Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon

0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon


Log-Analyse und Auswertung: 0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.07.2012, 00:49   #1
Chap0Club
 
0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon - Standard

0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon


Hey brauche Hilfe, hab Virus oder Trojaner, mein taskmanager hat nicht funktioniert und es kamm ein "störbildschirm" immer nach kurzer zeit wenn ich irgendwas am pc gemacht habe, jetzt hab ich malwarebyted ein paar mal durchlaufen lassen und alles plattgemacht was der gefunden hat und die programme benutzt um logfiles zu erstellen. jetzt funktioniert der taskmanager und mein pc wieder aber sicherheitshalber wäre es ganz gut wenn ihr es euch trotzdem mal angucken köönt, denn ich weiß auch nciht ob der virus jetzt ganz weg ist oder ich noch etwas unternehmen muss

0_0o_I.exe,FQ10


defogger_disable :

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:15 on 05/07/2012 (mustermann)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-


OTL :

OTL logfile created on: 05.07.2012 00:18:07 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = J:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,61 Gb Available Physical Memory | 82,67% Memory free
8,99 Gb Paging File | 7,39 Gb Available in Paging File | 82,24% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 9,05 Gb Free Space | 18,54% Space Free | Partition Type: NTFS
Drive D: | 649,71 Gb Total Space | 115,59 Gb Free Space | 17,79% Space Free | Partition Type: NTFS
Drive J: | 3,76 Gb Total Space | 3,74 Gb Free Space | 99,53% Space Free | Partition Type: FAT32

Computer Name: mustermann-PC | User Name: mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.04 22:40:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- J:\OTL.exe
PRC - [2012.06.27 14:38:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.27 12:41:30 | 008,753,696 | ---- | M] (Dll-FIles.Com) -- C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.07 10:29:14 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2011.03.24 06:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
PRC - [2011.03.22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2010.11.20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.11.15 13:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
PRC - [2010.11.15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
PRC - [2010.07.13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2009.08.24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.04 10:40:14 | 000,179,360 | ---- | M] () -- C:\Users\mustermann\AppData\Local\Temp\0_0u_l.exe
MOD - [2012.05.31 19:25:42 | 000,379,392 | ---- | M] () -- c:\progra~2\sprote~1\sprote~1.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.07.13 01:29:42 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll
MOD - [2010.07.13 01:28:42 | 000,856,064 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll
MOD - [2010.07.13 01:26:12 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
MOD - [2010.07.13 01:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
MOD - [2010.07.13 01:25:50 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll
MOD - [2010.07.13 01:25:42 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
MOD - [2010.07.13 01:22:36 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll
MOD - [2010.07.13 01:22:02 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll
MOD - [2010.07.13 01:16:16 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll
MOD - [2010.07.13 01:15:58 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
MOD - [2010.07.13 01:15:52 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll
MOD - [2010.07.13 01:13:42 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll
MOD - [2010.07.13 01:10:56 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll
MOD - [2010.04.02 21:23:36 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll
MOD - [2010.04.02 20:44:16 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.06.26 02:07:24 | 001,303,368 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013 BETA\vsserv.exe -- (VSSERV)
SRV:64bit: - [2012.06.26 02:07:13 | 000,068,416 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013 BETA\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2010.09.29 03:51:09 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.27 14:38:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Programme\hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.26 02:08:00 | 000,061,224 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Programme\Bitdefender\Bitdefender 2013 BETA\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2012.06.21 13:28:28 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.20 04:56:48 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.02 15:16:39 | 000,075,384 | ---- | M] (Bitdefender) [On_Demand | Stopped] -- C:\Programme\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.07 10:29:14 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011.03.24 06:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2011.03.22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010.11.15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010.04.02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.04.24 15:28:33 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2012.04.17 14:34:26 | 000,076,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2012.04.11 17:03:18 | 000,138,232 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:22:46 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.17 16:45:56 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012.02.06 16:01:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.11.25 15:00:36 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2011.11.17 17:38:33 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2011.08.04 02:53:45 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.08.04 02:53:44 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.26 07:42:00 | 000,064,256 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.01.26 07:41:00 | 000,039,808 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.01.13 13:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.09.29 04:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.09.29 03:14:49 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.08.16 12:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.05.25 05:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012.07.05 00:16:41 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.05.25 14:07:34 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011.11.14 20:16:40 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2011.11.14 20:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2010.03.12 05:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.gboxapp.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.gboxapp.com/?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 27 FD 59 65 49 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=be2db43b0000000000001c6f65d407bf
IE - HKCU\..\SearchScopes\{4BA9376F-9585-4bf3-8F11-91D56F462F03}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd_ut
IE - HKCU\..\SearchScopes\{6C76CF14-DDB6-4e6f-AD8C-5DB0BA46A55E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8kEWV8u6&i=26
IE - HKCU\..\SearchScopes\{F9B4755F-D0B8-47b1-9392-EC4C05AA5DD2}: "URL" = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20111147,16991,0,6,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58343


