Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
http://safesearch.lavasoft.com

http://safesearch.lavasoft.com


Log-Analyse und Auswertung: http://safesearch.lavasoft.com

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.11.2012, 19:29   #1
Sebastiano
 
http://safesearch.lavasoft.com - Standard

http://safesearch.lavasoft.com


Ich melde mich nochmal.

Ich hab mir Ad-Adware runter geladen habs wieder deinstalliert und dánn hatt ich hxxp://safesearch.lavasoft.com als startseite und kann es nicht mehr ändern bitte hilfe :/

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sebo :: SEBO-PC [Administrator]

16.11.2012 19:33:40
mbam-log-2012-11-16 (19-33-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205540
Laufzeit: 2 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Geändert von Sebastiano (16.11.2012 um 19:35 Uhr)

Alt 19.11.2012, 08:01   #2
schrauber
/// the machine
/// TB-Ausbilder
 
http://safesearch.lavasoft.com - Standard

http://safesearch.lavasoft.com


Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 27.11.2012, 14:27   #3
Sebastiano
 
http://safesearch.lavasoft.com - Standard

http://safesearch.lavasoft.com


OTL OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.11.2012 14:16:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sebo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 56,87% Memory free
6,00 Gb Paging File | 4,51 Gb Available in Paging File | 75,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,95 Gb Total Space | 417,30 Gb Free Space | 91,72% Space Free | Partition Type: NTFS
Drive D: | 455,46 Gb Total Space | 455,12 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: SEBO-PC | User Name: Sebo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.27 14:14:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebo\Desktop\OTL.exe
PRC - [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.31 23:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
MOD - [2012.10.31 23:15:04 | 012,455,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012.10.31 23:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012.10.31 23:13:47 | 000,587,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012.10.31 23:13:46 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012.10.31 23:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012.10.31 23:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012.10.31 23:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.04.10 19:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe -- (AVP)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.10.10 03:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.25 22:10:49 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.08.21 21:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.11.15 17:00:00 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE511
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2012.11.25 22:33:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru [2012.11.25 22:33:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru [2012.11.25 22:33:44 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google-Suche = C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.486_0\
CHR - Extension: AdBlock = C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.486_0\
CHR - Extension: Google Mail = C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (no name) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.234.128.7 195.234.128.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31CF2F4A-662D-4C12-B5B1-FB806DB4CD99}: DhcpNameServer = 195.234.128.7 195.234.128.16
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Global Registration - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Hotkey Utility - hkey= - key= - C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe ()
MsConfig:64bit - StartUpReg:  Malwarebytes Anti-Malware  - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg: Trigger New Acer AlaunchX - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.27 14:14:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebo\Desktop\OTL.exe
[2012.11.26 19:10:30 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Roaming\TeamViewer
[2012.11.25 22:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Suite CBE 12
[2012.11.25 22:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12
[2012.11.25 22:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.11.25 22:10:49 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.11.23 19:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.11.22 11:35:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.11.22 11:34:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.11.22 10:59:07 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012.11.22 10:58:29 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012.11.22 10:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP490 series
