Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne
(2x) Verschlüsselungstrojaner! +OTL Dateien

(2x) Verschlüsselungstrojaner! +OTL Dateien


Mülltonne: (2x) Verschlüsselungstrojaner! +OTL Dateien

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 13.06.2012, 16:18   #1
urml99
 
(2x) Verschlüsselungstrojaner! +OTL Dateien - Standard

(2x) Verschlüsselungstrojaner! +OTL Dateien


OTL Dateien:
OTL.txt:
OTL logfile created on: 13.06.2012 16:57:07 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,98 Gb Total Physical Memory | 14,30 Gb Available Physical Memory | 89,46% Memory free
31,96 Gb Paging File | 30,06 Gb Available in Paging File | 94,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 61,49 Gb Free Space | 55,05% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1038,32 Gb Free Space | 74,31% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 69,85 Mb Free Space | 69,85% Space Free | Partition Type: NTFS

Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.13 16:56:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.10 16:30:40 | 000,018,432 | ---- | M] () -- C:\Users\***\AppData\LocalLow\SumatraPDF\IE\SumatraPDFUpdater.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.05.12 16:50:03 | 001,990,656 | ---- | M] (CMedia) -- C:\Programme\ASUS Xonar D2X Audio\Customapp\AsusAudioCenter.exe
PRC - [2009.11.06 14:41:06 | 002,080,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008.07.11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011.04.19 14:56:58 | 000,143,360 | ---- | M] () -- C:\Programme\ASUS Xonar D2X Audio\Customapp\VmixP8.dll
MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.11.06 14:41:06 | 002,080,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
MOD - [2009.03.04 09:52:36 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\WlanDll.dll
MOD - [2008.12.29 17:13:24 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\KJLog.dll
MOD - [2008.07.11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.06.10 20:33:56 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.01 17:37:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.10 16:30:40 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\***\AppData\LocalLow\SumatraPDF\IE\SumatraPDFUpdater.exe -- (SumatraPDFUpdater)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 15:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2009.11.18 17:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 A4 BF C4 F5 46 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.10 14:05:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.10 14:07:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012.06.10 12:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.06.11 16:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***s\AppData\Roaming\mozilla\Firefox\Profiles\hj0c7nw7.default\extensions
[2012.06.10 12:53:53 | 000,000,000 | ---D | M] (SumatraPDF) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hj0c7nw7.default\extensions\sumatrapdf@kowalczyk.info
[2012.06.11 17:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.11 17:21:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.01 17:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SumatraPDF) - {EA58BBDF-F45C-4F28-8E52-CD5AA70D2C1E} - C:\Users\***\AppData\LocalLow\SumatraPDF\IE\SumatraPDF.dll (Krzysztof Kowalczyk)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] D:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3183A2EB-3602-42FC-91C7-78FBA3DB988A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.10 08:34:13 | 000,000,000 | RH-D | M] - D:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.11 18:56:03 | 018,685,560 | ---- | C] (Blizzard Entertainment) -- C:\Users\***\Desktop\Diablo III.exe
[2012.06.11 17:21:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype
[2012.06.11 17:21:37 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.06.11 17:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.06.11 16:50:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.06.10 20:56:10 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Diablo III
[2012.06.10 20:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.06.10 20:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2012.06.10 20:54:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nero
[2012.06.10 20:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.06.10 20:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012.06.10 20:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.06.10 20:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012.06.10 20:47:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.06.10 20:47:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.06.10 20:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012.06.10 20:06:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\fs_randec
[2012.06.10 14:20:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI
[2012.06.10 14:20:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI
[2012.06.10 14:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.06.10 14:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.06.10 14:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.06.10 14:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.06.10 14:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.06.10 14:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.06.10 14:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.06.10 14:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.06.10 14:15:43 | 000,000,000 | ---D | C] -- C:\AMD
[2012.06.10 14:13:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.06.10 14:13:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thunderbird
[2012.06.10 14:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.06.10 14:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.06.10 14:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.06.10 14:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.06.10 14:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.10 14:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.10 14:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.06.10 13:55:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2012.06.10 13:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2012.06.10 13:00:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ASUS
[2012.06.10 13:00:19 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.06.10 13:00:19 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.06.10 13:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.06.10 13:00:13 | 008,769,536 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CmiCnfgp.dll
