Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Skype Virus angeklickt aber nicht ausgeführt wurde nun gerne wissen ob mein PC sicher ist

Skype Virus angeklickt aber nicht ausgeführt wurde nun gerne wissen ob mein PC sicher ist


Plagegeister aller Art und deren Bekämpfung: Skype Virus angeklickt aber nicht ausgeführt wurde nun gerne wissen ob mein PC sicher ist

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.10.2012, 22:21   #1
Saruman
 
Skype Virus angeklickt aber nicht ausgeführt wurde nun gerne wissen ob mein PC sicher ist - Standard

Skype Virus angeklickt aber nicht ausgeführt wurde nun gerne wissen ob mein PC sicher ist


Hallo

Code:
ATTFilter
OTL logfile created on: 04.10.2012 22:43:43 - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,22% Memory free
4,00 Gb Paging File | 2,82 Gb Available in Paging File | 70,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 291,62 Gb Free Space | 62,63% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.04 22:43:23 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2012.08.08 13:57:52 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.20 16:12:51 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.05.08 19:31:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:31:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
PRC - [2006.12.23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.12.23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.04 22:05:33 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Downloadprogramme\SASCORE64.EXE -- (!SASCORE)
SRV - [2012.09.07 20:56:36 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 14:59:53 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.20 16:12:51 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.08 19:31:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:31:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 19:31:56 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 19:31:56 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.22 13:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.14 09:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Downloadprogramme\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Downloadprogramme\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB D0 F1 12 FB 0E CD 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.0&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Downloadprogramme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 20:56:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 20:56:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.27 11:59:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012.07.24 22:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\cnmm1sms.default\extensions
[2012.07.24 22:53:29 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\cnmm1sms.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.02 15:42:46 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\cnmm1sms.default\searchplugins\icqplugin-1.xml
[2012.05.10 16:58:15 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\cnmm1sms.default\searchplugins\icqplugin-2.xml
[2012.07.14 17:23:43 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\cnmm1sms.default\searchplugins\icqplugin-3.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\cnmm1sms.default\searchplugins\icqplugin.xml
[2012.09.07 20:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 20:56:36 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.21 07:48:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 14:04:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.21 07:48:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.21 07:48:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.21 07:48:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.21 07:48:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Downloadprogramme\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6E71F5F-9B90-4299-AAA7-98D37C905158}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.04 22:43:11 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.10.04 18:51:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A47C47A4-B08E-4005-A09E-68FDC3EDC74D}
[2012.10.03 18:47:17 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Opera
[2012.10.03 18:47:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Opera
[2012.10.03 18:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2012.10.03 17:46:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{95117797-5573-4746-AD84-3893CEE513F7}
[2012.10.02 16:41:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{61677624-F02C-4856-825B-DB210B171A4A}
[2012.10.01 16:29:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A5FDFF86-68F3-4EA9-B867-389B1AB6CC3F}
[2012.10.01 01:42:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{31DDED25-198E-449B-9D84-27F8C45506EF}
[2012.09.30 13:41:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{71459CFD-F4D7-4783-95AC-DDA11C5CBB8C}
[2012.09.29 15:58:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{1521F565-E47F-45A9-B60C-B59327A0A182}
[2012.09.28 22:41:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F2A9C4BF-21E8-4E01-9349-1A67560339B0}
[2012.09.28 10:40:42 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{FA95BE55-5DFE-4EA1-A881-D65CB0B2AFD3}
[2012.09.28 01:36:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\The Inquisitor
[2012.09.28 01:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\The Inquisitor
