100 Euro Trojaner (msconfig.dat schuldig?)

mschorsch · 25.07.2012, 13:57

Jo Leute surf heute nichtsahnend im Web rum plötzlich kommt ein popup und meinen Computer blockierts einfach so... Anscheinend da ich mir Kinderpornographie und illegale Inhalte angeschaut hätte, was aber vollkommener Schwachsinn ist. Nun soll ich 100€ an ein "STAATSKONTO" überweisen...
Die Frage ist wie bekomm ich den Trojaner von meinem rechner? Ich habs schonmal geschafft dass ich den Prozess einmalig beenden kann aber nicht komplett... Kann mir jemand helfen? Anschließend das Log-File

OTL logfile created on: 25.07.2012 14:44:34 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\T***\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 52,25% Memory free
7,99 Gb Paging File | 5,79 Gb Available in Paging File | 72,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 236,27 Gb Total Space | 34,84 Gb Free Space | 14,75% Space Free | Partition Type: NTFS
Drive D: | 695,24 Gb Total Space | 321,11 Gb Free Space | 46,19% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: T*** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.25 14:43:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\T***\Desktop\OTL.exe
PRC - [2012.07.12 19:16:10 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012.06.27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.06.17 14:43:47 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.08 20:33:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:33:17 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 20:33:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.21 22:04:01 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.26 19:38:52 | 000,525,768 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2012.01.26 19:38:42 | 002,520,504 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
PRC - [2012.01.03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.11.17 07:41:38 | 000,050,176 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\msconfig.dat
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.07.14 03:14:44 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe
PRC - [2009.07.14 03:14:42 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\TSTheme.exe
PRC - [2009.06.05 09:28:49 | 004,833,792 | ---- | M] () -- C:\Program Files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe
PRC - [2009.05.19 16:22:14 | 000,361,472 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Trust\GXT14 Mouse\RapooV1Process.exe
PRC - [2009.05.18 04:37:12 | 000,354,816 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Trust\GXT14 Mouse\GameMouseServiceApp.exe
PRC - [2008.10.21 14:53:44 | 001,650,688 | ---- | M] (Conrad Technology, Corp.) -- C:\Program Files (x86)\Conrad\Common\RaUI.exe
PRC - [2008.05.29 19:22:32 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Trust\GXT14 Mouse\StartAutorun.exe
PRC - [2008.05.13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Conrad\Common\RalinkRegistryWriter.exe

========== Modules (No Company Name) ==========

MOD - [2012.07.25 08:37:15 | 000,130,616 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\13001.029\components\AcroFF029.dll
MOD - [2012.07.24 18:49:05 | 000,006,400 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\BAcroIEHelpe174.dll
MOD - [2012.07.12 19:16:10 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.06.17 14:43:47 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.11.17 07:41:38 | 000,050,176 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\msconfig.dat
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.06.05 09:28:49 | 004,833,792 | ---- | M] () -- C:\Program Files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe
MOD - [2009.03.02 06:45:58 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\Trust\GXT14 Mouse\MouseHook.dll
MOD - [2007.03.29 06:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Trust\GXT14 Mouse\keydll.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.01.17 20:03:54 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.12 19:16:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.29 23:24:28 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.17 14:43:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 20:33:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 20:33:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.21 22:04:01 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.04.03 20:00:12 | 061,913,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2010.04.03 20:00:10 | 000,428,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2010.04.03 20:00:08 | 000,059,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2010.04.03 12:00:10 | 000,146,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.18 04:37:12 | 000,354,816 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files (x86)\Trust\GXT14 Mouse\GameMouseServiceApp.exe -- (KmGameMouseServiceV1)
SRV - [2008.05.13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Conrad\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.08 20:33:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 20:33:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 19:28:48 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.17 20:04:19 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.01.17 20:03:52 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.01.17 20:03:52 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.01.07 16:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010.12.25 13:37:16 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.12.17 13:51:34 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.07 15:02:29 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.09.07 15:02:29 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.09.07 15:02:29 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.09.07 15:02:29 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.07.23 15:21:28 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.07.01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.07.01 11:01:38 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.06.23 18:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.05.24 20:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.05.15 00:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.05.15 00:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.04.27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 17:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010.04.27 10:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 10:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.04.03 11:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010.03.10 04:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.27 06:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.01.28 12:01:36 | 000,385,072 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp3132.sys -- (adp3132)
DRV:64bit: - [2009.12.21 21:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009.07.17 19:24:22 | 000,460,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rt73.sys -- (RT73)
DRV:64bit: - [2009.07.17 01:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009.07.16 13:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.15 12:01:54 | 000,027,664 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MtsHID.sys -- (MtsHID)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.10 17:59:32 | 000,024,576 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RPGMOUSEV1.sys -- (KMWDFILTERV1)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.08 15:44:58 | 000,232,464 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.02.03 17:40:13 | 000,077,432 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01a.sys -- (sfdrv01a)
DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01)
DRV:64bit: - [2008.05.22 18:35:02 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial)
DRV:64bit: - [2008.05.22 18:33:54 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts)
DRV:64bit: - [2008.05.22 18:32:38 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts)
DRV:64bit: - [2008.02.26 18:17:58 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2008.02.20 17:17:44 | 000,124,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPorts.sys -- (SPorts)
DRV:64bit: - [2008.02.20 17:17:22 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPorts.sys -- (PPorts)
DRV:64bit: - [2008.02.20 17:12:56 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISASerial.sys -- (ISASerial)
DRV:64bit: - [2008.02.18 16:57:38 | 000,031,744 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2008.02.06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007.10.12 03:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02)
DRV:64bit: - [2006.07.10 18:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02)
DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2206084