[2012.06.10 13:00:13 | 000,465,408 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysNative\cmasiopx.dll
[2012.06.10 13:00:13 | 000,303,104 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\cmasiop.dll
[2012.06.10 13:00:13 | 000,217,088 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\HsSrv2.dll
[2012.06.10 13:00:13 | 000,217,088 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\HsSrv.dll
[2012.06.10 13:00:13 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\Cmpaoxy.dll
[2012.06.10 13:00:13 | 000,122,880 | ---- | C] (CMedia Electronics Inc.) -- C:\Windows\SysWow64\Cm_Oal.dll
[2012.06.10 13:00:13 | 000,122,880 | ---- | C] (CMedia Electronics Inc.) -- C:\Windows\SysNative\Cm_Oal.dll
[2012.06.10 13:00:13 | 000,121,856 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\HsSrv642.dll
[2012.06.10 13:00:13 | 000,121,856 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\HsSrv64.dll
[2012.06.10 13:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS Xonar D2X Audio
[2012.06.10 12:59:59 | 002,725,376 | ---- | C] (C-Media Inc) -- C:\Windows\SysNative\drivers\cmudaxp.sys
[2012.06.10 12:59:59 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\CmiFltr.dll
[2012.06.10 12:59:59 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\CmiFltr.dll
[2012.06.10 12:59:59 | 000,032,768 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysNative\cmudaxp.dll
[2012.06.10 12:59:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.06.10 12:55:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.06.10 12:55:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2012.06.10 12:55:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.06.10 12:55:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.06.10 12:53:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2012.06.10 12:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.06.10 12:29:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.10 12:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.10 12:29:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.10 12:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.10 12:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.06.10 12:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.06.10 12:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.06.10 12:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.06.10 12:23:13 | 000,000,000 | ---D | C] -- C:\OEMSettings
[2012.06.10 12:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.06.10 12:22:52 | 000,446,976 | ---- | C] (NETGEAR Inc. ) -- C:\Windows\SysNative\drivers\wg111v3.sys
[2012.06.10 12:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2012.06.10 12:22:36 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.06.10 12:22:36 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.06.10 12:15:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.06.10 12:15:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2012.06.10 12:15:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2012.06.08 12:16:47 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.06.08 11:21:20 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.08 11:21:20 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2012.06.08 11:21:20 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.06.08 11:21:14 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2012.06.08 11:21:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2012.06.08 11:21:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2012.06.08 11:21:11 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2012.06.08 11:21:11 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2012.06.08 11:21:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2012.06.08 11:21:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2012.06.08 11:21:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.06.08 11:21:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.06.08 11:17:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.06.08 11:17:31 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012.06.13 16:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.13 16:37:56 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 16:37:56 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 16:33:49 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.13 16:33:49 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.13 16:33:49 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.13 16:33:49 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.13 16:33:49 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.13 16:29:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.13 16:29:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.06.13 16:29:37 | 4280,184,830 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.11 16:53:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.10 20:47:38 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012.06.10 14:18:24 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.06.10 14:03:30 | 000,275,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.10 13:46:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.10 13:46:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.06.10 13:00:19 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.06.10 13:00:19 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.06.10 13:00:13 | 000,043,007 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012.06.10 13:00:13 | 000,000,946 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.imi
[2012.06.10 13:00:13 | 000,000,885 | ---- | M] () -- C:\Windows\System\Cmicnfgp.ini
[2012.06.10 13:00:13 | 000,000,142 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2012.06.10 12:51:34 | 000,000,094 | ---- | M] () -- C:\Users\***\Desktop\nbg_m.pls
[2012.06.10 12:35:56 | 000,000,048 | ---- | M] () -- C:\Users\***\AppData\Roaming\mbam.context.scan
[2012.06.10 12:29:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.10 12:22:52 | 000,002,073 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Setup-Assistent.lnk
[2012.06.10 12:22:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.06.08 11:19:08 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.06.08 11:19:08 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.06.07 21:48:12 | 018,685,560 | ---- | M] (Blizzard Entertainment) -- C:\Users\***
========== Files Created - No Company Name ==========

