Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei

Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei


Plagegeister aller Art und deren Bekämpfung: Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 17.07.2012, 17:57   #1
halloworld
 
Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei - Standard

Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei


könnt ihr euch mal den log ansehen ob irgendwas nicht ok ist?

danke im vorraus

erstellt mit otl.exe

otl.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.07.2012 18:47:59 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\trancer\Downloads
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,73% Memory free
5,99 Gb Paging File | 4,57 Gb Available in Paging File | 76,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 162,32 Gb Total Space | 23,77 Gb Free Space | 14,65% Space Free | Partition Type: NTFS
Drive E: | 303,34 Gb Total Space | 85,83 Gb Free Space | 28,29% Space Free | Partition Type: NTFS
Drive F: | 48,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 2,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TRANCER-PC | User Name: trancer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\trancer\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGJE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\Installer\MSI4A8.tmp ()
PRC - C:\Programme\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HyperDeskCustomThemeEnabler) -- C:\Windows\Installer\MSI4A8.tmp ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Programme\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (catchme) -- C:\Users\trancer\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (vstor2-mntapi10-shared) Vstor2 MntApi 1.0 Driver (shared) -- C:\Windows\System32\drivers\vstor2-mntapi10-shared.sys (VMware, Inc.)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 6A 9D E5 19 61 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012.07.13 19:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.13 19:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.13 17:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trancer\AppData\Roaming\mozilla\Extensions
[2012.07.14 14:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trancer\AppData\Roaming\mozilla\Firefox\Profiles\31uxaeqv.default\extensions
[2012.07.14 14:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trancer\AppData\Roaming\mozilla\Firefox\Profiles\31uxaeqv.default\extensions\staged
[2012.07.17 18:19:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trancer\AppData\Roaming\mozilla\Firefox\Profiles\bp19d5zo.default\extensions
[2012.07.14 14:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.13 22:47:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.14 14:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - Extension: YouTube = C:\Users\trancer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\trancer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\trancer\AppData\Local\Apps\2.0\35Q8LEAK.MRY\KB481W7G.B5W\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Programme\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBEF4F6B-4277-469E-84E1-569596CE249C}: NameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O22 - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Programme\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.07.15 15:21:16 | 000,000,000 | ---D | M] - C:\auto -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.05.16 19:53:32 | 000,000,000 | ---D | M] - E:\autobilder -- [ NTFS ]
O32 - AutoRun File - [2010.11.21 02:25:07 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.17 18:31:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.17 18:25:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.17 18:25:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.17 18:25:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.17 18:24:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.17 18:23:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.17 18:12:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.07.17 18:12:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.07.17 18:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.07.17 18:02:21 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\SUPERAntiSpyware.com
[2012.07.17 18:02:18 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Google
[2012.07.17 18:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.07.17 18:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.07.17 18:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.07.17 18:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.07.17 17:55:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.17 17:55:07 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Malwarebytes
[2012.07.17 17:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.17 17:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.17 17:54:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.17 17:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.17 13:16:44 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Wireshark
[2012.07.17 13:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.07.17 13:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012.07.17 13:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012.07.17 11:23:07 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2012.07.17 11:23:03 | 000,063,488 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BGJE.DLL
[2012.07.17 11:22:16 | 000,341,504 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esw2ud.dll
[2012.07.17 11:22:16 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esdevapp.exe
[2012.07.17 11:22:16 | 000,012,800 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\escdev.dll
[2012.07.17 11:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012.07.17 11:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012.07.17 11:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012.07.17 11:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012.07.17 11:16:41 | 000,093,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBGJE.DLL
[2012.07.17 11:12:50 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2012.07.17 11:12:49 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2012.07.17 11:12:49 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2012.07.17 11:12:30 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Apps
[2012.07.17 11:12:29 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Deployment
[2012.07.17 08:44:59 | 000,000,000 | ---D | C] -- C:\d3
[2012.07.16 20:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.07.16 13:41:42 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\VMware
[2012.07.16 13:41:41 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\VMware
[2012.07.16 13:34:37 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
[2012.07.16 13:34:32 | 000,433,264 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
[2012.07.16 13:34:32 | 000,025,712 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys