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013 BETA\BDTBEXT [2012.06.12 12:52:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2011.07.23 20:15:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2011.07.23 20:15:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2011.07.23 20:15:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.22 23:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013 BETA\bdtbext [2012.06.12 12:52:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\mustermann\AppData\Roaming\5041 [2012.06.22 09:06:16 | 000,000,000 | ---D | M]

[2012.02.22 03:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.27 13:29:08 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.03.01 23:38:02 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2012.03.01 23:42:58 | 000,000,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.3_0\
CHR - Extension: No name found = C:\Users\mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: No name found = C:\Users\mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: No name found = C:\Users\mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: No name found = C:\Users\mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\
CHR - Extension: No name found = C:\Users\mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\
CHR - Extension: No name found = C:\Users\mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: No name found = C:\Users\mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (GagetBox) - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (instplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\mustermann\AppData\Roaming\instplugin\toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RDReminder] File not found
O4 - HKCU..\Run: [Steam] D:\Programme\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bitdefender\Bitdefender 2013 BETA\BdProvider32\BdProvider.dll (Bitdefender)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB69E81-3B10-4FFC-8010-0CAD8AFF5C7A}: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (c:\progra~2\sprote~1\sprote~1.dll) - c:\progra~2\sprote~1\sprote~1.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2785abc3-0ac5-11e1-90c6-1c6f65d407bf}\Shell - "" = AutoRun
O33 - MountPoints2\{2785abc3-0ac5-11e1-90c6-1c6f65d407bf}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{a698e081-c798-11e0-a561-1c6f65d407bf}\Shell - "" = AutoRun
O33 - MountPoints2\{a698e081-c798-11e0-a561-1c6f65d407bf}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{d873c5c0-bb26-11e0-9281-1c6f65d407bf}\Shell - "" = AutoRun
O33 - MountPoints2\{d873c5c0-bb26-11e0-9281-1c6f65d407bf}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{d873c5c0-bb26-11e0-9281-1c6f65d407bf}\Shell\setup\command - "" = F:\setup.exe
O33 - MountPoints2\{f0a02d4f-51cd-11e1-a83f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f0a02d4f-51cd-11e1-a83f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{f0a02d50-51cd-11e1-a83f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f0a02d50-51cd-11e1-a83f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\launcher.exe
O33 - MountPoints2\{f0a02d51-51cd-11e1-a83f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f0a02d51-51cd-11e1-a83f-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{f0a02d52-51cd-11e1-a83f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f0a02d52-51cd-11e1-a83f-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.04 22:52:30 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\Malwarebytes
[2012.07.04 22:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.04 22:51:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.04 22:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.04 22:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.04 20:26:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.07.04 10:40:22 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\Ylariv
[2012.07.04 05:44:36 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\Help
[2012.07.04 05:37:22 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\TeamViewer
[2012.06.27 17:24:40 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\BitTorrent
[2012.06.27 17:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.06.27 17:20:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SProtector
[2012.06.27 17:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\GadgetBox
[2012.06.27 17:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GadgetBox
[2012.06.27 17:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\OptimizerPro
[2012.06.27 17:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ADDICT-THING
[2012.06.27 16:33:41 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.06.27 16:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.06.27 14:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012.06.26 16:07:30 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Local\Ubisoft Game Launcher
[2012.06.26 15:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012.06.26 15:56:24 | 000,000,000 | ---D | C] -- C:\Users\mustermann\Documents\Assassin's Creed Revelations
[2012.06.26 15:34:41 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\InstallShield
[2012.06.26 15:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.06.26 15:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2012.06.26 15:21:24 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\PunkBuster
[2012.06.26 15:06:06 | 000,000,000 | ---D | C] -- C:\Users\mustermann\Documents\LucasArts
[2012.06.26 15:06:06 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Local\LucasArts
[2012.06.26 14:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2012.06.26 02:08:19 | 000,117,368 | ---- | C] (Bitdefender) -- C:\Windows\SysNative\bdprovider.dll
[2012.06.26 00:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013 BETA
[2012.06.26 00:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012.06.26 00:58:07 | 000,076,944 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys
[2012.06.26 00:58:06 | 000,090,192 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\BdfNdisf6.sys
[2012.06.26 00:58:06 | 000,079,952 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2012.06.26 00:58:03 | 000,545,064 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2012.06.26 00:58:03 | 000,258,736 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2012.06.26 00:58:02 | 000,691,896 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2012.06.26 00:57:42 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\Bitdefender
[2012.06.26 00:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2012.06.26 00:56:47 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\QuickScan