[2012.11.22 10:50:04 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012.11.22 10:49:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012.11.21 20:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.11.21 19:41:14 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2012.11.21 19:41:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2012.11.21 19:41:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2012.11.21 19:41:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2012.11.21 19:41:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2012.11.21 19:41:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2012.11.21 19:41:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2012.11.21 19:41:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2012.11.21 19:40:31 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2012.11.21 19:40:31 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2012.11.21 19:40:30 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2012.11.21 19:40:30 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2012.11.21 19:36:22 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2012.11.21 14:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.11.21 14:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.11.21 12:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.11.21 12:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.11.21 12:51:56 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Roaming\WinRAR
[2012.11.21 12:51:56 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.11.21 12:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.11.21 12:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.11.21 12:48:39 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Roaming\Malwarebytes
[2012.11.21 12:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.21 12:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.11.21 12:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.21 11:40:46 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Local\Adobe
[2012.11.21 11:27:02 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.11.21 11:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.11.21 11:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.11.21 11:22:33 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Roaming\Macromedia
[2012.11.21 11:22:20 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Roaming\Adobe
[2012.11.21 11:22:17 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Roaming\Google
[2012.11.21 11:22:17 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Local\Google
[2012.11.21 11:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.11.21 11:08:58 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.11.21 11:08:58 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.11.21 11:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.11.21 11:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.11.21 11:05:33 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Local\Packard Bell
[2012.11.21 11:05:16 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Roaming\OEM
[2012.11.21 11:04:53 | 000,000,000 | R--D | C] -- C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.11.21 11:04:53 | 000,000,000 | R--D | C] -- C:\Users\Sebo\Searches
[2012.11.21 11:04:53 | 000,000,000 | R--D | C] -- C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.11.21 11:04:42 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Roaming\Identities
[2012.11.21 11:04:40 | 000,000,000 | R--D | C] -- C:\Users\Sebo\Contacts
[2012.11.21 11:04:37 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Local\VirtualStore
[2012.11.21 11:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\PB Accessory Store
[2012.11.21 11:02:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2012.11.21 11:01:19 | 000,000,000 | --SD | C] -- C:\Users\Sebo\AppData\Roaming\Microsoft
[2012.11.21 11:01:19 | 000,000,000 | R--D | C] -- C:\Users\Sebo\Videos
[2012.11.21 11:01:19 | 000,000,000 | R--D | C] -- C:\Users\Sebo\Saved Games
[2012.11.21 11:01:19 | 000,000,000 | R--D | C] -- C:\Users\Sebo\Pictures
[2012.11.21 11:01:19 | 000,000,000 | R--D | C] -- C:\Users\Sebo\Music
[2012.11.21 11:01:19 | 000,000,000 | R--D | C] -- C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.11.21 11:01:19 | 000,000,000 | R--D | C] -- C:\Users\Sebo\Links
[2012.11.21 11:01:19 | 000,000,000 | R--D | C] -- C:\Users\Sebo\Favorites
[2012.11.21 11:01:19 | 000,000,000 | R--D | C] -- C:\Users\Sebo\Downloads
[2012.11.21 11:01:19 | 000,000,000 | R--D | C] -- C:\Users\Sebo\Documents
[2012.11.21 11:01:19 | 000,000,000 | R--D | C] -- C:\Users\Sebo\Desktop
[2012.11.21 11:01:19 | 000,000,000 | R--D | C] -- C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\Vorlagen
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\AppData\Local\Verlauf
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\AppData\Local\Temporary Internet Files
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\Startmenü
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\SendTo
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\Recent
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\Netzwerkumgebung
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\Lokale Einstellungen
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\Documents\Eigene Videos
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\Documents\Eigene Musik
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\Eigene Dateien
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\Documents\Eigene Bilder
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\Druckumgebung