[2012.07.16 13:34:28 | 000,783,472 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll
[2012.07.16 13:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012.07.16 13:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2012.07.16 13:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2012.07.16 13:34:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
[2012.07.16 13:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012.07.16 13:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012.07.16 13:11:13 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\uTorrent
[2012.07.15 15:32:12 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.07.15 15:30:24 | 000,000,000 | ---D | C] -- C:\Cryptload1.1.8
[2012.07.14 23:29:26 | 000,851,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinUSBCoInstaller2.dll
[2012.07.14 23:16:10 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2012.07.14 23:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 7.1
[2012.07.14 23:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\MiniTool Partition Wizard Home Edition 7.1
[2012.07.14 23:10:07 | 000,000,000 | ---D | C] -- C:\nadja
[2012.07.14 22:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD2 Toolkit
[2012.07.14 22:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\HD2 Toolkit
[2012.07.14 14:51:28 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Optimizer Pro
[2012.07.14 14:49:05 | 000,000,000 | ---D | C] -- C:\m3u
[2012.07.14 14:45:35 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Diagnostics
[2012.07.14 14:45:06 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Folders
[2012.07.14 14:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Folders
[2012.07.14 14:41:26 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playlist Creator 3.6.2
[2012.07.14 14:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Playlist Creator 3.6.2
[2012.07.14 14:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012.07.14 14:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2012.07.14 14:41:16 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\convert
[2012.07.14 12:35:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.14 12:35:23 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.14 12:35:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.14 12:35:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.14 12:35:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.14 12:35:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.14 12:35:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.14 12:35:00 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.14 12:34:55 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012.07.14 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Skinux
[2012.07.14 11:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Skins Factory
[2012.07.14 11:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\The Skins Factory
[2012.07.14 11:17:19 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Foxit Software
[2012.07.14 11:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012.07.14 11:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012.07.14 10:54:58 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012.07.14 10:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.07.14 10:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012.07.14 10:52:47 | 000,000,000 | ---D | C] -- C:\auto
[2012.07.14 10:01:57 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.14 10:01:25 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.14 10:01:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.14 09:13:37 | 000,000,000 | ---D | C] -- C:\glcd
[2012.07.13 23:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Sound Changer
[2012.07.13 23:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Sound Changer
[2012.07.13 23:11:26 | 000,000,000 | ---D | C] -- C:\Windows\BACKUPSSS
[2012.07.13 22:47:47 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Skype
[2012.07.13 22:47:40 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.07.13 22:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.13 22:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.07.13 22:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.07.13 21:14:44 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012.07.13 21:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012.07.13 21:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\QuickPar
[2012.07.13 21:12:38 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_edit_w7sbc.exe
[2012.07.13 21:12:38 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_backup_w7sbc.exe
[2012.07.13 21:12:38 | 000,000,000 | ---D | C] -- C:\Windows\W7SBC
[2012.07.13 19:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012.07.13 19:32:29 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Yahoo!
[2012.07.13 19:32:26 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.13 19:32:26 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.13 19:32:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012.07.13 19:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012.07.13 19:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012.07.13 19:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012.07.13 19:26:45 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Avira
[2012.07.13 19:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.13 19:21:07 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.13 19:21:07 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.13 19:21:07 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.07.13 19:21:07 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.07.13 19:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.13 19:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.07.13 19:18:07 | 000,028,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll
[2012.07.13 19:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.07.13 19:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.07.13 19:15:59 | 000,231,760 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012.07.13 19:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2012.07.13 19:14:34 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.13 19:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.13 19:09:47 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.07.13 19:09:47 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.07.13 19:09:42 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.07.13 19:09:42 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.07.13 19:09:42 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.07.13 19:09:36 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.07.13 19:09:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.07.13 19:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012.07.13 19:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.07.13 19:06:30 | 000,000,000 | R--D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.07.13 19:06:30 | 000,000,000 | R--D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.07.13 18:54:26 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.07.13 18:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.07.13 18:52:59 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\TrueCrypt