[2012.06.26 00:56:36 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012.06.26 00:56:36 | 000,138,232 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys
[2012.06.26 00:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012.06.26 00:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012.06.25 10:14:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.06.22 21:27:20 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.06.22 21:23:17 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\Uvnuy
[2012.06.22 21:23:17 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\Nyofzo
[2012.06.22 21:23:17 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\Axax
[2012.06.22 09:06:16 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\5041
[2012.06.21 12:39:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.06.12 15:02:53 | 000,000,000 | ---D | C] -- C:\Users\mustermann\Desktop\01717506705 mustermann nr
[2012.06.11 00:34:05 | 000,000,000 | ---D | C] -- C:\Users\mustermann\Desktop\ABI FESTIVAL 2012
[2012.06.07 12:43:56 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\UAs
[2012.06.06 10:19:43 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\xmldm
[2012.06.06 02:21:43 | 000,000,000 | ---D | C] -- C:\Users\mustermann\AppData\Roaming\kock
[2011.07.24 06:29:04 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\mustermann\AppData\Roaming\Minecraft Beta 1.7.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\mustermann\AppData\Roaming\*.tmp files -> C:\Users\mustermann\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.05 00:21:44 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 00:21:44 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 00:16:57 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.05 00:16:57 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012.07.05 00:16:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.05 00:16:26 | 2145,558,527 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.05 00:15:25 | 000,000,020 | ---- | M] () -- C:\Users\mustermann\defogger_reenable
[2012.07.05 00:05:33 | 000,001,877 | ---- | M] () -- C:\Users\mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.04 23:53:08 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.04 23:28:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.04 22:52:08 | 001,498,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.04 22:52:08 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.04 22:52:08 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.04 22:52:08 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.04 22:52:08 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.04 22:51:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.04 10:40:53 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.04 05:40:33 | 000,000,040 | ---- | M] () -- C:\ProgramData\juygeoddmjbclbl
[2012.06.27 14:38:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.27 14:37:55 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.27 14:37:55 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.27 14:04:06 | 000,000,676 | ---- | M] () -- C:\Users\Public\Desktop\Rage.lnk
[2012.06.26 02:08:19 | 000,117,368 | ---- | M] (Bitdefender) -- C:\Windows\SysNative\bdprovider.dll
[2012.06.26 01:58:41 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2012.06.26 01:01:21 | 000,379,505 | ---- | M] () -- C:\ProgramData\1340664994.bdinstall.bin
[2012.06.26 00:58:39 | 000,253,404 | ---- | M] () -- C:\bdr-ld01
[2012.06.26 00:58:39 | 000,009,216 | ---- | M] () -- C:\bdr-ld01.mbr
[2012.06.26 00:58:39 | 000,000,411 | ---- | M] () -- C:\bdr-cf01
[2012.06.26 00:58:20 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2012.06.26 00:58:20 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2013 BETA.lnk
[2012.06.26 00:58:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012.06.26 00:14:57 | 000,000,034 | ---- | M] () -- C:\Users\mustermann\AppData\Roaming\blckdom.res
[2012.06.25 23:52:20 | 000,295,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.20 09:29:11 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\mustermann\AppData\Roaming\*.tmp files -> C:\Users\mustermann\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.05 00:15:24 | 000,000,020 | ---- | C] () -- C:\Users\mustermann\defogger_reenable
[2012.07.04 22:51:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.04 10:40:14 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.07.04 10:40:14 | 000,001,877 | ---- | C] () -- C:\Users\mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.04 05:40:33 | 000,000,040 | ---- | C] () -- C:\ProgramData\juygeoddmjbclbl
[2012.06.30 20:20:51 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{6c452b58-bca7-49d2-4508-b1e911ac0900}\U\00000001.@
[2012.06.30 18:51:25 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{6c452b58-bca7-49d2-4508-b1e911ac0900}\U\80000000.@
[2012.06.27 14:04:06 | 000,000,676 | ---- | C] () -- C:\Users\Public\Desktop\Rage.lnk
[2012.06.26 01:58:41 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2012.06.26 01:01:21 | 000,379,505 | ---- | C] () -- C:\ProgramData\1340664994.bdinstall.bin
[2012.06.26 00:58:39 | 000,000,411 | ---- | C] () -- C:\bdr-cf01
[2012.06.26 00:58:20 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2012.06.26 00:58:20 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2013 BETA.lnk
[2012.06.26 00:58:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012.06.26 00:57:41 | 037,058,569 | ---- | C] () -- C:\bdr-im01.gz
[2012.06.26 00:57:41 | 002,510,608 | ---- | C] () -- C:\bdr-bz01
[2012.06.26 00:57:41 | 000,253,404 | ---- | C] () -- C:\bdr-ld01
[2012.06.26 00:57:41 | 000,009,216 | ---- | C] () -- C:\bdr-ld01.mbr
[2012.06.23 10:57:39 | 000,000,034 | ---- | C] () -- C:\Users\mustermann\AppData\Roaming\blckdom.res
[2012.06.21 12:39:11 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.01.21 16:23:35 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.21 16:23:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.01.12 00:48:51 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{6c452b58-bca7-49d2-4508-b1e911ac0900}\@
[2012.01.12 00:48:51 | 000,002,048 | -HS- | C] () -- C:\Users\mustermann\AppData\Local\{6c452b58-bca7-49d2-4508-b1e911ac0900}\@
[2011.07.30 17:44:57 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.28 19:32:09 | 000,007,625 | ---- | C] () -- C:\Users\mustermann\AppData\Local\resmon.resmoncfg
[2011.07.26 21:06:28 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll
[2011.07.23 19:21:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.23 19:19:48 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.23 19:16:03 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.07.23 18:58:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== LOP Check ==========

