:08:49 | 000,023,310 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 23.04.2012 20:51:51 - Run 3
OTL by OldTimer - Version 3.2.41.0     Folder = C:\Users\Daniel\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,12 Gb Available Physical Memory | 68,67% Memory free
12,00 Gb Paging File | 9,99 Gb Available in Paging File | 83,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,73 Gb Total Space | 47,05 Gb Free Space | 33,67% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 54,88 Gb Free Space | 93,66% Space Free | Partition Type: NTFS
Drive E: | 127,71 Gb Total Space | 107,43 Gb Free Space | 84,12% Space Free | Partition Type: NTFS
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{E51A1789-9C20-43FC-AF13-C7AC29FAF111}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"C-Media PCI Audio Driver" = Theatron Agrippa
"CyberGhost VPN_is1" = CyberGhost VPN
"GCFScape_is1" = GCFScape 1.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0FF3D021-5ED4-11E1-8FD8-F04DA23A5C58}" = Vegas Pro 11.0
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AbiWord2" = AbiWord 2.8.6
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audiograbber" = Audiograbber 1.83 SE 
"Battlelog Web Plugins" = Battlelog Web Plugins
"DivX Setup" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"Foxit Reader_is1" = Foxit Reader 5.1
"Fraps" = Fraps (remove only)
"Game Cam" = Game Cam 2.6.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"Steam App 109410" = Brawl Busters
"Steam App 211" = Source SDK
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.04.2012 21:46:58 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f28cccc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6646f1c9
ID
 des fehlerhaften Prozesses: 0x1600  Startzeit der fehlerhaften Anwendung: 0x01cd1203c50e91a8
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\evilsnightmare\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 10180f02-7df8-11e1-879d-001bfc4f1889
 
Error - 03.04.2012 22:09:28 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f28cccc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7019f1c9
ID
 des fehlerhaften Prozesses: 0x14f8  Startzeit der fehlerhaften Anwendung: 0x01cd1204dbdf49d3
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\evilsnightmare\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 3513d135-7dfb-11e1-879d-001bfc4f1889
 
Error - 04.04.2012 10:18:56 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 11.0.0.4454,
 Zeitstempel: 0x4f5ecbd4  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x12f4  Startzeit der fehlerhaften Anwendung: 0x01cd126c30633072  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 1c9e5076-7e61-11e1-8be5-001bfc4f1889
 
Error - 06.04.2012 19:56:05 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f28cccc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x71b9f1c9
ID
 des fehlerhaften Prozesses: 0x11f0  Startzeit der fehlerhaften Anwendung: 0x01cd144e43d7d122
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\evilsnightmare\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 11c49e8d-8044-11e1-b5f3-001bfc4f1889
 
Error - 09.04.2012 06:30:46 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f28cccc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6dcbf1c9
ID
 des fehlerhaften Prozesses: 0x1384  Startzeit der fehlerhaften Anwendung: 0x01cd16389430c4a2
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\evilsnightmare\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 110e85a9-822f-11e1-a3a7-001bfc4f1889
 
Error - 09.04.2012 13:13:27 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Foxit Reader.exe, Version: 5.1.4.104,
 Zeitstempel: 0x4f03f742  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6d657449  ID des fehlerhaften
 Prozesses: 0x1324  Startzeit der fehlerhaften Anwendung: 0x01cd1674123e7b6b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit
 Reader.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung: 51a96e4d-8267-11e1-b1c7-001bfc4f1889
 
Error - 09.04.2012 13:13:27 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 11.0.0.4454,
 Zeitstempel: 0x4f5ecbd4  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 2.1.1.720,
 Zeitstempel: 0x4e607dd8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000052bd  ID des fehlerhaften
 Prozesses: 0x143c  Startzeit der fehlerhaften Anwendung: 0x01cd1673ddedaff0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 521ddcb1-8267-11e1-b1c7-001bfc4f1889
 