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66022
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14947
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 05 F6 47 31 6A CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {75681723-E244-412E-A0B1-FEA11206B46C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AS-2&o=14944&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=RR&apn_dtid=YYYYYYYYDE&apn_uid=4F1CEC92-56BA-4C06-AC66-A5B3EDE5A111&apn_sauid=34F22B66-DBCB-4806-A6F6-32344D6E37B4
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=66022
IE - HKCU\..\SearchScopes\{4E94ADB6-83AA-4C4D-B44D-F6D09BB023A6}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{75681723-E244-412E-A0B1-FEA11206B46C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKCU\..\SearchScopes\{75DA268F-DB04-4473-88C0-4183516C6FCB}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{A2F3E7AC-D763-4F27-BC02-B9E9B5BD3C8A}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2206084
IE - HKCU\..\SearchScopes\{B1AB8012-A51A-484A-8B0E-C3ACAE4DDE94}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.0.100010
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AS-2&o=14944&locale=de_DE&apn_uid=4F1CEC92-56BA-4C06-AC66-A5B3EDE5A111&apn_ptnrs=RR&apn_sauid=34F22B66-DBCB-4806-A6F6-32344D6E37B4&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\Timo\\AppData\\Local\\Temp\\proxtube.pac"
FF - prefs.js..network.proxy.http: "184.22.134.46"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2011.11.03 18:57:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 14:43:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.17 18:27:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Timo\AppData\Roaming\13001.029 [2012.07.25 08:37:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 14:43:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.17 18:27:37 | 000,000,000 | ---D | M]