[2012.09.27 15:05:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{32874F2C-39E4-4CD8-98AE-F8A0AF30DB7E}
[2012.09.26 15:10:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7A552FC4-3E5C-46A0-8232-526E756388F3}
[2012.09.26 12:27:25 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.26 12:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo
[2012.09.26 00:50:55 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MumboJumbo
[2012.09.25 18:23:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{AD773B07-1D7C-4964-B334-D1172F82211C}
[2012.09.24 14:54:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B41B6579-3414-4646-AA1E-A56CE7EB8142}
[2012.09.23 19:01:04 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVD-RW-Laufwerk (D) BRAVEHEART
[2012.09.23 18:28:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2012.09.23 18:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.09.23 18:12:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Sony
[2012.09.23 18:06:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Sony
[2012.09.23 16:11:21 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.09.23 16:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.23 16:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.09.23 14:58:06 | 000,000,000 | ---D | C] -- C:\Users\S*****\AppData\Local\{6C10D669-B971-48D5-A283-DC6C3E650965}
[2012.09.22 23:53:54 | 001,581,056 | ---- | C] (Ligos Corporation) -- C:\Windows\SysWow64\mplvw7.dll
[2012.09.22 23:53:53 | 001,650,688 | ---- | C] (Ligos Corporation) -- C:\Windows\SysWow64\mplva6.dll
[2012.09.22 23:53:53 | 001,552,384 | ---- | C] (Ligos Corporation) -- C:\Windows\SysWow64\mplvm6.dll
[2012.09.22 23:53:53 | 001,122,304 | ---- | C] (Ligos Corporation) -- C:\Windows\SysWow64\mplvpx.dll
[2012.09.22 23:53:53 | 000,176,128 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRES32.dll
[2012.09.22 23:53:53 | 000,106,496 | ---- | C] (Ligos Corporation) -- C:\Windows\SysWow64\lmpgspl.ax
[2012.09.22 23:53:53 | 000,094,208 | ---- | C] (Ligos Corporation) -- C:\Windows\SysWow64\lmpgvd.ax
[2012.09.22 23:53:53 | 000,077,824 | ---- | C] (Ligos Corporation) -- C:\Windows\SysWow64\mplaw7.dll
[2012.09.22 23:53:53 | 000,077,824 | ---- | C] (Ligos Corporation) -- C:\Windows\SysWow64\mplaa6.dll
[2012.09.22 23:53:53 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPTL32.dll
[2012.09.22 23:53:53 | 000,065,536 | ---- | C] (Ligos Corporation) -- C:\Windows\SysWow64\mplapx.dll
[2012.09.22 23:53:53 | 000,065,536 | ---- | C] (Ligos Corporation) -- C:\Windows\SysWow64\mplam6.dll
[2012.09.22 23:53:53 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLTPO32.dll
[2012.09.22 23:53:53 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRJ32.dll
[2012.09.22 23:53:53 | 000,049,152 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRF32.dll
[2012.09.22 23:53:53 | 000,049,152 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIO32.dll
[2012.09.22 23:53:53 | 000,046,592 | ---- | C] (Ligos Corporation) -- C:\Windows\SysWow64\lmpgad.ax
[2012.09.22 23:53:53 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRD32.dll
[2012.09.22 23:53:53 | 000,036,864 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPNT32.dll
[2012.09.22 23:53:53 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLMSC32.dll
[2012.09.22 23:53:53 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLISO32.dll
[2012.09.22 23:53:53 | 000,028,672 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\STRING32.dll
[2012.09.22 23:53:53 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTIC32.dll
[2012.09.22 23:53:53 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTI32.dll
[2012.09.22 23:53:53 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIX.dll
[2012.09.22 23:53:52 | 000,303,104 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLAV32.dll
[2012.09.22 23:53:52 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDEV32.dll
[2012.09.22 23:53:52 | 000,118,784 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDRV32.dll
[2012.09.22 23:53:52 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDA32.dll
[2012.09.22 23:53:52 | 000,081,920 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCPY32.dll
[2012.09.22 23:53:52 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDF32.dll
[2012.09.22 23:53:52 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIMG32.dll
[2012.09.22 23:53:52 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDIR32.dll
[2012.09.22 23:53:09 | 000,000,000 | ---D | C] -- C:\MAGIX
[2012.09.22 23:52:55 | 000,176,128 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\mgxoschk.dll
[2012.09.22 17:00:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 17:00:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.22 17:00:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 17:00:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 17:00:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 17:00:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 17:00:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.22 17:00:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.22 17:00:39 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.22 17:00:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.22 17:00:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.22 17:00:39 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 17:00:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.22 17:00:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 17:00:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.22 15:29:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{47BFFB50-847F-4D83-9B6D-756A74F4CDD6}