[2012.07.13 18:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2012.07.13 18:48:52 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Macromedia
[2012.07.13 18:48:52 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Macromedia
[2012.07.13 18:48:52 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Adobe
[2012.07.13 18:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\Theme Resource Changer
[2012.07.13 18:41:43 | 000,000,000 | ---D | C] -- C:\themes
[2012.07.13 18:41:30 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\WinRAR
[2012.07.13 18:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.07.13 18:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012.07.13 18:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012.07.13 18:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\F-Secure
[2012.07.13 18:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.07.13 18:24:13 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.07.13 18:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\G DATA Software
[2012.07.13 18:24:00 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\InstallShield
[2012.07.13 18:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012.07.13 18:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\G Data
[2012.07.13 18:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2012.07.13 18:01:13 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Downloaded Installations
[2012.07.13 17:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2012.07.13 17:45:25 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Mozilla
[2012.07.13 17:45:25 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Mozilla
[2012.07.13 17:45:01 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\RoboForm
[2012.07.13 17:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2012.07.13 17:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2012.07.13 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\trancer\Documents\My RoboForm Data
[2012.07.13 17:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.13 17:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.07.13 17:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2012.07.13 17:40:48 | 000,000,000 | R--D | C] -- C:\Users\trancer\Searches
[2012.07.13 17:40:34 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Identities
[2012.07.13 17:40:33 | 000,000,000 | R--D | C] -- C:\Users\trancer\Contacts
[2012.07.13 17:40:27 | 000,000,000 | --SD | C] -- C:\Users\trancer\AppData\Roaming\Microsoft
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Videos
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Saved Games
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Pictures
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Music
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Links
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Favorites
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Downloads
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Documents
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Desktop
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Vorlagen
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\AppData\Local\Verlauf
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\AppData\Local\Temporary Internet Files
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Startmenü
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\SendTo
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Recent
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Netzwerkumgebung
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Lokale Einstellungen
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Documents\Eigene Videos
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Documents\Eigene Musik
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Eigene Dateien
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Documents\Eigene Bilder
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Druckumgebung
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Cookies
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\AppData\Local\Anwendungsdaten
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Anwendungsdaten
[2012.07.13 17:40:27 | 000,000,000 | -H-D | C] -- C:\Users\trancer\AppData
[2012.07.13 17:40:27 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\VirtualStore
[2012.07.13 17:40:27 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Temp
[2012.07.13 17:40:27 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Microsoft
[2012.07.13 17:40:27 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Media Center Programs
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.07.13 17:40:14 | 000,000,000 | ---D | C] -- C:\Recovery
[2012.07.13 17:40:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.07.13 17:36:08 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012.07.13 17:35:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.17 18:33:55 | 000,019,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 18:33:55 | 000,019,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 18:32:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 18:26:34 | 000,656,612 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.17 18:26:34 | 000,618,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.17 18:26:34 | 000,131,010 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.17 18:26:34 | 000,107,400 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.17 18:21:41 | 000,001,434 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.07.17 18:21:13 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 18:21:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 18:20:57 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.17 18:14:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 18:03:18 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.17 18:02:15 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.17 18:02:06 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.17 17:54:58 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 11:22:16 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.07.17 11:21:34 | 000,063,488 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BGJE.DLL
[2012.07.17 11:21:34 | 000,008,192 | ---- | M] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2012.07.17 11:12:43 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2012.07.17 11:12:42 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2012.07.16 13:34:22 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012.07.16 13:34:16 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2012.07.16 13:11:46 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.07.16 08:35:09 | 1535,209,472 | ---- | M] () -- C:\Users\trancer\Documents\mondorescue1672012-1.iso
