GVU Trojaner.. auch mich eiskalt erwischt.

Spike007 · 30.12.2012, 00:23

Hallo
gestern hat versucht ein trojaner mich zu bekommen .. so dachte ich
habe alles geblockt was der versucht hat nix zugelassen etc.
hat auch den anschein gehabt als wäre es mir gelungen...
bis ich neu gestartet habe.
Da stand er nun in voller Pracht der GVU trojaner.
ein Strg alt entfernen lies mich den Benutzer wechseln.

mit dem bin ich nun unterwegs.

Zu meinem System
Windows 7 ultimate 32 bit

wer kann mir helfen.. Gruß
Spike

t'john · 30.12.2012, 10:46

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Wähle Scanne Alle Benuzer

Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe

Unter Extra Registrierung, wähle bitte Benutze SafeList

Klicke nun auf Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt

Poste die Logfiles hier in den Thread.

Spike007 · 30.12.2012, 11:50

OTL.txt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 30.12.2012 11:38:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXXXX\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,24 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 56,99% Memory free
6,48 Gb Paging File | 4,80 Gb Available in Paging File | 74,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 3,18 Gb Free Space | 5,42% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 277,90 Gb Free Space | 59,67% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 339,20 Gb Free Space | 72,83% Space Free | Partition Type: NTFS
Drive F: | 58,59 Gb Total Space | 49,27 Gb Free Space | 84,09% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 25,74 Gb Free Space | 5,53% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 173,57 Gb Free Space | 37,27% Space Free | Partition Type: NTFS
Drive I: | 814,32 Gb Total Space | 160,71 Gb Free Space | 19,74% Space Free | Partition Type: NTFS
 
Computer Name: ooooo | User Name: XXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXXXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\xxxxx\AppData\LocalLow\SumatraPDF\IE\SumatraPDFUpdater.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synology\Assistant\UsbClientService.exe ()
PRC - C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
PRC - C:\Program Files\devolo\dlan\devolonetsvc.exe ()
PRC - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\398df77267992efc77df5ef5176a89c6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\227d8befc409e42e058670889c3d6b4a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll ()
MOD - C:\Users\xxxxx\AppData\LocalLow\SumatraPDF\IE\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Winmgmt) -- C:\Users\xxxxx\wgsdgsdgdsgsd.exe File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SumatraPDFUpdater) -- C:\Users\xxxxx\AppData\LocalLow\SumatraPDF\IE\SumatraPDFUpdater.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (UsbClientService) -- C:\Program Files\Synology\Assistant\UsbClientService.exe ()
SRV - (CLKMSVC10_E92D8507) -- C:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Intel® PROSet Monitoring Service) -- C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
SRV - (DevoloNetworkService) -- C:\Program Files\devolo\dlan\devolonetsvc.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (busbcrw) -- C:\Windows\System32\drivers\busbcrw.sys (Brother Industries, Ltd.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Ser2plx86) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (anvsnddrv) -- C:\Windows\System32\drivers\anvsnddrv.sys (AnvSoft Inc.)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (sxuptp) -- C:\Windows\System32\drivers\sxuptp.sys (silex technology, Inc.)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (busenum) -- C:\Windows\System32\drivers\busenum.sys (Windows (R) Win 7 DDK provider)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (e1cexpress) -- C:\Windows\System32\drivers\e1c6232.sys (Intel Corporation)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (emAudio) -- C:\Windows\System32\drivers\emAudio.sys (eMPIA Technology, Inc.)
DRV - (mv91xx) -- C:\Windows\System32\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)
DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcuxd) -- C:\Windows\System32\drivers\vpcuxd.sys (Microsoft Corporation)
DRV - (azvusb) -- C:\Windows\System32\drivers\azvusb.sys (AzureWave Technologies, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2180860846-1555781176-264122612-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2180860846-1555781176-264122612-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2180860846-1555781176-264122612-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 DF 92 B1 10 E6 CD 01  [binary data]
IE - HKU\S-1-5-21-2180860846-1555781176-264122612-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2180860846-1555781176-264122612-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2180860846-1555781176-264122612-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 21:55:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.04 17:18:16 | 000,000,000 | ---D | M]
 