[2012.09.21 16:34:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E64A192D-B491-487A-8FC9-3D234E9DDBA8}
[2012.09.20 18:20:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{60C9D4C1-6CF8-40A8-8369-193FAEDC184E}
[2012.09.19 19:16:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{EDF6ACEA-F325-4FAE-A7D9-271C7F5330AA}
[2012.09.18 15:27:34 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{9CE083A2-9D46-4FCC-928B-F5A547AE73F6}
[2012.09.17 14:38:17 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{A809D80E-609B-430D-A0DE-74C04210145E}
[2012.09.16 16:39:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{D1D647CF-0CEB-4511-B6CE-AB8BFFC2D2D8}
[2012.09.15 14:48:09 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F3593169-933C-4145-9E56-2CABAB23550A}
[2012.09.14 18:57:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2CA95C03-2FAA-4A7D-8EFC-6A1A9BAA8316}
[2012.09.14 13:43:39 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Amazon MP3
[2012.09.14 13:43:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Amazon
[2012.09.14 13:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012.09.13 20:17:05 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{543BD941-87E0-47C4-9435-FB5C16DF7B23}
[2012.09.12 22:05:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{ABA890F4-3F8E-4B2D-AFAA-93675A42779B}
[2012.09.12 19:36:23 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Neuer Ordner (3)
[2012.09.12 11:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2012.09.12 11:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
[2012.09.12 10:04:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F71FDEC8-45E4-4937-8E76-24F612EE02CA}
[2012.09.12 09:56:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 09:56:43 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 09:56:41 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 09:56:41 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.09.11 16:19:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{978A85DB-0E97-478A-8331-DB0AA16EBA20}
[2012.09.11 11:11:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{8AEB9CA2-3859-4DC5-837A-100DB99C113F}
[2012.09.10 18:07:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BF8AECA6-8030-408E-9A3F-F2F9A04D2073}
[2012.09.09 19:18:03 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{CCD51280-66E0-483D-824A-847597DC2AF5}
[2012.09.09 14:29:12 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\tinkatot
[2012.09.08 18:33:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{587FB151-0C80-4A21-8C73-2719F9C3B0D2}
[2012.09.07 20:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.07 14:27:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{5E394111-FD42-4AFD-9278-A80724F3DC7E}
[2012.09.06 21:15:47 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0F3B5406-2360-4138-8EDA-6675B5724B04}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.04 22:43:23 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.10.04 22:26:33 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable
[2012.10.04 22:24:53 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe
[2012.10.04 18:01:49 | 000,081,128 | ---- | M] () -- C:\Users\****\.recently-used.xbel
[2012.10.04 16:43:28 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 16:43:28 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 16:42:49 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.04 16:42:49 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.04 16:42:49 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.04 16:42:49 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.04 16:42:49 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.04 16:35:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.04 16:34:54 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.02 11:58:14 | 000,435,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.28 01:36:13 | 000,000,933 | ---- | M] () -- C:\Users\*****\Desktop\Der Inquisitor.lnk
[2012.09.22 23:52:56 | 000,000,024 | ---- | M] () -- C:\Windows\magix.ini
[2012.09.22 22:37:39 | 000,073,216 | ---- | M] () -- C:\Windows\cadkasdeinst01.exe
[2012.09.12 11:53:29 | 000,001,743 | ---- | M] () -- C:\Users\****\Desktop\Call of Atlantis.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.04 22:26:33 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012.10.04 22:24:50 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe
[2012.10.04 18:01:49 | 000,081,128 | ---- | C] () -- C:\Users\****\.recently-used.xbel
[2012.10.03 18:47:04 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.09.28 01:36:13 | 000,000,933 | ---- | C] () -- C:\Users\****\Desktop\Der Inquisitor.lnk
[2012.09.22 23:53:53 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2012.09.22 23:52:56 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
[2012.09.22 23:52:55 | 000,000,887 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.09.22 22:36:20 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.09.12 11:53:29 | 000,001,743 | ---- | C] () -- C:\Users\****\Desktop\Call of Atlantis.lnk
[2012.05.20 16:12:54 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.20 16:12:51 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.15 22:39:18 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.04.15 22:39:18 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.04.15 22:39:12 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.04.15 22:39:12 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.04.13 01:49:53 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.03.28 15:07:46 | 000,000,041 | ---- | C] () -- C:\Users\****\.gtk-bookmarks