[2012.07.14 23:16:23 | 000,000,600 | ---- | M] () -- C:\Users\trancer\AppData\Roaming\winscp.rnd
[2012.07.14 23:12:23 | 000,001,244 | ---- | M] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
[2012.07.14 23:03:20 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\HD2 Toolkit.lnk
[2012.07.14 22:21:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_androidusb_01009.Wdf
[2012.07.14 20:59:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012.07.14 14:44:28 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.07.14 14:41:30 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.14 14:41:19 | 000,001,024 | ---- | M] () -- C:\Users\trancer\Desktop\Optimizer Pro.lnk
[2012.07.14 12:38:46 | 000,356,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.14 12:18:48 | 000,002,385 | ---- | M] () -- C:\Users\Public\Desktop\Hyperdesk - DarkMatter Solar Flare.lnk
[2012.07.14 12:16:57 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Hyperdesk - Star Trek TOS.lnk
[2012.07.14 12:15:20 | 000,002,315 | ---- | M] () -- C:\Users\Public\Desktop\Hyperdesk - Flagship.lnk
[2012.07.14 11:55:40 | 000,002,370 | ---- | M] () -- C:\Users\Public\Desktop\Hyperdesk - DarkMatter Subspace.lnk
[2012.07.14 11:17:11 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.07.14 10:54:26 | 000,001,071 | ---- | M] () -- C:\Users\trancer\Desktop\Sandboxed Web Browser.lnk
[2012.07.13 23:13:46 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Startup Sound Changer.lnk
[2012.07.13 23:12:50 | 004,658,750 | ---- | M] () -- C:\Windows\Fusion_S.scr
[2012.07.13 23:12:50 | 000,345,777 | ---- | M] () -- C:\Windows\uninstall Fusion_S.exe
[2012.07.13 22:47:40 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.13 22:04:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.13 22:04:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.13 21:14:44 | 000,000,969 | ---- | M] () -- C:\Users\trancer\Desktop\QuickPar.lnk
[2012.07.13 19:32:20 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012.07.13 19:21:19 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.13 19:18:10 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.07.13 19:16:02 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012.07.13 19:15:59 | 000,231,760 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012.07.13 19:15:18 | 000,001,799 | ---- | M] () -- C:\Users\trancer\Desktop\WinSCP.lnk
[2012.07.13 19:08:11 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.07.13 19:07:33 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.13 17:38:08 | 000,000,771 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012.07.13 17:36:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.17 18:25:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.17 18:25:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.17 18:25:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.17 18:25:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.17 18:25:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.17 18:03:18 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.17 18:02:24 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 18:02:24 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 18:02:15 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.17 17:54:58 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 13:12:07 | 000,001,704 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012.07.17 11:22:16 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.07.16 13:34:22 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012.07.16 13:34:16 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2012.07.16 13:11:46 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.07.16 12:48:24 | 1535,209,472 | ---- | C] () -- C:\Users\trancer\Documents\mondorescue1672012-1.iso
[2012.07.14 23:16:38 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012.07.14 23:12:38 | 000,922,184 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2012.07.14 23:12:38 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2012.07.14 23:12:37 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2012.07.14 23:12:23 | 000,001,244 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
[2012.07.14 22:56:57 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\HD2 Toolkit.lnk
[2012.07.14 22:21:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_androidusb_01009.Wdf
[2012.07.14 20:59:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012.07.14 14:44:28 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.07.14 14:41:29 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.14 14:41:19 | 000,001,024 | ---- | C] () -- C:\Users\trancer\Desktop\Optimizer Pro.lnk
[2012.07.14 12:18:48 | 000,002,385 | ---- | C] () -- C:\Users\Public\Desktop\Hyperdesk - DarkMatter Solar Flare.lnk
[2012.07.14 12:16:57 | 000,002,340 | ---- | C] () -- C:\Users\Public\Desktop\Hyperdesk - Star Trek TOS.lnk
[2012.07.14 12:15:20 | 000,002,315 | ---- | C] () -- C:\Users\Public\Desktop\Hyperdesk - Flagship.lnk
[2012.07.14 11:55:40 | 000,002,370 | ---- | C] () -- C:\Users\Public\Desktop\Hyperdesk - DarkMatter Subspace.lnk
[2012.07.14 11:17:11 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.07.14 10:54:42 | 000,001,071 | ---- | C] () -- C:\Users\trancer\Desktop\Sandboxed Web Browser.lnk
[2012.07.14 10:54:40 | 000,001,434 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.07.13 23:13:46 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Startup Sound Changer.lnk
[2012.07.13 23:12:50 | 004,658,750 | ---- | C] () -- C:\Windows\Fusion_S.scr
[2012.07.13 23:12:50 | 000,345,777 | ---- | C] () -- C:\Windows\uninstall Fusion_S.exe
[2012.07.13 22:47:40 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.13 21:14:44 | 000,000,969 | ---- | C] () -- C:\Users\trancer\Desktop\QuickPar.lnk
[2012.07.13 19:32:27 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.13 19:32:20 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012.07.13 19:21:19 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.13 19:18:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.13 19:16:02 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012.07.13 19:15:18 | 000,001,799 | ---- | C] () -- C:\Users\trancer\Desktop\WinSCP.lnk
[2012.07.13 19:08:11 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.07.13 19:07:33 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.13 19:07:33 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.13 19:06:32 | 000,002,297 | ---- | C] () -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.07.13 18:49:29 | 000,000,600 | ---- | C] () -- C:\Users\trancer\AppData\Roaming\winscp.rnd
[2012.07.13 17:36:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.07.13 17:35:42 | 2415,321,088 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.21 02:30:51 | 000,656,612 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 02:30:51 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 02:30:51 | 000,131,010 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 02:30:51 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