[2012.10.26 22:49:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.10.26 22:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions
[2012.10.26 22:49:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.12.07 21:55:37 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012.07.08 22:52:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 22:23:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.08 22:52:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.08 22:52:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.08 22:52:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.08 22:52:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SumatraPDF) - {EA58BBDF-F45C-4F28-8E52-CD5AA70D2C1E} - C:\Users\xxxxx\AppData\LocalLow\SumatraPDF\IE\SumatraPDF.dll (Krzysztof Kowalczyk)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Tango] C:\Program Files\Tango\Tango.exe ()
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2273D0C2-665C-413E-81A5-F71B5E76C544}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EC66AE9-6DB7-477A-B31D-403F69AED4A1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.01.06 18:05:26 | 000,000,000 | -HS- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.29 23:34:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXXXX\Desktop\OTL.exe
[2012.12.29 23:32:09 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Malwarebytes
[2012.12.29 23:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.29 23:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.29 23:31:53 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.29 23:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.29 23:31:39 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\Programs
[2012.12.29 23:06:09 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Adobe
[2012.12.29 21:50:26 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\AVG2013
[2012.12.29 21:50:25 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\Avg2013
[2012.12.29 21:50:24 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\Power2Go
[2012.12.29 21:50:24 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\ATI
[2012.12.29 21:50:24 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\ATI
[2012.12.29 21:50:24 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Apple Computer
[2012.12.29 21:50:15 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\Virtual Machines
[2012.12.29 21:50:15 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.12.29 21:50:15 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\Searches
[2012.12.29 21:50:15 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.12.29 21:50:05 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Identities
[2012.12.29 21:50:04 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\Contacts
[2012.12.29 21:49:59 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\VirtualStore
[2012.12.29 21:49:57 | 000,000,000 | --SD | C] -- C:\Users\XXXXX\AppData\Roaming\Microsoft
[2012.12.29 21:49:57 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\Videos
[2012.12.29 21:49:57 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\Saved Games
[2012.12.29 21:49:57 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\Pictures
[2012.12.29 21:49:57 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\Music
[2012.12.29 21:49:57 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.12.29 21:49:57 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\Links
[2012.12.29 21:49:57 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\Favorites
[2012.12.29 21:49:57 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\Downloads
[2012.12.29 21:49:57 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\Documents
[2012.12.29 21:49:57 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\Desktop
[2012.12.29 21:49:57 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\Vorlagen
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\AppData\Local\Verlauf
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\AppData\Local\Temporary Internet Files
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\Startmenü
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\SendTo
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\Recent
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\Netzwerkumgebung
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\Lokale Einstellungen
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\Documents\Eigene Videos
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\Documents\Eigene Musik
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\Eigene Dateien
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\Documents\Eigene Bilder
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\Druckumgebung
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\Cookies
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\AppData\Local\Anwendungsdaten
[2012.12.29 21:49:57 | 000,000,000 | -HSD | C] -- C:\Users\XXXXX\Anwendungsdaten
[2012.12.29 21:49:57 | 000,000,000 | -H-D | C] -- C:\Users\XXXXX\AppData
[2012.12.29 21:49:57 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\Temp
[2012.12.29 21:49:57 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\Microsoft
[2012.12.29 21:49:57 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Media Center Programs
[2012.12.29 21:49:57 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Macromedia
[2012.12.29 21:49:57 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.12.29 00:45:22 | 000,000,000 | ---D | C] -- C:\FarmHelper
[2012.12.23 23:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\MakeMKV