[2012.05.29 06:14:24 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\.minecraft
[2012.06.22 09:06:16 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\5041
[2012.06.14 13:45:36 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\7ED80
[2011.10.29 16:39:19 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\801A0
[2012.06.26 01:19:24 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Axax
[2012.02.22 03:43:52 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Babylon
[2012.06.26 00:57:42 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Bitdefender
[2012.06.27 18:29:20 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\BitTorrent
[2011.07.29 00:22:10 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Broken Rules
[2011.07.30 23:02:52 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Crayon Physics Deluxe
[2012.02.06 16:03:07 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\DAEMON Tools Lite
[2012.02.22 23:34:34 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\DDMSettings
[2011.07.26 21:06:36 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\dll-files.com
[2011.12.21 01:24:25 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\facemoods.com
[2011.11.19 15:56:41 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\FinalMediaPlayer
[2012.04.09 14:12:53 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Firefly Studios
[2012.07.04 21:01:23 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Gutscheinmieze
[2012.07.05 00:17:01 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\ICQ
[2011.10.16 01:29:44 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\instplugin
[2011.08.28 19:53:02 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Kalypso Media
[2012.06.06 02:21:43 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\kock
[2011.07.29 14:54:09 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Lazy 8 Studios
[2011.07.24 06:33:00 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\minecraft2
[2012.06.22 21:23:17 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Nyofzo
[2011.08.15 13:50:11 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\OpenCandy
[2011.08.31 21:48:03 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\OpenOffice.org
[2011.07.23 20:32:28 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Opera
[2011.12.21 01:24:29 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\PriceGong
[2012.06.26 15:21:24 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\PunkBuster
[2012.06.26 00:56:47 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\QuickScan
[2011.08.03 19:03:02 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Simfy
[2011.07.25 02:39:52 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Soldat
[2011.07.23 18:59:58 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Splashtop
[2012.07.04 05:37:22 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\TeamViewer
[2012.06.26 01:46:34 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\toolplugin
[2012.07.02 22:30:32 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Tropico 4
[2011.08.27 23:06:17 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Tropico 4 Demo
[2012.06.25 14:25:42 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\UAs
[2012.06.26 15:44:04 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Ubisoft
[2012.05.16 00:16:52 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Usenet.nl
[2012.06.22 21:44:17 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Uvnuy
[2012.06.25 14:25:44 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\xmldm
[2012.07.04 10:40:22 | 000,000,000 | ---D | M] -- C:\Users\mustermann\AppData\Roaming\Ylariv
[2011.07.27 16:26:34 | 000,000,272 | ---- | M] () -- C:\Windows\Tasks\DLL-files.com Fixer_MONTHLY.job
[2012.06.20 09:29:11 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job
[2012.07.05 00:16:57 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2012.05.17 20:57:28 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Extra : OTL Extras logfile created on: 05.07.2012 00:18:07 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = J:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,61 Gb Available Physical Memory | 82,67% Memory free
8,99 Gb Paging File | 7,39 Gb Available in Paging File | 82,24% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 9,05 Gb Free Space | 18,54% Space Free | Partition Type: NTFS
Drive D: | 649,71 Gb Total Space | 115,59 Gb Free Space | 17,79% Space Free | Partition Type: NTFS
Drive J: | 3,76 Gb Total Space | 3,74 Gb Free Space | 99,53% Space Free | Partition Type: FAT32