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\Cookies
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\AppData\Local\Anwendungsdaten
[2012.11.21 11:01:19 | 000,000,000 | -HSD | C] -- C:\Users\Sebo\Anwendungsdaten
[2012.11.21 11:01:19 | 000,000,000 | -H-D | C] -- C:\Users\Sebo\AppData
[2012.11.21 11:01:19 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Local\Temp
[2012.11.21 11:01:19 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Local\Microsoft
[2012.11.21 11:01:19 | 000,000,000 | ---D | C] -- C:\Users\Sebo\AppData\Roaming\Media Center Programs
[2012.11.21 11:01:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.11.21 11:01:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.11.21 11:01:04 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.11.21 11:01:04 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.11.21 11:01:04 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.11.21 11:01:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.11.21 11:01:04 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.11.21 11:01:04 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.11.21 11:01:04 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.11.21 11:01:04 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.11.21 11:01:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.11.21 11:01:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.11.21 11:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.11.21 10:55:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.11.21 10:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.11.21 10:55:50 | 002,714,112 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.11.21 10:55:50 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.11.21 10:55:50 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.11.21 10:55:50 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.11.21 10:55:50 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.11.21 10:55:49 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.11.21 10:55:49 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.11.21 10:55:49 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.11.21 10:55:49 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.11.21 10:55:49 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.11.21 10:55:49 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.11.21 10:55:48 | 002,191,872 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.11.21 10:55:48 | 000,321,536 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.11.21 10:55:48 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.11.21 10:55:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.11.21 10:55:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.11.21 10:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.11.21 10:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.11.21 10:53:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2012.11.21 10:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.11.21 10:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.11.21 10:50:16 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.11.21 10:46:59 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.27 14:17:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 14:17:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 14:16:27 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.27 14:16:27 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.27 14:16:27 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.27 14:16:27 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.27 14:16:27 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.27 14:14:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebo\Desktop\OTL.exe
[2012.11.27 14:10:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.27 14:10:12 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.25 22:33:32 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.11.25 22:33:32 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.11.25 22:13:49 | 000,017,408 | ---- | M] () -- C:\Users\Sebo\AppData\Local\WebpageIcons.db
[2012.11.25 22:11:27 | 000,008,909 | ---- | M] () -- C:\Users\Sebo\Desktop\xd.rar
[2012.11.25 22:10:49 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.11.25 15:53:42 | 000,003,013 | ---- | M] () -- C:\Users\Sebo\Desktop\Zusammenfassung Speed sebi part3.odt
[2012.11.25 14:56:14 | 000,003,122 | ---- | M] () -- C:\Users\Sebo\Desktop\Zusammenfassung speed sebi part 2.odt
[2012.11.25 12:20:28 | 000,003,116 | ---- | M] () -- C:\Users\Sebo\Desktop\Zusammenfassung Speed Sebi part 1.odt
[2012.11.25 12:19:12 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012.11.24 16:05:28 | 000,001,131 | ---- | M] () -- C:\Users\Sebo\Desktop\Dokument.rtf
[2012.11.23 13:51:53 | 000,007,608 | ---- | M] () -- C:\Users\Sebo\AppData\Local\Resmon.ResmonCfg