< End of report >
--- --- ---


extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.07.2012 18:47:59 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\trancer\Downloads
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,73% Memory free
5,99 Gb Paging File | 4,57 Gb Available in Paging File | 76,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 162,32 Gb Total Space | 23,77 Gb Free Space | 14,65% Space Free | Partition Type: NTFS
Drive E: | 303,34 Gb Total Space | 85,83 Gb Free Space | 28,29% Space Free | Partition Type: NTFS
Drive F: | 48,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 2,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TRANCER-PC | User Name: trancer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BD76BA-D62A-47DF-8F72-2FA29731B9AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{05913FC3-5880-4952-B5B9-282370013189}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{06DB9820-DC72-437A-9813-BBD4ED6A7788}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0B5C4F00-2D92-40FE-BE30-6E5564A15875}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{16201CE5-AB63-4673-ADA3-AF117B45F10B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1A03A92A-9C62-41DE-B2BB-2CA7C91048F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1DC4C1CB-686B-4553-A734-69A28E54ABA1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{24F303A4-B0E7-4693-92DF-47AE0212C348}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2BC1A0C5-B761-44FB-9FE5-AF844F475982}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2E546392-CEB2-4413-A564-7948AA053069}" = rport=137 | protocol=17 | dir=out | app=system | 
"{37505A12-FD34-49D5-A545-877CB4B76C36}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4B9EA134-B895-433C-864C-32384D96533B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{74828063-367E-4F04-A747-7421E1ADBB55}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7E60590A-4330-4677-AADD-8D2F23909617}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A2AC84E-EAED-4655-B384-574F7FE2AD48}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{90631884-DC54-4704-8E66-0BB9E05F8B09}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A0A8FFCF-934B-435E-A4AF-93D1CF51FC00}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B60197C8-7AB4-4FE1-997D-D3E52396519F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C7A304B3-C41D-4B8B-8A4E-3B6852D25178}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CD09A485-5022-400A-98AE-28067D169882}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DBC270E6-DF38-4101-991C-6B9D8F371D30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F69E3177-F314-4E91-B730-A3CF3D600BFD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F942B374-C7C6-492C-8EEA-30CA9E0A99ED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A0748B-D033-4281-9E8D-094D76CADEE1}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-hostd.exe | 
"{1B099AB0-160E-4DF8-9980-880AB62A6C37}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1CE172BE-369A-4C42-8A95-47D951E424DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{319109D9-4107-46B3-B637-A23696923E30}" = protocol=17 | dir=in | app=c:\users\trancer\appdata\local\apps\2.0\35q8leak.mry\kb481w7g.b5w\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{47638C62-1602-44D9-8068-8F1795436030}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{52E67D58-5BF2-4FC3-AF92-F822223D04D1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{54969209-544B-408E-B75D-F457D984783A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5903A7C6-4FC7-4AA5-8EAF-94AE76A51044}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{661575E4-39C2-4BA8-BD2B-3877E6F4DA36}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{71450AC1-FDDF-4F10-A89E-DD9AC3C93B9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{748A6C83-DA83-4C65-88DE-5E5C6086D79A}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-hostd.exe | 