Computer Name: mustermann-PC | User Name: mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E54149DA-A6E8-196D-39A8-7EA1871A6813}" = ATI Catalyst Install Manager
"{EEB9326A-7D04-C212-CEAC-C23B462A21B0}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFE5D416-929F-9ECE-6D2B-9F730A39912A}" = ccc-utility64
"Bitdefender" = Bitdefender Total Security 2013 BETA
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.01 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{364E7BAD-E60B-F258-4399-6B38CF25D830}" = Catalyst Control Center InstallProxy
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{418D77E2-7B60-48F8-B016-30A32699EE74}" = Splashtop Connect IE
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1
"{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}" = Splashtop Connect for Firefox
"{46CF6A90-7EFB-47E3-9B14-FBCEFA9F9982}" = Catalyst Control Center - Branding
"{4980B2BC-4EEF-CF73-5FA3-C1695A70A96E}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}" = ICQ Sparberater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{72317981-CEA7-4D57-AB27-9FEE75AA9060}_is1" = CoH Desert Map Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DEED23-D439-86F5-567A-350D579F608D}" = ccc-core-static
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8E6A3B40-DCE3-47D9-835B-FE1AD9C083D0}" = Crazy Machines
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{F02DF394-6584-BA78-7191-9DDAF68C14CB}" = CCC Help German
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B034EF-7F81-4E7A-8D70-BBC0185D5701}_is1" = CoH SGAMappack
"{FD68FE06-184B-19E8-2B94-94A8BB8CAE6F}" = Catalyst Control Center Localization All
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE67075F-48D5-42A8-863C-3FA7C5651BE1}" = Anno 1701 Demo
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BitTorrent" = BitTorrent
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"FinalMediaPlayer_is1" = Final Media Player 2011
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Opera 12.00.1467" = Opera 12.00
"Phun_is1" = Algodoo Phun edition v5.28
"PunkBusterSvc" = PunkBuster Services
"Rage_is1" = Rage
"Simfy" = simfy
"sPlan_70_Demo_is1" = sPlan 7.0 (Demo)
"SProtector" = SProtector
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 107900" = War Inc. Battlezone
"Steam App 18700" = And Yet It Moves
"Steam App 201310" = X3: Albion Prelude
"Steam App 22350" = Brink
"Steam App 26500" = Cogs
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 2820" = X3: Terran Conflict
"Steam App 30" = Day of Defeat
"Steam App 40" = Deathmatch Classic
"Steam App 41100" = Hammerfight
"Steam App 60" = Ricochet
"Steam App 70000" = Dino D-Day
"Steam App 70300" = VVVVVV
"Steam App 80" = Counter-Strike: Condition Zero
"Wiggles" = Wiggles
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"NetAssistant 3.8.3" = Freeze.com NetAssistant
"Tropico 4" = Tropico 4 1.00