[2012.03.27 21:17:49 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.27 11:08:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 04.10.2012 22:43:43 - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\*****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,22% Memory free
4,00 Gb Paging File | 2,82 Gb Available in Paging File | 70,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 291,62 Gb Free Space | 62,63% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [edit] -- Reg Error: Unable to open value key
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [edit] -- Reg Error: Unable to open value key
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A3C9A2-966E-493C-85D0-E7974DBDCF87}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0CC23A4C-A6F7-49BC-AF45-9ED21804ED96}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{21D373EF-8C68-43C2-9ED1-32EB1981143E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{30F2D64D-0300-43E3-AA3C-3FAA4EF70E3B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{360939ED-4BE1-4A65-8069-8D50390639AE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{37F192D4-A502-4345-9F3C-34B017F855ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39E66846-F4FF-4512-B76B-0BB59E704FC0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4503FE7A-E26E-4D93-9303-DD781093F9A6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4561F50D-D752-46B6-8336-3A24E8626234}" = lport=138 | protocol=17 | dir=in | app=system | 
"{464A7611-6295-4DBF-94D2-B3C4D4F7F9F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{507E07E5-9354-45DB-8212-EFDACDF1336B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{52C8C497-9FE5-47E6-B658-18CD94C81C24}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5633C643-9C58-4BCE-84C1-5741EF6275BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{63B79440-AE76-4E87-BC09-7F2C74899A4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{70F0B7C1-F411-4F70-9D92-7195F0403388}" = rport=139 | protocol=6 | dir=out | app=system | 
"{87DE0831-2E82-469A-A98D-98626D98303F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{918EE44F-4914-48FE-BAA7-58E3723B6327}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9876326E-51A9-402C-A614-AD22550D095D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9B9E8817-25E6-4679-AF57-7D0FEDDB7F36}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A3AA5619-25B2-47D4-A7DC-4ECAF6E6FAF5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{ABA5C906-F405-4583-880F-837D8D7650E8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B350BF62-E526-4A76-94EA-6738EE4EAC75}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B64ADE8B-D2D5-4B3A-B4AB-FF9764C98E54}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BEA253BE-DE4E-423C-846A-178281BE1748}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BFBA5D47-D767-4F09-BBDD-5C917A4BC599}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C26FB564-B96E-48F9-9CDB-FADEBBD65E0F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D69F1B8D-91E5-4863-B734-7A2169EFAD38}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D881497E-5B3E-4084-A62C-CE1DFA4C50E6}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E1B320F6-FDB5-4D69-B243-06F8F7CA6198}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F5B520DD-9FDC-4C8D-A068-2077FC50DC26}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F6800CA6-5265-4BC3-8305-3ED8FDBDE2C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0079F13C-1E16-4D69-A9F5-320760B7F003}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{0139C459-C13C-41D9-95EC-8B64C6B9BCF7}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{013ED3FC-A3AC-414D-B07B-19EB8F851CB1}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{06C2BEA0-AF8F-43B0-AB89-F2403A6B9D7B}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{099194E2-C260-44E4-AD3A-40560191CC41}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{0FF76F38-36C3-407F-9F22-8CB1E0C60AEA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{10136534-20C1-4F02-83C7-28ADABFAB150}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{120AC7D2-23DF-4F0C-A40E-5F946F69AC24}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{19E4A2F9-7314-4F27-881B-AD10486C2E42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1EFC921C-1981-4247-B047-62163AF06F03}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{1F622BE6-C49A-4015-A2C6-B359DEA907E9}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{245AAC44-A014-43C5-A7B0-839A2597A15E}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{26D9BD53-F2B1-44CD-8494-6D24FD20F7DC}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{2B0A4649-6AC7-413E-8002-A4A7F2A1104B}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed revelations\acrmp.exe | 
"{2DCD9A01-6069-4D7E-9811-C0572173D9A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2E64BB71-3FD6-437B-AE7A-2C762E2FB2B3}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{3C196169-7C56-4CCD-99EA-7F4734E5AC11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3D4FE39A-1B01-4301-88B2-B8D2B1237954}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{49E2BB9C-F75C-408A-A7D1-700EE5E0B753}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4B60B6C8-35AB-4ED6-9BB1-1C9FA7BCB6D3}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{554FEE8F-E177-4D4E-9ABB-4FBFD166F48D}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{5AAE96DD-7F56-4D1C-8D30-5C58B3074DA1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6526790C-EA8D-4821-9009-E9BAC53DFEBC}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed revelations\acrmp.exe | 