Error - 09.04.2012 13:13:28 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Foxit Reader.exe, Version: 5.1.4.104,
 Zeitstempel: 0x4f03f742  Name des fehlerhaften Moduls: facebook_plugin.fpi_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4ed5d143  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x06bf2978  ID des fehlerhaften Prozesses: 0x1324  Startzeit der fehlerhaften Anwendung:
 0x01cd1674123e7b6b  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Foxit
 Software\Foxit Reader\Foxit Reader.exe  Pfad des fehlerhaften Moduls: facebook_plugin.fpi
Berichtskennung:
 523fbd10-8267-11e1-b1c7-001bfc4f1889
 
Error - 14.04.2012 11:51:49 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f28cccc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6c1cf1c9
ID
 des fehlerhaften Prozesses: 0x6a0  Startzeit der fehlerhaften Anwendung: 0x01cd1a534a69ebe1
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\evilsnightmare\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 be4617d5-8649-11e1-a618-001bfc4f1889
 
Error - 23.04.2012 14:14:19 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Daniel\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
[ System Events ]
Error - 14.04.2012 15:38:37 | Computer Name = Daniel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?04.?2012 um 21:19:46 unerwartet heruntergefahren.
 
Error - 18.04.2012 12:15:22 | Computer Name = Daniel-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 19.04.2012 12:57:17 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Hotspot Shield Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 19.04.2012 13:14:51 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Routing Service" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
Error - 19.04.2012 13:14:53 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 20.04.2012 12:20:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 20.04.2012 12:20:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.04.2012 12:25:46 | Computer Name = Daniel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?04.?2012 um 18:23:42 unerwartet heruntergefahren.
 
Error - 23.04.2012 04:13:57 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 23.04.2012 13:20:07 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
 
< End of report >

Und das Problem ist noch immer da, aber nurnoch wenn ich beim Zocken auf genau den einen Server gehe (Das Verbinden mit dem Server scheint das ganze bei mir zu aktivieren). Gehe ich zunächst auf einen anderen Server habe ich keine Probleme, wechsel ich dann jedoch auf den anderen, geht das ganze los. Meine Latenz steigt wieder auf 100ms und der Sound wird abgespielt. Kein anderer User des Servers scheint dieses Problem jedoch zu haben.

kira · 24.04.2012, 07:17

lade Dir HijackThis 2.0.4 von *von hier* herunter
Rechtsklick drauf-> "Als Administrator ausführen" wählen
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

NichtBot · 24.04.2012, 09:26

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:23:51, on 24.04.2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7500 bytes

Auch wenn du es nich dazu geschrieben hast, ich habs einfach mal in Code-Tags gepackt

kira · 24.04.2012, 14:27

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')

2.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...

3.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner

- Zeitweise laufen lassen:-> Anleitung

4.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

5.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes:

*Systemwiederherstellung deaktivieren: Windows 7 und Vista*
PC runterfahren
wieder einschalten
Systemwiederherstellung aktivieren

also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

6.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

7.
► für Win 7 das Service Pack 1 bitte aufspielen!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!
► Internet Explorer aktualisieren: - Version 9 ist aktuell!
Du kannst gleich Windows Internet Explorer 9 installieren, um die vorhandene Version von Internet Explorer zu ersetzen:-> Internet Explorer 9
Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann.

► Hat Dein Rechner noch Probleme?

NichtBot · 24.04.2012, 15:06

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:41:30, on 24.04.2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1372971484-2593595397-3180589445-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1372971484-2593595397-3180589445-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7532 bytes

Hier das letzte Logfile. Mache jetzt mal weiter mit der Sp1 Installation, werde mich danach gucken ob die Probleme entgültig weg sind, oder ob eventuell noch handlungsbedarf besteht.

Grüße
Daniel

kira · 24.04.2012, 17:58

Ok, melde dich dann erneut

NichtBot · 24.04.2012, 23:53

So, Problem scheint gelöst

Vielen vielen Dank, die Sounds haben mir den letzten Nerv geraubt

Grüße Daniel

Sorry für den Doppelpost, kann halt nicht mehr Editieren....