"{86801AEC-1E95-48D2-A857-498D75B87797}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8744A947-BC85-468B-B23A-03D5D5DE3D83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88F1C714-4691-452F-80AE-298A8DBD25B2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{8FD13DF5-8A29-466F-BF5E-B5FF885842FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8FFA3ACB-46EF-49C3-A339-A09DB75D2F77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A4659F54-9C34-457B-AA6F-DA89CE863F32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A847B2DE-ACD3-4719-B0B6-D32575B404B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B21F4EF4-9AEA-44AB-9424-46F6BCC34C10}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{B4176977-85F4-4D70-B3C9-E126B7A23D15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B82B9569-45BA-40DB-9887-87EDD56B3F01}" = protocol=6 | dir=out | app=system | 
"{BB8CCD6C-C37E-4951-9DEA-49A3F6323678}" = protocol=6 | dir=in | app=c:\users\trancer\appdata\local\apps\2.0\35q8leak.mry\kb481w7g.b5w\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{CAB7011D-6304-4DFC-B46E-7A6793AA94CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CCFB02BB-3811-40BB-90BB-8BD8E738DC20}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D007911A-8765-4520-9B89-8E9682FF4EC4}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{D3B92A23-256D-49C7-829E-1071D426984F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DD0C7A70-8742-4D23-AEAE-EB304DB62383}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{DE9A9C91-A34C-41CD-B988-8B628A7CEF8E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E1D58AA0-ACDD-460B-9746-A2ED7BBCB60E}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | 
"{F3243BA5-CE20-48ED-8E60-069F7C029C99}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F837017A-84C7-4AE0-8CD6-E0A7491D65E2}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | 
"{FD438D53-79CD-4BA9-84B0-B76E2CC2BB67}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{1209DE8E-19E1-45BD-BDF7-AFC53BEA2A19}" = Hyperdesk - Flagship
"{12EE0B2A-84C6-494E-A7AC-6771E898F6A0}_is1" = HD2 Toolkit Version 4.2
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1D694B58-FEA6-4D60-BB87-BD4A724A0DAE}" = VmciSockets
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20AFAB5E-0631-4A3F-934F-EFC59479A26E}" = Hyperdesk - DarkMatter Subspace
"{239E36CC-B8C6-4580-A55F-D87CEFF1E4BF}" = Hyperdesk - Star Trek TOS
"{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{5CE09320-7745-11D8-B964-00B0D02C43C4}" = MP3 Folders
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCC0865A-F6E3-45E6-A5C8-099BE5AE3247}" = Hyperdesk - DarkMatter Solar Flare
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-7-9-5 (All Users)
"Avira AntiVir Desktop" = Avira Free Antivirus
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Foxit Reader_is1" = Foxit Reader
"Fusion Screensaver" = Fusion Screensaver
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Playlist Creator 3.6.2" = Playlist Creator 3.6.2
"QuickPar" = QuickPar 0.9
"Sandboxie" = Sandboxie 3.72 (32-bit)
"Startup Sound Changer" = Startup Sound Changer
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"VMware_Workstation" = VMware Workstation
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"winscp3_is1" = WinSCP 4.3.8
"Wireshark" = Wireshark 1.8.0 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.07.2012 12:41:55 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.07.2012 12:45:57 | Computer Name = trancer-PC | Source = VSS | ID = 8194
Description = 
 
Error - 13.07.2012 12:46:49 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.07.2012 13:07:36 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.07.2012 15:08:11 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.07.2012 17:10:53 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2012 03:05:56 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2012 04:06:22 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2012 06:40:20 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2012 09:36:00 | Computer Name = trancer-PC | Source = Application Hang | ID = 1002
Description = Programm WinSCP.exe, Version 4.3.8.1771 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 75c    Startzeit: 
01cd61b438b2c560    Endzeit: 8    Anwendungspfad: C:\Program Files\WinSCP\WinSCP.exe    Berichts-ID:
 d7402f91-cdb8-11e1-b680-0021859ed380  
 