[2011.01.14 22:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Extensions
[2012.07.12 15:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions
[2012.06.28 16:50:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.01.16 23:02:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.17 20:54:46 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\battlefieldplay4free@ea.com
[2011.01.24 20:34:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\engine@conduit.com
[2012.05.17 18:16:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\ich@maltegoetz.de
[2012.02.04 13:26:15 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\toolbar@ask.com
[2012.04.06 16:37:35 | 000,002,401 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\nkdr3w73.default\searchplugins\askcom.xml
[2010.11.02 17:02:34 | 000,000,941 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\nkdr3w73.default\searchplugins\conduit.xml
[2012.07.21 19:27:50 | 000,001,056 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\nkdr3w73.default\searchplugins\icqplugin.xml
[2012.06.17 14:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.07.25 08:37:15 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\TIMO\APPDATA\ROAMING\13001.029
[2012.06.17 14:43:48 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.17 14:43:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.17 14:43:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.17 14:43:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.07 22:11:29 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012.06.17 14:43:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 14:43:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 14:43:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_15_Premium\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [trustGTX14] C:\Program Files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [CE8SIIFGSU] C:\Users\Timo\AppData\Local\Temp\Cbe.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [renovator] C:\Users\Timo\AppData\Roaming\Sun\{D6D7B47B-F5BE-4EBF-9AF4-CC26815841E4}\renovator.exe File not found
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\Run: [System] C:\Users\Timo\AppData\Roaming\system.exe File not found
O4 - HKCU..\Run: [Userinit] C:\Users\Timo\AppData\Roaming\appconf32.exe ()
O4 - HKCU..\Run: [Windows Time] rundll32.exe ",EntryPoint File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: EXIF lesen - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Timo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Timo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: EXIF lesen - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Timo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Timo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76BB1AD4-11AE-40A2-9B6F-9EAF9F0288ED}: DhcpNameServer = 82.212.62.62 78.42.43.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDA532FB-68AE-4CFC-8E2C-372D7266FB2B}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Timo\AppData\Roaming\msconfig.dat) - C:\Users\Timo\AppData\Roaming\msconfig.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e695a8a-8c75-11e1-98ca-4061868e1e6a}\Shell - "" = AutoRun
O33 - MountPoints2\{2e695a8a-8c75-11e1-98ca-4061868e1e6a}\Shell\AutoRun\command - "" = J:\CMADownloader.exe
O33 - MountPoints2\{50fdfe9d-e830-11e0-8e44-4061868e1e6a}\Shell - "" = AutoRun
O33 - MountPoints2\{50fdfe9d-e830-11e0-8e44-4061868e1e6a}\Shell\AutoRun\command - "" = M:\MI.exe
O33 - MountPoints2\{5ac02ef3-5c53-11e0-a769-4061868e1e6a}\Shell - "" = AutoRun
O33 - MountPoints2\{5ac02ef3-5c53-11e0-a769-4061868e1e6a}\Shell\AutoRun\command - "" = N:\Autorun.exe
O33 - MountPoints2\{8e007d8e-489e-11e0-908a-4061868e1e6a}\Shell - "" = AutoRun
O33 - MountPoints2\{8e007d8e-489e-11e0-908a-4061868e1e6a}\Shell\AutoRun\command - "" = K:\OblivionLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.25 14:43:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
[2012.07.25 08:37:15 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\13001.029
[2012.07.23 21:33:43 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\Minecraft Server
[2012.07.23 13:23:27 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\UAs
[2012.07.22 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\Free Template - 3D Room in Sony Vegas Pro 8.0
[2012.07.22 21:14:04 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\13001.028
[2012.07.22 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\xmldm
[2012.07.22 21:04:02 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\kock
[2012.07.22 15:39:06 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Deshaker
[2012.07.15 02:49:52 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\ABBA
[2012.07.13 16:56:30 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\London 12