[2012.12.22 19:06:30 | 000,105,728 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaura.sys
[2012.12.22 18:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE-DESIGN NEXT
[2012.12.22 18:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BIL
[2012.12.22 18:38:34 | 000,018,944 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\busbcrw.sys
[2012.12.21 03:00:37 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.21 03:00:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.19 21:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tajima
[2012.12.19 21:58:34 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\Roboex32.dll
[2012.12.19 21:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Tajima
[2012.12.19 21:58:02 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2012.12.19 05:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.12.15 17:41:41 | 000,000,000 | ---D | C] -- C:\temp
[2012.12.15 17:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE-DESIGN Ver6
[2012.12.15 17:18:25 | 001,009,664 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltwvc13n.dll
[2012.12.15 17:18:25 | 000,825,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltwen13n.dll
[2012.12.15 17:18:25 | 000,794,624 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTRTN13n.DLL
[2012.12.15 17:18:25 | 000,379,904 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltvec13n.ocx
[2012.12.15 17:18:25 | 000,253,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltpnt13n.ocx
[2012.12.15 17:18:25 | 000,246,784 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lvkrn13n.dll
[2012.12.15 17:18:25 | 000,204,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltscr13n.ocx
[2012.12.15 17:18:25 | 000,170,496 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTSCR13n.DLL
[2012.12.15 17:18:25 | 000,164,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lvdlg13n.dll
[2012.12.15 17:18:25 | 000,158,720 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltpnt13n.dll
[2012.12.15 17:18:25 | 000,153,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lttmb13n.ocx
[2012.12.15 17:18:25 | 000,145,920 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lttw213n.dll
[2012.12.15 17:18:25 | 000,144,384 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lttlb13n.ocx
[2012.12.15 17:18:25 | 000,110,592 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTSGM13N.DLL
[2012.12.15 17:18:25 | 000,108,032 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTTLB13n.dll
[2012.12.15 17:18:25 | 000,102,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltodb13n.ocx
[2012.12.15 17:18:25 | 000,095,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltpdg13n.dll
[2012.12.15 17:18:25 | 000,076,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lvgl13n.dll
[2012.12.15 17:18:25 | 000,074,240 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lvdx13n.dll
[2012.12.15 17:18:25 | 000,053,248 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTWEB13n.dll
[2012.12.15 17:18:25 | 000,044,032 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lttwn13n.dll
[2012.12.15 17:18:25 | 000,032,256 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lttmb13n.dll
[2012.12.15 17:18:25 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTWND13n.DLL
[2012.12.15 17:18:24 | 000,759,808 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltocx13n.ocx
[2012.12.15 17:18:24 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltkrn13n.dll
[2012.12.15 17:18:24 | 000,196,608 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltlst13n.ocx
[2012.12.15 17:18:24 | 000,179,200 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltnet13n.ocx
[2012.12.15 17:18:24 | 000,150,528 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltisi13n.ocx
[2012.12.15 17:18:24 | 000,146,432 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltmrc13n.ocx
[2012.12.15 17:18:24 | 000,114,176 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTOCR13n.dll
[2012.12.15 17:18:24 | 000,061,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltnet13n.dll
[2012.12.15 17:18:24 | 000,051,200 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltlst13n.dll
[2012.12.15 17:18:23 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltisi13n.dll
[2012.12.15 17:18:22 | 001,402,368 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltdlg13n.dll
[2012.12.15 17:18:22 | 000,966,144 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltdlgres13n.dll
[2012.12.15 17:18:22 | 000,445,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltimg13n.dll
[2012.12.15 17:18:22 | 000,360,960 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltdlg13n.ocx
[2012.12.15 17:18:22 | 000,265,728 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTDIS13n.dll
[2012.12.15 17:18:22 | 000,241,664 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTEml13n.dll
[2012.12.15 17:18:22 | 000,206,848 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltefx13n.dll
[2012.12.15 17:18:22 | 000,154,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltfil13n.DLL
[2012.12.15 17:18:21 | 001,693,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTCLR13n.dll
[2012.12.15 17:18:21 | 001,139,712 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTDic13n.dll
[2012.12.15 17:18:21 | 000,319,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTCML13n.dll
[2012.12.15 17:18:21 | 000,149,504 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTAUT13n.dll
[2012.12.15 17:18:21 | 000,111,616 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTCON13n.dll