[2012.11.22 21:48:34 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.22 18:21:57 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.22 12:13:16 | 000,311,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.21 19:41:03 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2012.11.21 19:41:03 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2012.11.21 19:40:31 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2012.11.21 19:40:31 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2012.11.21 19:40:30 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2012.11.21 19:40:30 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2012.11.21 19:36:22 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2012.11.21 19:02:27 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2012.11.21 12:52:50 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.21 12:37:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.11.21 12:37:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.11.21 12:03:11 | 000,002,305 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.11.21 11:49:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.11.21 11:02:16 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\PB Zubehör Shop.lnk
[2012.11.21 11:00:13 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.11.21 11:00:13 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.11.21 10:57:32 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2012.11.25 22:13:47 | 000,017,408 | ---- | C] () -- C:\Users\Sebo\AppData\Local\WebpageIcons.db
[2012.11.25 22:12:28 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.11.25 22:12:28 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.11.25 22:11:27 | 000,008,909 | ---- | C] () -- C:\Users\Sebo\Desktop\xd.rar
[2012.11.25 12:46:02 | 000,003,013 | ---- | C] () -- C:\Users\Sebo\Desktop\Zusammenfassung Speed sebi part3.odt
[2012.11.25 12:19:12 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.11.24 16:07:23 | 000,003,122 | ---- | C] () -- C:\Users\Sebo\Desktop\Zusammenfassung speed sebi part 2.odt
[2012.11.24 16:05:28 | 000,001,131 | ---- | C] () -- C:\Users\Sebo\Desktop\Dokument.rtf
[2012.11.22 11:00:50 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012.11.22 10:57:40 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012.11.22 10:57:09 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012.11.22 10:57:09 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012.11.22 10:55:58 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012.11.22 10:51:26 | 000,003,116 | ---- | C] () -- C:\Users\Sebo\Desktop\Zusammenfassung Speed Sebi part 1.odt
[2012.11.22 10:49:25 | 000,012,544 | ---- | C] () -- C:\Windows\SysWow64\CNC173CD.TBL
[2012.11.22 10:49:25 | 000,012,544 | ---- | C] () -- C:\Windows\SysNative\CNC173CD.TBL
[2012.11.21 19:43:59 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2012.11.21 19:41:37 | 000,653,928 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.21 19:41:37 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2012.11.21 19:41:37 | 000,129,800 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.21 19:41:37 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2012.11.21 14:01:35 | 000,007,608 | ---- | C] () -- C:\Users\Sebo\AppData\Local\Resmon.ResmonCfg
[2012.11.21 13:05:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.21 12:52:50 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.21 12:37:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.11.21 12:37:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.11.21 12:23:35 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.21 12:02:30 | 000,002,305 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.11.21 11:28:31 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.21 11:28:29 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.21 11:27:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.11.21 11:05:01 | 000,001,421 | ---- | C] () -- C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.11.21 11:04:54 | 000,001,455 | ---- | C] () -- C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.11.21 11:02:16 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\PB Zubehör Shop.lnk
[2012.11.21 10:47:00 | 2415,321,088 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.21 11:05:16 | 000,000,000 | ---D | M] -- C:\Users\Sebo\AppData\Roaming\OEM
[2012.11.26 19:10:30 | 000,000,000 | ---D | M] -- C:\Users\Sebo\AppData\Roaming\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.21 11:04:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.11.21 19:35:31 | 000,000,000 | ---D | M] -- C:\AcerSW
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.11.21 11:01:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.03.15 13:35:37 | 000,000,000 | ---D | M] -- C:\Intel
[2010.03.15 13:51:57 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.11.21 11:03:13 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.21 12:52:49 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.25 22:11:04 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.25 22:11:04 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.11.21 11:01:04 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.21 11:01:04 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.11.27 14:17:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.21 11:09:45 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.27 14:13:17 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
[2012.11.25 22:12:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{45E557D6-2271-4F13-8101-C620B4285AB0}
[2012.11.23 19:02:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
 