"{7A199982-A5BE-4949-B4FC-8C876C6F96FD}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{80BFCAA2-6229-44AB-9B40-FC5876CB391F}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed revelations\acrsp.exe | 
"{8315D196-18A5-4EC4-AA93-6F883843BE1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{86A286B6-6F49-4DD2-BC69-420D09E82252}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{881B68CC-98BB-4C1E-A3E5-2A77EF4D4190}" = protocol=6 | dir=out | app=system | 
"{88F76FD7-6586-4971-A8E1-B272E63225FA}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{8EC6422C-6775-4CA9-9A7F-6C27CD08FB49}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9440E056-9E36-421C-9378-0895CC10E77B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{99056659-A871-4E5B-B1F6-5666715B358F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{99096292-8442-4080-8D40-469B742BCC91}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{9B1A8787-FA93-446A-8391-2D9A912A46C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B8DB742-D4E8-4EC3-B569-47B1B947ECA4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A1FE5C69-477C-4199-A165-D1C3F51E437E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{AA7E16A7-FF14-4431-98BC-4E212FC8BD17}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{AE59B1CB-1710-488F-A16C-EEB5EEF55FFB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AF31C130-0568-4776-80CC-807898CFBB28}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{B6C471E2-69A8-41FB-88DF-8AF2D875EBAF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B832D81C-28FB-48D0-8C2B-1181EA857FA3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{B93A64BE-9F8B-4615-876C-11BAC55BB645}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BA22706A-530E-4446-BE60-8299D0D55E3A}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{BDBB76FD-3C5B-49B8-81CF-53E03FD6A44B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BE41A87F-0CBB-4E57-A06E-508E52745209}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{BF22BDA7-0AEB-4247-B40C-13CB1564B5B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C207AB60-AC23-4D3A-9E77-2EB99068F104}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{C4E46B80-9150-4137-9A62-895BD05D7EED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C64454EF-E9B0-4B24-87B9-406FEFB216CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C7DD3685-E537-40C0-B5CF-7D99C4614344}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D48C66A2-AA58-4357-A603-EBDB3AC98BAE}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed revelations\acrsp.exe | 
"{D736943C-85C1-4CA9-9387-7880D817C4D8}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{DD4E92CD-7FDC-4860-B97D-337F8888C9F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{E0F1EA32-6C82-446F-B602-CD821C4A0EBC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EB61A833-CF67-4E72-9C8E-A367D4E8AF94}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EBD78B88-47BB-44BB-8BE2-D583089A6603}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{EC32F212-9604-4535-A804-621E38998DC0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F457730C-6D75-4C5F-8E97-2B30172C7A53}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{F6F50D59-C413-4669-AFD6-2D68301E1357}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{8BF14661-516B-4719-9089-99E57804FDA0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{23A2DB16-9E0F-45B4-9812-A104C14666F7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{ADD9E56D-2DD8-448A-8887-B3AF76AB1031}" = Nero 7 Essentials
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Call of Atlantis/DE-German_is1" = Call of Atlantis
"Darkness Within: Auf der Jagd nach Loath Nolder_is1" = Darkness Within: Auf der Jagd nach Loath Nolder 1.02
"Der Inquisitor" = Der Inquisitor
"Der verborgene Kontinent 2 - Die Saeule der Maya" = Der verborgene Kontinent 2 - Die Saeule der Maya
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"JekyllHyde" = Jekyll&Hyde
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Midnight Mysteries" = Midnight Mysteries
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mystery Legends - Sleepy Hollow" = Mystery Legends - Sleepy Hollow
"Nightfall Mysteries - Der Fluch der Oper" = Nightfall Mysteries - Der Fluch der Oper
"Nokia Suite" = Nokia Suite
"Opera 12.02.1578" = Opera 12.02
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Steam App 50620" = Darksiders
"The Mirror Mysteries" = The Mirror Mysteries
"VLC media player" = VLC media player 1.1.10
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.10.2012 06:00:16 | Computer Name = ****** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DerInquisitor.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4b042092  Name des fehlerhaften Moduls: DerInquisitor.exe, Version:
 1.0.0.0, Zeitstempel: 0x4b042092  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005dcb0
ID
 des fehlerhaften Prozesses: 0xf04  Startzeit der fehlerhaften Anwendung: 0x01cda084b72f9ff5
Pfad
 der fehlerhaften Anwendung: C:\Spiele\PrimeGames\Der Inquisitor\DerInquisitor.exe
Pfad
 des fehlerhaften Moduls: C:\Spiele\PrimeGames\Der Inquisitor\DerInquisitor.exe  Berichtskennung:
 f6d307f2-0c77-11e2-9bad-00248cea18a4
 