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16.03.2012 13:57:17 | Computer Name = mustermann-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error - 16.03.2012 20:14:49 | Computer Name = mustermann-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\SoftonicDownloader_fuer_anno-1701.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 16.03.2012 20:14:49 | Computer Name = mustermann-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\SoftonicDownloader_fuer_anno-1404.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 17.03.2012 09:09:27 | Computer Name = mustermann-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\SoftonicDownloader_fuer_anno-1701.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 17.03.2012 09:09:27 | Computer Name = mustermann-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\SoftonicDownloader_fuer_anno-1404.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 17.03.2012 15:29:15 | Computer Name = mustermann-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\SoftonicDownloader_fuer_anno-1701.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 17.03.2012 15:29:15 | Computer Name = mustermann-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\SoftonicDownloader_fuer_anno-1404.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 18.03.2012 10:19:14 | Computer Name = mustermann-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error - 18.03.2012 14:26:20 | Computer Name = mustermann-PC | Source = Windows Backup | ID = 4104
Description =

Error - 18.03.2012 14:57:13 | Computer Name = mustermann-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\SoftonicDownloader_fuer_anno-1701.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 18.03.2012 14:57:14 | Computer Name = mustermann-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\SoftonicDownloader_fuer_anno-1404.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

[ Media Center Events ]
Error - 27.05.2012 23:41:57 | Computer Name = mustermann-PC | Source = MCUpdate | ID = 0
Description = 05:41:57 - Fehler beim Herstellen der Internetverbindung. 05:41:57
- Serververbindung konnte nicht hergestellt werden..

Error - 27.05.2012 23:42:34 | Computer Name = mustermann-PC | Source = MCUpdate | ID = 0
Description = 05:42:22 - MCEClientUX konnte nicht abgerufen werden (Fehler: Der
Remotename konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')

[ System Events ]
Error - 04.07.2012 14:30:36 | Computer Name = mustermann-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 04.07.2012 14:33:13 | Computer Name = mustermann-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?07.?2012 um 20:32:04 unerwartet heruntergefahren.

Error - 04.07.2012 14:33:23 | Computer Name = mustermann-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHlpa64

Error - 04.07.2012 14:42:48 | Computer Name = mustermann-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?07.?2012 um 20:40:59 unerwartet heruntergefahren.

Error - 04.07.2012 14:42:58 | Computer Name = mustermann-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHlpa64

Error - 04.07.2012 14:57:24 | Computer Name = mustermann-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Bitdefender Virus Shield" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.

Error - 04.07.2012 17:00:51 | Computer Name = mustermann-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHlpa64

Error - 04.07.2012 18:00:21 | Computer Name = mustermann-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHlpa64

Error - 04.07.2012 18:09:51 | Computer Name = mustermann-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHlpa64

Error - 04.07.2012 18:16:45 | Computer Name = mustermann-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHlpa64


< End of report >

Alt 05.07.2012, 16:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon - Standard

0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon


Ohne die Logs von Malwarebytes und Co wird das hier nichts.
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________

__________________
Alt 07.07.2012, 17:26   #3
Chap0Club
 
0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon - Standard

0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.02

Windows 7 Service Pack 1 x64 FAT32
Internet Explorer 9.0.8112.16421
Peter :: PETER-PC [Administrator]

Schutz: Aktiviert

04.07.2012 22:52:51
mbam-log-2012-07-04 (22-57-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213294
Laufzeit: 2 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Peter\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Keine Aktion durchgeführt.