Kira? Kannst du mir vllt verraten was genau (welche Datei) das Ganze denn nun ausgelöst hat? Wäre doch immer gut zu wissen, ob ich in der Zukunft nach i-was bestimmten schonmal Ausschau halten könnte.
Wenn du mir keine explizierte Datei nennen kannst ist auch nicht schlimm,
ist halt nur Interesse halber

Ps: Guten Morgen zusammen =)

kira · 25.04.2012, 06:55

"Datei nennen" kann ich so nicht, aber ... Du hast Adaware drauf gehabt und nicht zulätzt dein ungepatchte System mit Lücken als "Hauptproblem" in Frage kommt. Das mußt Du dringend nachholen:

** Lass dein System in der nächste Zeit noch unter Beobachtung!

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner

- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes:

*Systemwiederherstellung deaktivieren: Windows 7 und Vista*
PC runterfahren
wieder einschalten
Systemwiederherstellung aktivieren

also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► für Win 7 das Service Pack 1 bitte aufspielen!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!
► Internet Explorer aktualisieren: - Version 9 ist aktuell!
Du kannst gleich Windows Internet Explorer 9 installieren, um die vorhandene Version von Internet Explorer zu ersetzen:-> Internet Explorer 9
Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann.

Lesestoff Nr.1:

Wie erstelle ich ein eingeschränktes Benutzerkonto?
Software immer auf dem neuesten Stand halten!:
ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
- Unbekannten E-Mail-Anhang NICHT öffnen!
Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)
Die fünf häufigsten Passwort-Fehler[/b[

"Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)

NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!

Programme und Treiber:
Nur vom Hersteller!

Onlinebanking:
Gib deine Passwörter niemals preis!
Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.

Comnputer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab

Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
Webseiten ohne Gültiges Impressum nicht besuchen
Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
► Ausserdem machst Du dich damit strafbar!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
Virenscanner
BSI für Bürger
SETI@home - [Sicherheit] Sicherheitskonzept
Entwicklung schädlicher Websites/viruslist.com
Brennpunkt: Bilder und Töne
Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!

Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -

Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:

Löschen der temporären Dateien in Windows
Verlauf, Cache und Cookies: Spuren beseitigen nach dem Surfen
hier nachlesen und hier microsoft.com
Wenn dein System reibungslos läuft, kannst zeitweise die alte Wiederherstellungspunkte entfernen: -> Alle Systemwiederherstellungspunkte bis auf den Letzten löschen
Oft den PC zu optimieren nütz wenig, der braucht jetzt eine Radikalkur (nach ca. 3-4 jahren, aber hängt von der Häufigkeit der Nutzung bzw Belastung ab): Anleitung: Neuaufsetzen des Systems + Absicherung
Staub, Fingerabdrücke, Handschweiß – PC und Peripherie sehen mit der Zeit ganz schön eklig aus, ausserdem laut, reagiert langsam und wird schnell heiß:
-> verschmutzte PCs sauber machen
-> Frühjahrsputz für den PC: Tipps zur Reinigung und Entrümpelung

wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira

NichtBot · 25.04.2012, 07:41

Hab ich ja schon nachgeholt... heute wieder neueste Softwareupdates draufgezogen und installiert

Dir und dem Team vom Trojaner-Board auch noch viel Erfolg

Hoffe das ihr noch jedem weiteren helfen könnt

PS: Was mir i-wie peinlich ist: Mit dem UCash-Trojaner komm ich klar, mitm bissl Ad-Ware jedoch nicht xD

kira · 25.04.2012, 16:36

ujjjjjjjjjjjeh...habe statt Adware, "Adaware" geschrieben

so...also dann...alles gute nochmal!
ohne Ad-Aware und Adware...

)

Counterstrike spielt nicht vorhandene Sounds ab (Nach Source SDK Download)

Log-Analyse und Auswertung: Counterstrike spielt nicht vorhandene Sounds ab (Nach Source SDK Download)