< %localappdata%\*. /5 >
[2012.11.27 14:24:45 | 000,000,000 | ---D | M] -- C:\Users\Sebo\AppData\Local\Temp

< End of report >
--- --- ---


Extras OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.11.2012 14:16:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sebo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 56,87% Memory free
6,00 Gb Paging File | 4,51 Gb Available in Paging File | 75,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,95 Gb Total Space | 417,30 Gb Free Space | 91,72% Space Free | Partition Type: NTFS
Drive D: | 455,46 Gb Total Space | 455,12 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: SEBO-PC | User Name: Sebo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A255BF6-019D-448E-B54F-AB384EDD7D8A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{14534AD7-5268-4970-B04E-A54F648C998C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{163E5F0B-D1D3-4646-8598-B34DA0EA5576}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1CA32CA2-4ABF-4231-BF15-D85247B93AEE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1FCF170C-D8D3-47A7-B282-B000A77F1782}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2549082A-75E4-42DB-88F8-EBBC9AC010C8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4118C5F5-CD7B-464D-BAB6-F6733A2DBE06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{46A6AA3E-1AAB-457F-B88D-D32691D7F4E8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4703CF6A-93DB-4BDE-8CBE-D41CE28E1EE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{53396539-7EC5-4329-AD54-B56D49F7BCBD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7D2939C7-892E-4F77-9047-E5920C64F42D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{82C1C7A9-89A6-4B17-AED2-99F1B11BCFAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83204FD6-584F-459D-95FD-6D92F3BEA7DF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{84717178-A991-4004-9EED-A8AB36B92102}" = rport=445 | protocol=6 | dir=out | app=system | 
"{90A77BFB-F51D-400B-8B59-4D933B4716CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A7F0E75-429F-4B2F-B82D-A2CF32EC07C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A1AB76FD-3664-4525-9F24-69683AFCF248}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AAEB3301-CFC6-473E-9948-B8EE4081C316}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B37D829C-6F86-40C0-8202-288C1AFAE2AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D989337B-F430-4841-8963-9FA362B5F8BB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DF264457-0BE6-4DBB-A60C-81D950A3503E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E2B794CE-3960-454D-B5FD-78F9CF701A7B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F4F95DFD-1D5F-44D0-AA1A-FDBACDCABEB9}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018822EC-FED8-4472-80D1-759A8616CF62}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{110738F9-A6F7-49DC-9971-24A906FE7C4B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{168AEB43-91F9-42B9-BD8B-BF41F099C91F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1A1BA452-D60F-4971-A5E6-CDFCD3533E68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2FAE0328-AAFE-44D8-AAAE-4EA7E8CEAD76}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{324C8042-B5FE-471A-988B-62ABCE78E4C7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3A82EE4B-82CF-483F-924E-2F5730075205}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{42D6D23A-B029-4376-AB71-48A3161A34EE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4D506A79-F1B6-4730-9F3A-7F28BFD2CD82}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5BA682CA-798D-4F82-9C34-9205DE8754B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{826A580D-29F6-4490-98C3-44236836A9F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{91E5FCF5-8F44-4CD3-8B56-231C0A0CFBC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9892AABE-C8E0-495F-9191-EBDEFFFFEC67}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{BB0EF714-97FE-4FA4-B677-26AE0C8F3548}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD72649B-7A13-4F3C-9FD6-A9ADFF1BFA34}" = protocol=6 | dir=out | app=system | 
"{D3C10827-1C06-4A07-A81E-32E2AC0CA7BD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EC10B3F5-4D28-4D69-A5BD-2144535CA621}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{EC676FEF-F96E-4F72-AAC2-C4883BB7E880}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FAE91D40-3D90-4234-ABF5-BF86782A5793}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FE5E4C91-D961-4E34-87BA-27DFF61B3CCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FEB2BFC5-CAF9-4AA9-8FA1-7849481EDC3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{330e1566-027d-4d04-a8c5-011f9f6e8bc7}" = Nero 9 Essentials
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Software Suite SE" = Packard Bell Software Suite SE
"Packard Bell Welcome Center" = Welcome Center
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WT078791" = Bejeweled 2 Deluxe
"WT078806" = Insaniquarium Deluxe
"WT078833" = Zuma Deluxe
"WT078960" = Blasterball 3
"WT078964" = Bob the Builder Can-Do-Zoo
"WT079020" = Faerie Solitaire
"WT079024" = FATE - The Traitor Soul
"WT079064" = Jewel Quest
"WT079068" = Jewel Quest Solitaire 3
"WT079108" = Penguins!
"WT079116" = Polar Bowler
"WT079120" = Polar Golfer
"WT079124" = Polar Pool
"WT079177" = Virtual Villagers - A New Home
"WT079184" = Yahtzee
"WT079363" = Build-a-lot 2
"WT079366" = Chicken Invaders 3 - Revenge of the Yolk
"WT079395" = Escape Rosecliff Island
"WT079397" = Mahjongg Artifacts
"WT079421" = Virtual Families
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.11.2012 05:48:15 | Computer Name = WIN-75IQCESDSNU | Source = ESENT | ID = 412
Description = Catalog Database (380)Catalog Database: Die Kopfzeile der Protokolldatei
 C:\Windows\system32\CatRoot2\edb.log konnte nicht gelesen werden. Fehler -546.
 
Error - 21.11.2012 05:48:15 | Computer Name = WIN-75IQCESDSNU | Source = ESENT | ID = 412
Description = Catalog Database (380)Catalog Database: Die Kopfzeile der Protokolldatei
 C:\Windows\system32\CatRoot2\edb.log konnte nicht gelesen werden. Fehler -546.
 