[2012.12.15 17:18:20 | 000,785,920 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltann13n.dll
[2012.12.15 17:18:20 | 000,550,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFSVG13n.dll
[2012.12.15 17:18:20 | 000,278,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFJ2K13n.dll
[2012.12.15 17:18:20 | 000,180,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfpng13n.dll
[2012.12.15 17:18:20 | 000,177,664 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpdf13n.dll
[2012.12.15 17:18:20 | 000,153,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfPCL13n.dll
[2012.12.15 17:18:20 | 000,143,360 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftif13n.dll
[2012.12.15 17:18:20 | 000,108,032 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfgbr13n.dll
[2012.12.15 17:18:20 | 000,102,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfmpg13n.dll
[2012.12.15 17:18:20 | 000,101,376 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfvpg13n.dll
[2012.12.15 17:18:20 | 000,090,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfjbg13n.dll
[2012.12.15 17:18:20 | 000,084,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lffpx13n.dll
[2012.12.15 17:18:20 | 000,083,456 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfshp13n.dll
[2012.12.15 17:18:20 | 000,080,384 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFPTK13n.dll
[2012.12.15 17:18:20 | 000,076,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfwmf13n.dll
[2012.12.15 17:18:20 | 000,074,752 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfplt13n.dll
[2012.12.15 17:18:20 | 000,073,728 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lffax13n.dll
[2012.12.15 17:18:20 | 000,068,096 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfsct13n.dll
[2012.12.15 17:18:20 | 000,065,536 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfpct13n.dll
[2012.12.15 17:18:20 | 000,057,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpsd13n.dll
[2012.12.15 17:18:20 | 000,051,200 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfXpm13n.dll
[2012.12.15 17:18:20 | 000,049,664 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfXbm13n.dll
[2012.12.15 17:18:20 | 000,048,128 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfica13n.dll
[2012.12.15 17:18:20 | 000,047,616 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfeps13n.dll
[2012.12.15 17:18:20 | 000,047,104 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfgif13n.dll
[2012.12.15 17:18:20 | 000,038,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfflc13n.dll
[2012.12.15 17:18:20 | 000,033,792 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFSMP13n.dll
[2012.12.15 17:18:20 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfwmp13n.dll
[2012.12.15 17:18:20 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfvec13n.dll
[2012.12.15 17:18:20 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lflmb13n.dll
[2012.12.15 17:18:20 | 000,031,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFPNM13n.dll
[2012.12.15 17:18:20 | 000,029,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lflma13n.dll
[2012.12.15 17:18:20 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfiff13n.dll
[2012.12.15 17:18:20 | 000,026,624 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpcx13n.dll
[2012.12.15 17:18:20 | 000,025,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfxwd13n.dll
[2012.12.15 17:18:20 | 000,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftga13n.dll
[2012.12.15 17:18:20 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfimg13n.dll
[2012.12.15 17:18:20 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfwpg13n.dll
[2012.12.15 17:18:20 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfsgi13n.dll
[2012.12.15 17:18:20 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfras13n.dll
[2012.12.15 17:18:20 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfwfx13n.dll
[2012.12.15 17:18:20 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpcd13n.dll
[2012.12.15 17:18:20 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfitg13n.dll
[2012.12.15 17:18:20 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfmsp13n.dll
[2012.12.15 17:18:20 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfmac13n.dll
[2012.12.15 17:18:20 | 000,017,920 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfRaw13n.dll
[2012.12.15 17:18:19 | 000,543,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\leadsrvr.exe
[2012.12.15 17:18:19 | 000,509,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMW13n.dll
[2012.12.15 17:18:19 | 000,484,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfdwf13n.dll
[2012.12.15 17:18:19 | 000,420,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP13n.DLL
[2012.12.15 17:18:19 | 000,295,936 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfAFP13n.dll
[2012.12.15 17:18:19 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\PCDLIB32.DLL
[2012.12.15 17:18:19 | 000,185,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfdxf13n.dll
[2012.12.15 17:18:19 | 000,130,560 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfdwg13n.dll
[2012.12.15 17:18:19 | 000,094,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfdrw13n.dll
[2012.12.15 17:18:19 | 000,091,136 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfacs13n.dll
[2012.12.15 17:18:19 | 000,090,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfcmx13n.dll
[2012.12.15 17:18:19 | 000,089,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfcgm13n.dll
[2012.12.15 17:18:19 | 000,079,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfdgn13n.dll