Error - 02.10.2012 06:01:30 | Computer Name = *****| Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DerInquisitor.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4b042092  Name des fehlerhaften Moduls: DerInquisitor.exe, Version:
 1.0.0.0, Zeitstempel: 0x4b042092  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005dcb0
ID
 des fehlerhaften Prozesses: 0xe8c  Startzeit der fehlerhaften Anwendung: 0x01cda084e4b50020
Pfad
 der fehlerhaften Anwendung: C:\Spiele\PrimeGames\Der Inquisitor\DerInquisitor.exe
Pfad
 des fehlerhaften Moduls: C:\Spiele\PrimeGames\Der Inquisitor\DerInquisitor.exe  Berichtskennung:
 22953e08-0c78-11e2-9bad-00248cea18a4
 
Error - 02.10.2012 09:41:27 | Computer Name = ***** | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.10.2012 11:12:18 | Computer Name = **** | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.10.2012 12:46:00 | Computer Name = **** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\****\Downloads\SoftonicDownloader_fuer_gimp.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 03.10.2012 17:21:49 | Computer Name = **** | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.10.2012 17:21:58 | Computer Name = **** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DerInquisitor.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4b042092  Name des fehlerhaften Moduls: DerInquisitor.exe, Version:
 1.0.0.0, Zeitstempel: 0x4b042092  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005dcb0
ID
 des fehlerhaften Prozesses: 0xd78  Startzeit der fehlerhaften Anwendung: 0x01cda1ad1e2c8b2e
Pfad
 der fehlerhaften Anwendung: C:\Spiele\PrimeGames\Der Inquisitor\DerInquisitor.exe
Pfad
 des fehlerhaften Moduls: C:\Spiele\PrimeGames\Der Inquisitor\DerInquisitor.exe  Berichtskennung:
 5cc26f1b-0da0-11e2-b173-00248cea18a4
 