Error - 21.11.2012 05:48:15 | Computer Name = WIN-75IQCESDSNU | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -546.
 
Error - 21.11.2012 12:29:25 | Computer Name = Sebo-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.62.0.140 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: a48    Startzeit: 
01cdc8054574121c    Endzeit: 12    Anwendungspfad: C:\Program Files (x86)\Malwarebytes' 
Anti-Malware\mbam.exe    Berichts-ID: 959007b0-33f8-11e2-aced-90fba685ffd1  
 
Error - 22.11.2012 05:52:18 | Computer Name = Sebo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SETUP.EXE_Microsoft Setup Bootstrapper,
 Version: 12.0.6425.1000, Zeitstempel: 0x49d4b32a  Name des fehlerhaften Moduls: ole32.dll,
 Version: 6.1.7600.16624, Zeitstempel: 0x4c297c56  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0002f367  ID des fehlerhaften Prozesses: 0xd9c  Startzeit der fehlerhaften Anwendung:
 0x01cdc896fa06327a  Pfad der fehlerhaften Anwendung: C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFICE~1\SETUP.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: 4d0afb06-348a-11e2-90c9-90fba685ffd1
 
Error - 22.11.2012 06:34:52 | Computer Name = Sebo-PC | Source = VSS | ID = 12305
Description = 
 
Error - 22.11.2012 06:59:50 | Computer Name = Sebo-PC | Source = ESENT | ID = 215
Description = WinMail (3032) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 22.11.2012 06:59:57 | Computer Name = Sebo-PC | Source = ESENT | ID = 215
Description = WinMail (2856) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
[ System Events ]
Error - 23.11.2012 15:18:25 | Computer Name = Sebo-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Zugriff auf Eingabegeräte" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 23.11.2012 15:18:25 | Computer Name = Sebo-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Heimnetzgruppen-Listener" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 23.11.2012 15:18:25 | Computer Name = Sebo-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Netzwerkverbindungen" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 23.11.2012 15:18:25 | Computer Name = Sebo-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 23.11.2012 15:18:25 | Computer Name = Sebo-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 23.11.2012 15:18:25 | Computer Name = Sebo-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 23.11.2012 15:18:25 | Computer Name = Sebo-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sitzungs-Manager für Desktopfenster-Manager" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 23.11.2012 15:18:25 | Computer Name = Sebo-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Diagnosesystemhost" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 23.11.2012 15:18:25 | Computer Name = Sebo-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Enumeratordienst für tragbare Geräte" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 23.11.2012 15:18:25 | Computer Name = Sebo-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework"
 wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
 
< End of report >
--- --- ---
__________________
Alt 27.11.2012, 14:30   #4
schrauber
/// the machine
/// TB-Ausbilder
 
http://safesearch.lavasoft.com - Standard

http://safesearch.lavasoft.com


Dann zähl jetzt bitte mal alle Probleme auf die noch bestehen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.11.2012, 14:32   #5
Sebastiano
 
http://safesearch.lavasoft.com - Standard

http://safesearch.lavasoft.com


Ich mach mir ziemlich sorgen falls mein PC viren wieder einfängt ich hatte Gvu trojaner, etc aber schon lange weg aber trotzdem mach ich mir sorgen :/ und zurzeit keine Probleme ist der PC clean ?


Alt 27.11.2012, 14:38   #6
schrauber
/// the machine
/// TB-Ausbilder
 
http://safesearch.lavasoft.com - Standard

http://safesearch.lavasoft.com


Zitat:
und zurzeit keine Probleme
Was ist mit den geschilderten Problemen weswegen du nen neuen Thread eröffnet hast. Sind diese Probleme auch weg?
__________________
--> http://safesearch.lavasoft.com

Alt 27.11.2012, 14:41   #7
Sebastiano
 
http://safesearch.lavasoft.com - Standard

http://safesearch.lavasoft.com


Naja bin mir jetzt nicht richtig sicher ich hab jetzt adblocker drine.