[2012.07.12 23:37:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 23:37:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 23:37:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 23:37:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 23:37:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 23:37:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 23:37:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 23:37:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 23:37:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 23:37:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 23:37:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 23:37:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 23:37:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 11:43:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.08 21:27:02 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\BK
[2012.07.08 15:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012.07.08 15:38:40 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Paint.NET
[2012.06.30 20:58:03 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.06.29 13:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.06.29 13:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011.07.01 22:27:05 | 000,040,445 | ---- | C] (Beepa Pty Ltd) -- C:\Program Files (x86)\uninstall.exe
[2011.01.19 09:51:32 | 000,076,464 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dat
[2011.01.19 09:51:28 | 002,538,672 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps.exe
[2011.01.19 09:49:02 | 000,163,840 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\frapslcd.dll
[2010.12.02 10:08:12 | 000,253,104 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps32.dll
[2010.12.02 10:08:12 | 000,197,808 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Timo\Desktop\*.tmp files -> C:\Users\Timo\Desktop\*.tmp -> ]
[1 C:\Users\Timo\AppData\Roaming\*.tmp files -> C:\Users\Timo\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.25 14:43:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
[2012.07.25 14:42:14 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 14:42:14 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 14:38:00 | 000,000,034 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\blckdom.res
[2012.07.25 14:37:46 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.25 14:37:35 | 000,000,045 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\msconfig.ini
[2012.07.25 14:33:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 14:33:46 | 3219,775,488 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.25 14:19:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.25 14:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.25 08:58:29 | 001,842,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.25 08:58:29 | 000,780,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.25 08:58:29 | 000,731,790 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.25 08:58:29 | 000,181,344 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.25 08:58:29 | 000,152,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.24 18:49:05 | 000,268,944 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\AcroIEHelpe174.dll
[2012.07.24 18:49:05 | 000,006,400 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\BAcroIEHelpe174.dll
[2012.07.23 21:26:50 | 003,879,116 | ---- | M] () -- C:\Users\Timo\Desktop\P1030176.JPG
[2012.07.22 18:43:56 | 000,796,962 | ---- | M] () -- C:\Users\Timo\Desktop\Gray Comb Texture.jpg
[2012.07.22 12:20:43 | 000,831,248 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Part2.wmv.sfk
[2012.07.22 12:20:34 | 561,948,898 | ---- | M] () -- C:\Users\Timo\Documents\London 2012 - Der Film.mp4
[2012.07.22 12:20:34 | 561,948,898 | ---- | M] () -- C:\Users\Timo\Desktop\London 2012 - Der Film.mp4
[2012.07.22 12:20:34 | 430,165,664 | ---- | M] () -- C:\Users\Timo\Desktop\London 2012 - Der Film.avi
[2012.07.22 11:42:53 | 106,391,384 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Part2.wmv.sfap0
[2012.07.22 11:22:02 | 404,640,769 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Part2.wmv
[2012.07.22 03:35:06 | 000,461,928 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Part1.wmv.sfk
[2012.07.22 03:33:31 | 059,118,488 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Part1.wmv.sfap0
[2012.07.22 03:27:16 | 323,631,397 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Part1.wmv
[2012.07.22 02:51:26 | 000,461,984 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Remake.mp4.sfk
[2012.07.22 02:51:24 | 014,981,553 | ---- | M] () -- C:\Users\Timo\Documents\Ohne Titel.wmv
[2012.07.22 02:30:36 | 315,984,214 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Remake.mp4
[2012.07.22 02:02:18 | 316,037,570 | ---- | M] () -- C:\Users\Timo\Documents\London 12.mp4
[2012.07.21 22:36:26 | 064,184,079 | ---- | M] () -- C:\Users\Timo\Documents\Ohne Titel.mp4
[2012.07.13 13:14:27 | 003,145,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 19:16:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.12 19:16:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.10 14:22:44 | 000,009,728 | ---- | M] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.08 15:39:19 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012.07.06 16:33:47 | 084,492,779 | ---- | M] () -- C:\Users\Timo\Documents\Tiesto Bitches.mp4
[2012.06.30 20:58:05 | 000,001,262 | ---- | M] () -- C:\Users\Timo\Desktop\Free YouTube Download.lnk