Error - 03.10.2012 17:22:04 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DerInquisitor.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4b042092  Name des fehlerhaften Moduls: DerInquisitor.exe, Version:
 1.0.0.0, Zeitstempel: 0x4b042092  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005dcb0
ID
 des fehlerhaften Prozesses: 0xda0  Startzeit der fehlerhaften Anwendung: 0x01cda1ad226a4163
Pfad
 der fehlerhaften Anwendung: C:\Spiele\PrimeGames\Der Inquisitor\DerInquisitor.exe
Pfad
 des fehlerhaften Moduls: C:\Spiele\PrimeGames\Der Inquisitor\DerInquisitor.exe  Berichtskennung:
 604508b6-0da0-11e2-b173-00248cea18a4
 
Error - 04.10.2012 04:16:46 | Computer Name = **** | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.10.2012 10:36:45 | Computer Name = ***** | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 04.08.2012 02:25:17 | Computer Name = **** | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 04.08.2012 02:25:17 | Computer Name = **** | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 04.08.2012 02:26:20 | Computer Name = **** | Source = ipnathlp | ID = 31004
Description = 
 
Error - 04.08.2012 08:08:26 | Computer Name = ***** | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 04.08.2012 08:08:26 | Computer Name = **** | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 05.08.2012 03:07:37 | Computer Name = ***** | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 05.08.2012 03:07:37 | Computer Name = ****** | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 05.08.2012 04:10:11 | Computer Name = ***** | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 05.08.2012 04:10:11 | Computer Name = ****** | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 05.08.2012 04:10:44 | Computer Name = ***** | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >

Alt 05.10.2012, 08:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Skype Virus angeklickt aber nicht ausgeführt wurde nun gerne wissen ob mein PC sicher ist - Standard

Skype Virus angeklickt aber nicht ausgeführt wurde nun gerne wissen ob mein PC sicher ist


Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________

__________________
Antwort

Themen zu Skype Virus angeklickt aber nicht ausgeführt wurde nun gerne wissen ob mein PC sicher ist
antivir, autorun, avg, avira, bho, error, explorer, firefox, flash player, format, google, helper, install.exe, logfile, mozilla, object, plug-in, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, udp, virus, windows


« Widgi ZIP Dateien auf dem Rechner,Spigot,?Virus, Trojaner? | "Mit windows update kann derzeit nicht nach updates gesucht werden" / Firewall nicht aktivierbar »


Ähnliche Themen: Skype Virus angeklickt aber nicht ausgeführt wurde nun gerne wissen ob mein PC sicher ist


  1. DHL Link angeklickt, aber nicht sicher ob er echt war
    Plagegeister aller Art und deren Bekämpfung - 12.06.2015 (12)
  2. Spam angeklickt. Nicht sicher über die Folgen
    Plagegeister aller Art und deren Bekämpfung - 29.08.2014 (17)
  3. Windows 7: Bin mir nicht sicher, ob mein Computer vollständig "desinfiziert" wurde
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (17)
  4. Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (4)
  5. Avira meldete Virus, bin nicht sicher ob dieser einwandfrei behandelt wurde
    Log-Analyse und Auswertung - 15.11.2013 (5)
  6. Zipfile aus Mahnungschreiben geöffnet aber MSDOS File nicht ausgeführt.
    Plagegeister aller Art und deren Bekämpfung - 28.09.2013 (9)
  7. virus/wurm entdeckt durch eset und gelöscht, aber bin mir nicht sicher ob das system sauber ist
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (11)
  8. Ich habe einen TR/ATRAPS.Gen Trojaner und würde gerne wissen wie ich den weg bekomme.
    Log-Analyse und Auswertung - 30.08.2012 (28)
  9. Skype Virus. Aber was genau ist es?
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (22)
  10. Ich würde gerne einen kompletten Systemcheck auf Viren etc. machen aber weiß nicht wie...
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (42)
  11. Trojaner gefunden und angeblich entfernt aber ist mein Laptop nun sicher?
    Log-Analyse und Auswertung - 24.03.2012 (5)
  12. Virus heruntergeladen aber nicht ausgeführt, besteht trotzdem gefahr?
    Plagegeister aller Art und deren Bekämpfung - 08.03.2012 (6)
  13. Ich würde gerne wissen ob mein PC wirklich rein ist. OTL Logfile inc.
    Log-Analyse und Auswertung - 05.07.2011 (1)
  14. Trojaner! Malware bereits ausgeführt, Virus aber noch da?
    Plagegeister aller Art und deren Bekämpfung - 06.06.2011 (42)
  15. ich möchte gerne wissen ob mein system sauber ist Vielen dank
    Mülltonne - 10.04.2010 (0)
  16. Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden...
    Log-Analyse und Auswertung - 06.08.2009 (12)
  17. Mein Skype Account wurde verändert - was tun ?
    Plagegeister aller Art und deren Bekämpfung - 22.02.2007 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Skype Virus angeklickt aber nicht ausgeführt wurde nun gerne wissen ob mein PC sicher ist - Hallo Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 04.10.2012 22:43:43 - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\****\Desktop 64bit- Professional Service Pack 1 (Version - Skype Virus angeklickt aber nicht ausgeführt wurde nun gerne wissen ob mein PC sicher ist...
Archiv
Du betrachtest: Skype Virus angeklickt aber nicht ausgeführt wurde nun gerne wissen ob mein PC sicher ist auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19