Alt 27.11.2012, 19:13   #8
schrauber
/// the machine
/// TB-Ausbilder
 
http://safesearch.lavasoft.com - Standard

http://safesearch.lavasoft.com


Logs sind sauber
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.11.2012, 19:14   #9
Sebastiano
 
http://safesearch.lavasoft.com - Standard

http://safesearch.lavasoft.com


Yey, Danke D jetzt hab ich auch keine angst :P

Antwort

Themen zu http://safesearch.lavasoft.com
.com, als startseite, deinstalliert, geladen, melde, nicht mehr, runter, seite, startseite, ändern


« claro-search und weitere Spyware | Trojana.Agent.PS »


Ähnliche Themen: http://safesearch.lavasoft.com


  1. SafeSearch loswerden
    Plagegeister aller Art und deren Bekämpfung - 29.09.2015 (2)
  2. Webcompanion von Lavasoft - Win 8.1
    Plagegeister aller Art und deren Bekämpfung - 04.09.2015 (15)
  3. Meldung: Aware Web Companion von Lavasoft enthält ein Root-Zertifikat
    Plagegeister aller Art und deren Bekämpfung - 25.05.2015 (28)
  4. Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung
    Plagegeister aller Art und deren Bekämpfung - 13.12.2014 (3)
  5. Firefox Addon: AVIRA SafeSearch sinnvoll?
    Antiviren-, Firewall- und andere Schutzprogramme - 16.08.2014 (14)
  6. Ungewollte Startseiten: *http://wisersearch.com/?channel=de_nt* und *http://search.fbdownloader.com/?channel=sfde203fbdgy21*
    Log-Analyse und Auswertung - 16.12.2013 (13)
  7. Infektion mit http://www.qvo6.com und http://static.icmapp.com
    Log-Analyse und Auswertung - 04.12.2013 (7)
  8. SafeSearch.net entfernen
    Anleitungen, FAQs & Links - 16.11.2013 (2)
  9. http://dfs.pathdone.net/sd/cpops-1.2.0.html?u=http%3A%2F%2Fdfs.pathdone.net%2Fsd%2Fapps%2Ffusionx%2F0.0.4.html%3Faff%3D1060-8002&p=LyricsSay
    Plagegeister aller Art und deren Bekämpfung - 29.10.2013 (13)
  10. Win7 - 64bit: Öffnen von http://serve.bannersdontwork.com/text/javascript und http://serve.bannersdontwork.com/&m=true in Firefox
    Log-Analyse und Auswertung - 13.08.2013 (17)
  11. http://rou.resyncload.net/sd/wrap-0.01.html?u=http%3A%2F%2Frou.resyncload.net%2Fsd%2Fapps%2Fyb1024.html
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (11)
  12. Wie entferne ich http://serve.bannersdontwork.com/text/javascript http://serve.bannersdontwork.com/&m=true
    Log-Analyse und Auswertung - 18.06.2013 (10)
  13. Lavasoft Ad-Watch: permanente Registry Einträge
    Antiviren-, Firewall- und andere Schutzprogramme - 19.10.2010 (2)
  14. http://www.x-xn.com
    Plagegeister aller Art und deren Bekämpfung - 01.09.2009 (5)
  15. Lavasoft Adaware erkennt Malware Family // Probleme mit WIN32.TrojanDelf
    Log-Analyse und Auswertung - 09.04.2009 (19)
  16. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
  17. Klage gegen LavaSoft (New.Net gegen AdAware
    Antiviren-, Firewall- und andere Schutzprogramme - 10.05.2003 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema http://safesearch.lavasoft.com - Ich melde mich nochmal. Ich hab mir Ad-Adware runter geladen habs wieder deinstalliert und dánn hatt ich hxxp://safesearch.lavasoft.com als startseite und kann es nicht mehr ändern bitte hilfe :/ Code: - http://safesearch.lavasoft.com...
Archiv
Du betrachtest: http://safesearch.lavasoft.com auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131