[2012.06.30 14:57:27 | 106,041,645 | ---- | M] () -- C:\Users\Timo\Desktop\candles.rar
[2012.06.29 23:33:48 | 000,000,222 | ---- | M] () -- C:\Users\Timo\Desktop\Spec Ops The Line Demo.url
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Timo\Desktop\*.tmp files -> C:\Users\Timo\Desktop\*.tmp -> ]
[1 C:\Users\Timo\AppData\Roaming\*.tmp files -> C:\Users\Timo\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.25 13:07:19 | 000,000,045 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\msconfig.ini
[2012.07.25 08:38:21 | 561,948,898 | ---- | C] () -- C:\Users\Timo\Desktop\London 2012 - Der Film.mp4
[2012.07.25 08:38:21 | 430,165,664 | ---- | C] () -- C:\Users\Timo\Desktop\London 2012 - Der Film.avi
[2012.07.24 18:49:05 | 000,268,944 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\AcroIEHelpe174.dll
[2012.07.24 18:49:05 | 000,006,400 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\BAcroIEHelpe174.dll
[2012.07.22 21:13:53 | 000,000,034 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\blckdom.res
[2012.07.22 18:43:42 | 000,796,962 | ---- | C] () -- C:\Users\Timo\Desktop\Gray Comb Texture.jpg
[2012.07.22 11:50:25 | 561,948,898 | ---- | C] () -- C:\Users\Timo\Documents\London 2012 - Der Film.mp4
[2012.07.22 11:42:53 | 000,831,248 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Part2.wmv.sfk
[2012.07.22 11:42:42 | 106,391,384 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Part2.wmv.sfap0
[2012.07.22 04:32:32 | 404,640,769 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Part2.wmv
[2012.07.22 03:33:31 | 000,461,928 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Part1.wmv.sfk
[2012.07.22 03:33:15 | 059,118,488 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Part1.wmv.sfap0
[2012.07.22 02:54:34 | 323,631,397 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Part1.wmv
[2012.07.22 02:49:59 | 014,981,553 | ---- | C] () -- C:\Users\Timo\Documents\Ohne Titel.wmv
[2012.07.22 02:44:32 | 000,461,984 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Remake.mp4.sfk
[2012.07.22 02:11:12 | 315,984,214 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Remake.mp4
[2012.07.22 00:25:19 | 316,037,570 | ---- | C] () -- C:\Users\Timo\Documents\London 12.mp4
[2012.07.21 22:33:19 | 064,184,079 | ---- | C] () -- C:\Users\Timo\Documents\Ohne Titel.mp4
[2012.07.08 15:39:19 | 000,001,300 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012.07.08 15:39:19 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012.07.06 16:16:38 | 084,492,779 | ---- | C] () -- C:\Users\Timo\Documents\Tiesto Bitches.mp4
[2012.06.30 20:58:05 | 000,001,262 | ---- | C] () -- C:\Users\Timo\Desktop\Free YouTube Download.lnk
[2012.06.30 13:58:13 | 106,041,645 | ---- | C] () -- C:\Users\Timo\Desktop\candles.rar
[2012.06.29 23:33:48 | 000,000,222 | ---- | C] () -- C:\Users\Timo\Desktop\Spec Ops The Line Demo.url
[2012.04.15 18:38:41 | 000,000,104 | ---- | C] () -- C:\Windows\MSUTIL.INI
[2012.03.13 13:18:38 | 000,000,262 | ---- | C] () -- C:\Windows\FESTO.INI
[2012.03.12 21:46:23 | 000,002,048 | -HS- | C] () -- C:\Users\Timo\AppData\Local\eb779564\@
[2012.01.11 20:08:52 | 000,050,176 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\msconfig.dat
[2011.12.22 01:03:58 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.22 01:03:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.15 23:25:51 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.07.03 13:58:16 | 000,005,067 | ---- | C] () -- C:\ProgramData\hvcatrnw.tht
[2011.04.30 00:33:45 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2011.04.30 00:33:45 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.04.01 19:48:26 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.03.17 21:33:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.03.16 22:30:21 | 000,000,009 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\tabbles_hwnd_quick_link
[2011.03.16 22:30:21 | 000,000,008 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\tabbles_hwnd_main
[2011.01.24 20:38:10 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.01.19 09:35:18 | 000,001,872 | ---- | C] () -- C:\Program Files (x86)\README.HTM
[2011.01.17 20:03:55 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.12.21 19:51:50 | 000,000,327 | ---- | C] () -- C:\Windows\DesktopSchneeFree.ini
[2010.12.12 19:25:14 | 000,009,728 | ---- | C] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.05 01:35:36 | 027,556,501 | ---- | C] () -- C:\Program Files (x86)\550.PBP
[2010.11.07 00:45:08 | 000,000,092 | ---- | C] () -- C:\Users\Timo\AppData\Local\fusioncache.dat
[2010.11.07 00:44:13 | 001,823,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.26 17:36:26 | 000,000,137 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.10.25 17:28:58 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010.10.25 17:27:26 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\NMOCOD.DLL
[2010.10.25 17:27:26 | 000,035,328 | ---- | C] () -- C:\Windows\SysWow64\INETWH32.DLL
[2010.10.20 15:48:11 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.10.12 19:34:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.09 17:23:13 | 000,051,664 | RHS- | C] () -- C:\Users\Timo\AppData\Roaming\appconf32.exe