[ System Events ]
Error - 13.07.2012 12:13:54 | Computer Name = trancer-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.07.2012 12:18:50 | Computer Name = trancer-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
Error - 13.07.2012 12:40:24 | Computer Name = trancer-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
Error - 13.07.2012 12:45:07 | Computer Name = trancer-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
Error - 13.07.2012 17:08:12 | Computer Name = trancer-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "Z:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
 
< End of report >
--- --- ---


Mbam
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.17.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
trancer :: TRANCER-PC [Administrator]

Schutz: Aktiviert

17.07.2012 19:17:46
mbam-log-2012-07-17 (19-47-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 269835
Laufzeit: 22 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Geändert von halloworld (17.07.2012 um 18:50 Uhr)

 

Themen zu Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei
antivir, application/pdf:, autorun, avira, bho, combofix, desktop, error, excel, firefox, flash player, format, google, helper, heuristiks/extra, heuristiks/shuriken, homepage, installation, langs, logfile, mozilla, mp3, nodrives, optimizer pro, registry, rundll, scan, searchscopes, security, svchost.exe, taskhost.exe, usb, windows


« SMART HDD Schwierigkeiten bei der Entfernung | Bundespolizei Virus auf Laptop (win 7) »


Ähnliche Themen: Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei


  1. unerwünschte Seiten gehen beim surfen auf
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (12)
  2. BKA-Trojaner eingefangen? (3 Log-Dateien anbei)
    Log-Analyse und Auswertung - 28.01.2014 (27)
  3. Windows 7, 64bit - Virus eingefangen; Seiten-interne Links sind grün und doppelt unterstrichen; Pop-ups gehen auf, etc.
    Plagegeister aller Art und deren Bekämpfung - 17.12.2013 (9)
  4. Trojaner eingefangen...Pc langsam geworden, Seiten gehen langsam zu laden
    Plagegeister aller Art und deren Bekämpfung - 16.12.2013 (21)
  5. Virus Bundespolizei eingefangen, OTL und Malware Scan anbei
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (2)
  6. Weiterleitung zu Gomeo u.a., Rechner lahmt, I-Net Verbindung lahmt -> Panik
    Plagegeister aller Art und deren Bekämpfung - 09.02.2011 (1)
  7. Habe mir etwas eingefangen, anbei HIJACK
    Diskussionsforum - 11.05.2010 (1)
  8. Trojaner eingefangen: TR/ATRAPS.G​en Logfile anbei
    Log-Analyse und Auswertung - 10.05.2010 (2)
  9. Internet Seiten gehen nicht auf
    Mülltonne - 13.06.2009 (1)
  10. icq, msn, qip und seiten wie schülervz gehen nicht mehr
    Log-Analyse und Auswertung - 07.01.2009 (14)
  11. werde umverlinkt auf dubiose seiten und internet lahmt extrem
    Log-Analyse und Auswertung - 03.01.2009 (7)
  12. Seiten gehen von aleeine auf
    Mülltonne - 16.11.2008 (0)
  13. Trojaner eingefangen. was nun? escan anbei
    Plagegeister aller Art und deren Bekämpfung - 19.08.2008 (4)
  14. Internetseiten gehen nur manche - escan log anbei ! HILFE !!!!
    Mülltonne - 18.03.2008 (1)
  15. Kein Seiten Aufbau IE7 & Firefox - HJT und Escan Log anbei
    Log-Analyse und Auswertung - 20.02.2008 (25)
  16. Hab Problem mit meinem IE, gehen dauernd Seiten auf.
    Log-Analyse und Auswertung - 05.06.2006 (2)
  17. Was habe ich mir da eingefangen?Log anbei
    Log-Analyse und Auswertung - 04.03.2005 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei - könnt ihr euch mal den log ansehen ob irgendwas nicht ok ist? danke im vorraus erstellt mit otl.exe otl.txt OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: - Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei...

Alle Zeitangaben in WEZ +1. Es ist jetzt 02:22 Uhr.

Kontakt - Trojaner-Board - Archiv - Datenschutzerklärung - Nach oben

Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131