[2012.06.11 16:53:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.10 20:47:38 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012.06.10 14:18:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.06.10 13:55:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.06.10 13:46:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.10 13:46:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.06.10 13:00:13 | 001,144,983 | ---- | C] () -- C:\Windows\KB936225x64.msu
[2012.06.10 13:00:13 | 000,805,376 | ---- | C] () -- C:\Windows\SysNative\Cmeauoxy.exe
[2012.06.10 13:00:13 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CmiCnfgp.cpl
[2012.06.10 13:00:13 | 000,282,112 | ---- | C] () -- C:\Windows\System\HsMgr64.exe
[2012.06.10 13:00:13 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012.06.10 13:00:13 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012.06.10 13:00:13 | 000,043,007 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012.06.10 13:00:13 | 000,000,142 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2012.06.10 13:00:13 | 000,000,053 | ---- | C] () -- C:\Windows\SysNative\cmasiopx.ini
[2012.06.10 13:00:13 | 000,000,049 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2012.06.10 13:00:08 | 000,000,946 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012.06.10 13:00:06 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2012.06.10 13:00:06 | 000,004,977 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012.06.10 13:00:06 | 000,000,885 | ---- | C] () -- C:\Windows\System\Cmicnfgp.ini
[2012.06.10 13:00:06 | 000,000,593 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2012.06.10 12:55:21 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.10 12:51:34 | 000,000,094 | ---- | C] () -- C:\Users\***\Desktop\nbg_m.pls
[2012.06.10 12:35:56 | 000,000,048 | ---- | C] () -- C:\Users\***\AppData\Roaming\mbam.context.scan
[2012.06.10 12:29:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.10 12:22:52 | 000,002,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Setup-Assistent.lnk
[2012.06.10 12:22:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.06.08 11:21:21 | 000,001,405 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.06.08 11:21:20 | 000,001,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.08 11:17:31 | 4280,184,830 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012.06.10 13:00:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS
[2012.06.10 14:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2009.07.14 07:08:49 | 000,005,922 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >




Extras.txt:
OTL Extras logfile created on: 13.06.2012 16:57:07 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,98 Gb Total Physical Memory | 14,30 Gb Available Physical Memory | 89,46% Memory free
31,96 Gb Paging File | 30,06 Gb Available in Paging File | 94,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 61,49 Gb Free Space | 55,05% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1038,32 Gb Free Space | 74,31% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 69,85 Mb Free Space | 69,85% Space Free | Partition Type: NTFS

Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "f:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "f:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "f:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "f:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17E1A215-1531-4744-A277-6C1E40122776}" = lport=139 | protocol=6 | dir=in | app=system |
"{22901943-F5AC-4803-B62C-9E2C5CDF1267}" = rport=445 | protocol=6 | dir=out | app=system |
"{2BDDAF61-EB7D-47EA-A337-FD6377548CF9}" = lport=445 | protocol=6 | dir=in | app=system |
"{2DB399E7-640F-4801-BC83-9605B1292B96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32BB9F15-8FFF-4480-BAE9-3D184C326387}" = rport=138 | protocol=17 | dir=out | app=system |
"{41F6BEEC-006E-45FD-8A03-E50ADA6F761D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45DAA85A-1350-4B99-A65F-7E5F95E0DC2D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5B17199F-BB3B-4626-B944-1DDB0826C90D}" = rport=137 | protocol=17 | dir=out | app=system |
"{74A5A899-5137-4090-8E76-8E238E62B32D}" = lport=137 | protocol=17 | dir=in | app=system |
"{7C3670B7-5C9A-4921-AA97-19D7FA96E746}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{803B6B60-3975-4D35-B0FD-30892A4F70BF}" = rport=139 | protocol=6 | dir=out | app=system |
"{8522049B-2B90-4C62-9365-2372C7D2819E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8B56818E-350D-46F2-8154-9AE9CFEFA2F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{909FF450-7B58-4C70-97D4-153F6ABE29A2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9C566474-C688-4AA4-8F44-6E9F4E2FCF88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A058728B-D425-47E1-BD51-B742D97DCE8D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1CAF706-0FCA-48BD-AF0B-3D3BCDD39C6E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B037F9A6-ACDA-479A-9487-442E34988BE3}" = lport=138 | protocol=17 | dir=in | app=system |
"{B4A10760-7CBD-4D52-98C1-089324DDAD09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BE91FD4A-1106-46D4-8268-27D439D037EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC8DDF64-D6A3-4C60-A65F-81449799E314}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C71F972-E7A4-4B54-AE0C-D673764E7A5A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0E3AF874-F83F-47A0-92A7-4814E9965705}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15A30646-A213-4A4F-A552-BFECA9D92EA5}" = protocol=6 | dir=out | app=system |
"{165D752B-4094-4F6A-940A-6C60B72062E3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{2578E832-FF36-4C9B-8B87-6E288C0C3A26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AE65015-E04C-41E8-B9B0-AAD87051B888}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EF8C064-E3C8-4683-B05F-A73D62767AF1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{670C6105-E19E-47B2-8FA6-E034F89E2F62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8793C14D-3AA0-486A-A15C-529C33CC933B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{931025F8-CF80-4D69-956C-426791A04B8B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{95A06131-0513-4B1C-91FF-1F8FE479DEF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A760A54A-B0F5-4DC4-BB77-C2CDE6B0E4BC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AFB39A58-FA3B-4E48-BED6-B29F2D895C6A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B18FC8D6-618F-4EEE-95C6-B1AFC80256CB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BF6A86FE-AE9E-4291-B021-5C38C98024CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D5A27256-D221-400A-9EA5-4548140D280A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D83AAC1B-F511-48B9-950F-C5D3BBE97E7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DAF52ABD-2CE2-4A11-9E0A-E1EA8089A3FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E30CBF56-61AA-4C7A-9796-2747A3530D0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ED8E24A1-6660-455E-B2D2-EE09A2AD319C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB3CD971-DE88-4355-9CE4-EE2E0DA4B519}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4A18C8B3-24F5-4DFE-91AE-08930D61CF41}D:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe |
"TCP Query User{D844CBAF-37CE-4FC7-AE3F-3B908971DF99}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"UDP Query User{2E510292-3BA1-4D0A-98D6-931E5972A609}D:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe |
"UDP Query User{6A16EE84-A3E2-4ED1-A60C-2C858C941B3F}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"C-Media Oxygen HD Audio Driver" = ASUS Xonar D2X Audio Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.11 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6E2455-E318-4A60-9174-754D1BE5E7A4}" = Nero 11
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience)
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{CF9041ED-60C9-36ED-9DB9-F55AAD993865}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E7382773-CBE8-33A9-862E-C2337CD0F359}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"Mozilla Thunderbird 13.0 (x86 de)" = Mozilla Thunderbird 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"VLC media player" = VLC media player 2.0.1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13.06.2012 10:37:21 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:37:21 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:40:27 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:40:27 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:40:32 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:40:32 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:40:34 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:40:34 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:41:26 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:41:26 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

[ System Events ]
Error - 10.06.2012 08:01:31 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "UMVPFSrv" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.

Error - 10.06.2012 08:03:38 | Computer Name = ***C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%16405

Error - 10.06.2012 08:06:42 | Computer Name = *** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Internet Explorer 8 unter
Windows 7 für x64-basierte Systeme (KB2544521)

Error - 10.06.2012 08:06:42 | Computer Name = *** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
(KB2632503)

Error - 10.06.2012 08:06:42 | Computer Name = *** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für
Internet Explorer 8 für Windows 7 für x64-basierte Systeme (KB2598845)

Error - 10.06.2012 08:13:20 | Computer Name = *** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f020b fehlgeschlagen: SAMSUNG Electronics Co., Ltd. - Other hardware
- SAMSUNG Mobile USB Composite Device

Error - 10.06.2012 08:14:33 | Computer Name = *** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f020b fehlgeschlagen: SAMSUNG Electronics Co., Ltd. - Other hardware
- SAMSUNG Mobile USB Composite Device

Error - 10.06.2012 12:38:50 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?06.?2012 um 14:45:22 unerwartet heruntergefahren.