========== LOP Check ==========

[2012.06.18 12:55:40 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\.minecraft
[2012.07.22 22:14:09 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\13001.028
[2012.07.25 08:37:15 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\13001.029
[2010.12.04 00:13:25 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\ASCOMP Software
[2012.04.15 00:09:27 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Blender Foundation
[2011.02.11 21:23:22 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Canneverbe Limited
[2011.01.16 12:56:02 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\CheckPoint
[2011.03.07 19:46:23 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\DAEMON Tools Lite
[2011.03.31 18:52:21 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\DarksporeData
[2012.06.30 20:58:32 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\DVDVideoSoft
[2012.06.30 20:58:16 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.30 15:32:28 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\EAC
[2012.03.13 16:58:56 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FL_SIM_P4_MEC_LAB_D
[2010.10.13 19:41:17 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FreeFLVConverter
[2012.04.06 15:15:09 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\GHISLER
[2011.02.27 11:25:51 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\ICQ
[2011.06.10 12:49:19 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\ImgBurn
[2012.06.10 12:35:32 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\IrfanView
[2012.07.22 21:04:02 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\kock
[2010.10.29 23:10:01 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\LEGO Company
[2011.04.15 19:27:08 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MAGIX
[2011.12.30 19:28:12 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MAXON
[2011.01.08 19:50:25 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MinecraftTools
[2012.02.24 01:51:31 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MotioninJoy
[2011.07.03 13:58:42 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MOVAVI
[2012.05.02 22:10:10 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Mp3tag
[2011.01.23 21:34:33 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MPEG Streamclip
[2011.10.06 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\OpenOffice.org
[2011.01.24 16:56:28 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Opera
[2011.06.25 20:16:29 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\PanoramaStudio2
[2010.10.23 20:00:22 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\POINTERGHOSTV1
[2011.01.21 22:52:22 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Publish Providers
[2012.07.12 15:46:42 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\RCP 6
[2011.01.09 18:27:49 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Registry Mechanic
[2011.07.31 19:43:22 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Screaming Bee
[2010.10.27 13:26:59 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\smc
[2012.01.14 04:50:50 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Sony
[2012.01.17 21:17:14 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Sony Creative Software Inc
[2011.03.16 22:30:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Tabbles
[2011.01.20 21:19:19 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\TeamViewer
[2011.07.23 00:12:38 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\TS3Client
[2012.07.23 13:23:50 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\UAs
[2011.04.02 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Ubisoft
[2011.01.15 11:32:08 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Uniblue
[2010.11.13 17:10:01 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Unity
[2012.07.23 13:24:13 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\xmldm
[2012.04.11 19:42:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.25 19:11:46 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:95A73EAF2F490019
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP

1B5B4F1

< End of report >

Ich hoffen mit diesen Infos kann mir jemand helfen, wenn ihr noch was braucht, dann schreibt es bitte ich bin neu hier und kenne mich nicht aus