Infizierte Dateien: 4
C:\ProgramData\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
C:\Users\Peter\AppData\Roaming\Macromedia\{59F91D9C-46B8-4E2D-8F49-F449DD79B230}\Validator.exe (Trojan.BTSoft.Gen) -> Keine Aktion durchgeführt.
C:\Users\Peter\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{6c452b58-bca7-49d2-4508-b1e911ac0900}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.02

Windows 7 Service Pack 1 x64 FAT32
Internet Explorer 9.0.8112.16421
Peter :: PETER-PC [Administrator]

Schutz: Aktiviert

04.07.2012 22:52:51
mbam-log-2012-07-04 (22-52-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213294
Laufzeit: 2 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Peter\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\ProgramData\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
C:\Users\Peter\AppData\Roaming\Macromedia\{59F91D9C-46B8-4E2D-8F49-F449DD79B230}\Validator.exe (Trojan.BTSoft.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{6c452b58-bca7-49d2-4508-b1e911ac0900}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Peter :: PETER-PC [Administrator]

Schutz: Aktiviert

04.07.2012 23:03:24
mbam-log-2012-07-04 (23-03-24).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 550687
Laufzeit: 53 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC classic (Trojan.FakeVLC) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\ProgramData\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Vlcclassic\Uninstall.exe (Trojan.FakeVLC) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter\Desktop\sonstige\FlvPlayerSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\SoftonicDownloader_fuer_anno-1404.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\SoftonicDownloader_fuer_anno-1701.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________
Alt 09.07.2012, 11:09   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon - Standard

0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon


Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu 0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon
adobe, autorun, bho, browser, defender, error, fehler, firefox, flash player, format, gadgetbox, google earth, homepage, iexplore.exe, install.exe, langs, object, plug-in, realtek, registry, required, richtlinie, rundll, scan, searchscopes, server, software, taskmanager, temp, trojaner, virus, windows


« Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu | GVU-Trojaner »


Ähnliche Themen: 0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon


  1. Fehlermeldung RunDLL C:\.....\User\Appdata\Roaming\HomeTab\TBUpdater.DLL
    Plagegeister aller Art und deren Bekämpfung - 03.01.2015 (20)
  2. C:\Users\name\AppData\Roaming\Microsoft\Windows\Recent\wmpnetwk.dll - nicht gefunden
    Log-Analyse und Auswertung - 14.09.2014 (13)
  3. Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe"
    Log-Analyse und Auswertung - 05.06.2013 (10)
  4. [Sophos] Troj/Zbot-Dhn // C:\User\*Name*\AppData\Roaming\execue.exe
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (9)
  5. Polizeitrojaner ...Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen)
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (11)
  6. BDS/Delf.MN.19 in C:\Users\admin\AppData\Roaming\Microsoft\Windows\unicode2.nls und weitere...
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (2)
  7. tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (20)
  8. RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls
    Log-Analyse und Auswertung - 10.12.2012 (1)
  9. Malewarebytes Fund Trojan.Ransom.Gen c:\..\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup\ctfmon.Ink und Hijack.Shell.Gen
    Log-Analyse und Auswertung - 01.11.2012 (8)
  10. BKA-Trojaner - ..\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen)
    Log-Analyse und Auswertung - 14.09.2012 (9)
  11. Malwarebytes findet ctfmon.lnk im Startup-Ordner
    Log-Analyse und Auswertung - 14.08.2012 (15)
  12. Trojan.Ransom.Gen in …\Start Menu\Programs\Startup\ctfmon.lnk
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (19)
  13. ctfmon.lnk (Trojan.Ranson.Gen) in User Startup (lt. Malwarebytes), vorher BR/RevetonBX.A.1
    Log-Analyse und Auswertung - 05.08.2012 (10)
  14. TR/Offend.kdv.495935 | C:\Users\****\AppData\Roaming\Microsoft\Windows\Templates\audiodi.exe
    Log-Analyse und Auswertung - 19.02.2012 (1)
  15. AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL
    Plagegeister aller Art und deren Bekämpfung - 31.05.2011 (9)
  16. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)
  17. C:\User\msi\AppData\Roaming\UUSoQLdiE9hE.exe
    Plagegeister aller Art und deren Bekämpfung - 20.11.2010 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema 0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon - Hey brauche Hilfe, hab Virus oder Trojaner, mein taskmanager hat nicht funktioniert und es kamm ein "störbildschirm" immer nach kurzer zeit wenn ich irgendwas am pc gemacht habe, jetzt hab - 0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon...
Archiv
Du betrachtest: 0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131