Error - 10.06.2012 13:39:37 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%1062

Error - 11.06.2012 12:48:35 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?06.?2012 um 18:46:41 unerwartet heruntergefahren.


< End of report >

Alt 15.06.2012, 18:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
(2x) Verschlüsselungstrojaner! +OTL Dateien - Standard

(2x) Verschlüsselungstrojaner! +OTL Dateien


Ein Strang reicht!!
=> http://www.trojaner-board.de/117262-...l-dateien.html
__________________

__________________
 

Themen zu (2x) Verschlüsselungstrojaner! +OTL Dateien
adobe, bho, error, explorer, fehler, firefox, flash player, format, helper, home, install.exe, installation, langs, logfile, mozilla, netgear, object, plug-in, programme, realtek, registry, rundll, scan, searchscopes, security, software, svchost.exe, udp, usb 2.0, windows


« (2x) google suchergebnisse | doppelt: Sirefef.AG.35, ATRAPS.GEN2 u. Small.FI Befall »


Ähnliche Themen: (2x) Verschlüsselungstrojaner! +OTL Dateien


  1. Verschlüsselungstrojaner- Dateien entschlüsseln
    Plagegeister aller Art und deren Bekämpfung - 09.03.2015 (4)
  2. Verschlüsselungstrojaner, jpg-Dateien 26kb größer
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (3)
  3. Dateien nach Verschlüsselungstrojaner entschlüsseln
    Überwachung, Datenschutz und Spam - 06.02.2013 (2)
  4. Infizierung Verschlüsselungstrojaner - Erzeugt Dateien ohne Endung
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (3)
  5. Der Verschlüsselungstrojaner mal wieder - Dateien wiederherstellen
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (44)
  6. Dateien vom Verschlüsselungstrojaner umbenannt und verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (1)
  7. Dateien verschlüsselt nach verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (1)
  8. Verschlüsselungstrojaner - Alle Dateien weg!
    Log-Analyse und Auswertung - 19.06.2012 (31)
  9. Verschlüsselungstrojaner! +OTL Dateien
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (5)
  10. Dateien entschlüsseln nach Verschlüsselungstrojaner funktioniert nicht
    Log-Analyse und Auswertung - 13.06.2012 (3)
  11. Verschlüsselungstrojaner - Dateien lassen sich nicht entschlüsseln
    Log-Analyse und Auswertung - 07.06.2012 (5)
  12. VerschlüsselungsTrojaner entfernt, Dateien immernoch verschlüsselt
    Log-Analyse und Auswertung - 01.06.2012 (1)
  13. Verschlüsselungstrojaner benennt Dateien um
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (2)
  14. Verschlüsselungstrojaner Dateien wiederherstellen
    Log-Analyse und Auswertung - 25.05.2012 (2)
  15. Welche Dateien verschlüsselt der Verschlüsselungstrojaner?
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (3)
  16. locked-Dateien - Verschlüsselungstrojaner?
    Log-Analyse und Auswertung - 03.05.2012 (1)
  17. Verschlüsselungstrojaner hat alle privaten Dateien umbenannt - was tun?
    Plagegeister aller Art und deren Bekämpfung - 26.04.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema (2x) Verschlüsselungstrojaner! +OTL Dateien - OTL Dateien: OTL.txt: OTL logfile created on: 13.06.2012 16:57:07 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = - (2x) Verschlüsselungstrojaner! +OTL Dateien...
Archiv
Du betrachtest: (2x) Verschlüsselungstrojaner! +OTL Dateien auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131