Danke im vorraus

t'john · 26.07.2012, 22:45

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:Processes
killallprocesses

:OTL
MOD - [2012.07.25 08:37:15 | 000,130,616 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\13001.029\components\AcroFF029.dll 
MOD - [2012.07.24 18:49:05 | 000,006,400 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\BAcroIEHelpe174.dll 
MOD - [2011.11.17 07:41:38 | 000,050,176 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\msconfig.dat 
SRV - [2012.04.21 22:04:01 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) 
DRV:64bit: - [2010.12.25 13:37:16 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) 
DRV:64bit: - [2010.12.17 13:51:34 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 
IE - HKLM\..\URLSearchHook: - No CLSID value found 
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2206084 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=14947 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found 
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - No CLSID value found 
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found 
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {75681723-E244-412E-A0B1-FEA11206B46C} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AS-2&o=14944&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=RR&apn_dtid=YYYYYYYYDE&apn_uid=4F1CEC92-56BA-4C06-AC66-A5B3EDE5A111&apn_sauid=34F22B66-DBCB-4806-A6F6-32344D6E37B4 
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=66022 
IE - HKCU\..\SearchScopes\{4E94ADB6-83AA-4C4D-B44D-F6D09BB023A6}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes\{75681723-E244-412E-A0B1-FEA11206B46C}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} 
IE - HKCU\..\SearchScopes\{75DA268F-DB04-4473-88C0-4183516C6FCB}: "URL" = http://go.web.de/tb/ie_searchplugin/?su={searchTerms} 
IE - HKCU\..\SearchScopes\{A2F3E7AC-D763-4F27-BC02-B9E9B5BD3C8A}: "URL" = http://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie 
IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = http://search.kikin.com/search/?q={searchTerms} 
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2206084 
IE - HKCU\..\SearchScopes\{B1AB8012-A51A-484A-8B0E-C3ACAE4DDE94}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "Ask.com" 
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.selectedEngine: "Ask.com" 
FF - prefs.js..browser.search.update: false 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "www.google.de" 
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19 
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.0.100010 
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AS-2&o=14944&locale=de_DE&apn_uid=4F1CEC92-56BA-4C06-AC66-A5B3EDE5A111&apn_ptnrs=RR&apn_sauid=34F22B66-DBCB-4806-A6F6-32344D6E37B4&apn_dtid=YYYYYYYYDE&&q=" 
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\Timo\\AppData\\Local\\Temp\\proxtube.pac" 
FF - prefs.js..network.proxy.http: "184.22.134.46" 
FF - prefs.js..network.proxy.http_port: 3128 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found 
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found 
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found 
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found 
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Timo\AppData\Roaming\13001.029 [2012.07.25 08:37:15 | 000,000,000 | ---D | M] 
[2011.01.14 22:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Extensions 
[2012.07.12 15:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions 
[2012.06.28 16:50:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} 
[2011.01.16 23:02:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} 
[2011.03.17 20:54:46 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\battlefieldplay4f ree@ea.com 
[2011.01.24 20:34:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\engine@conduit.co m 
[2012.05.17 18:16:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\ich@maltegoetz.de 
[2012.02.04 13:26:15 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\toolbar@ask.com 
[2012.07.25 08:37:15 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\TIMO\APPDATA\ROAMING\13001.029 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. 
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKLM..\Run: [trustGTX14] C:\Program Files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe () 
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" File not found 
O4 - HKCU..\Run: [AdobeBridge] File not found 
O4 - HKCU..\Run: [CE8SIIFGSU] C:\Users\Timo\AppData\Local\Temp\Cbe.exe File not found 
O4 - HKCU..\Run: [renovator] C:\Users\Timo\AppData\Roaming\Sun\{D6D7B47B-F5BE-4EBF-9AF4-CC26815841E4}\renovator.exe File not found 
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found 
O4 - HKCU..\Run: [System] C:\Users\Timo\AppData\Roaming\system.exe File not found 
O4 - HKCU..\Run: [Userinit] C:\Users\Timo\AppData\Roaming\appconf32.exe () 
O4 - HKCU..\Run: [Windows Time] rundll32.exe ",EntryPoint File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found 
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKCU Winlogon: Shell - (C:\Users\Timo\AppData\Roaming\msconfig.dat) - C:\Users\Timo\AppData\Roaming\msconfig.dat () 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{2e695a8a-8c75-11e1-98ca-4061868e1e6a}\Shell - "" = AutoRun 
O33 - MountPoints2\{2e695a8a-8c75-11e1-98ca-4061868e1e6a}\Shell\AutoRun\command - "" = J:\CMADownloader.exe 
O33 - MountPoints2\{50fdfe9d-e830-11e0-8e44-4061868e1e6a}\Shell - "" = AutoRun 
O33 - MountPoints2\{50fdfe9d-e830-11e0-8e44-4061868e1e6a}\Shell\AutoRun\command - "" = M:\MI.exe 
O33 - MountPoints2\{5ac02ef3-5c53-11e0-a769-4061868e1e6a}\Shell - "" = AutoRun 
O33 - MountPoints2\{5ac02ef3-5c53-11e0-a769-4061868e1e6a}\Shell\AutoRun\command - "" = N:\Autorun.exe 
O33 - MountPoints2\{8e007d8e-489e-11e0-908a-4061868e1e6a}\Shell - "" = AutoRun 
O33 - MountPoints2\{8e007d8e-489e-11e0-908a-4061868e1e6a}\Shell\AutoRun\command - "" = K:\OblivionLauncher.exe 
[2012.07.25 08:37:15 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\13001.029 
[2012.07.23 13:23:27 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\UAs 
[2012.07.22 21:14:04 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\13001.028 
[2012.07.22 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\xmldm 
[2012.07.22 21:04:02 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\kock 
[2012.07.22 15:39:06 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Deshaker 
 
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 
[2012.07.25 14:38:00 | 000,000,034 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\blckdom.res 

[2012.03.12 21:46:23 | 000,002,048 | -HS- | C] () -- C:\Users\Timo\AppData\Local\eb779564\@ 
[2012.01.11 20:08:52 | 000,050,176 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\msconfig.dat 


[2008.12.09 17:23:13 | 000,051,664 | RHS- | C] () -- C:\Users\Timo\AppData\Roaming\appconf32.exe 

[2011.01.15 11:32:08 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Uniblue 
@Alternate Data Stream - 24 bytes -> C:\Windows:95A73EAF2F490019 
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C8B8CEBD 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP1B5B4F1 

[2011.01.25 19:11:46 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

t'john · 10.08.2012, 19:27

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

100 Euro Trojaner (msconfig.dat schuldig?)

Log-Analyse und Auswertung: 100 Euro Trojaner (msconfig.dat schuldig?)