[2012.12.15 17:18:19 | 000,056,320 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfcal13n.dll
[2012.12.15 17:18:19 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfclp13n.dll
[2012.12.15 17:18:19 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp13n.dll
[2012.12.15 17:18:19 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AWRESX32.DLL
[2012.12.15 17:18:19 | 000,025,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfani13n.dll
[2012.12.15 17:18:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AWCODC32.DLL
[2012.12.15 17:18:19 | 000,023,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfawd13n.dll
[2012.12.15 17:18:19 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfCUT13n.dll
[2012.12.15 17:18:19 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfavi13n.dll
[2012.12.15 17:18:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AWDENC32.DLL
[2012.12.15 17:18:19 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AWVIEW32.DLL
[2012.12.15 17:18:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AWDCXC32.DLL
[2012.12.14 00:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.12.14 00:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012.12.13 14:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012.12.12 03:01:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.12 03:01:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.12 03:01:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.12 03:01:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.12 03:01:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.12 03:01:34 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.12 03:01:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.12 03:01:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.11 21:28:54 | 002,344,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.11 21:28:44 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.11 21:28:44 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.11 21:28:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.11 21:28:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.11 21:28:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.11 21:28:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.11 21:28:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.11 21:28:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.11 21:28:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.11 21:28:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.11 21:28:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.11 21:28:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.11 21:28:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.11 21:28:30 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.11 21:28:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.05 03:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.12.05 03:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.12.05 03:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.30 11:24:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.30 11:00:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.30 10:23:50 | 000,018,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.30 10:23:50 | 000,018,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.30 10:20:27 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.30 10:18:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.30 10:18:43 | 2607,919,104 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.29 23:34:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXXXX\Desktop\OTL.exe
[2012.12.29 23:31:56 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.29 21:54:50 | 000,698,474 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.29 21:54:50 | 000,652,456 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.29 21:54:50 | 000,148,530 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.29 21:54:50 | 000,121,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.29 21:50:27 | 000,001,202 | ---- | M] () -- C:\Users\XXXXX\Desktop\Blu-ray Disc Suite.lnk
[2012.12.29 21:47:35 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.12.27 17:06:50 | 000,003,504 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.12.23 19:23:39 | 000,000,333 | ---- | M] () -- C:\Windows\BRCALIB.INI
[2012.12.22 19:06:27 | 000,105,728 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaura.sys
[2012.12.22 18:45:45 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\PE-DESIGN NEXT.lnk
[2012.12.22 18:38:34 | 000,018,944 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\busbcrw.sys
[2012.12.21 03:20:01 | 000,334,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.19 21:58:36 | 000,001,211 | ---- | M] () -- C:\Users\Public\Desktop\Tajima DGML by Pulse Ambassador.lnk
[2012.12.16 15:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.13 14:47:16 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.12.12 05:00:06 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.12 05:00:06 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.04 17:19:33 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
 
========== Files Created - No Company Name ==========
 
[2012.12.29 23:31:56 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.29 21:50:16 | 000,001,418 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.12.29 21:49:57 | 000,001,202 | ---- | C] () -- C:\Users\XXXXX\Desktop\Blu-ray Disc Suite.lnk
[2012.12.22 18:45:45 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\PE-DESIGN NEXT.lnk
[2012.12.19 21:58:36 | 000,001,211 | ---- | C] () -- C:\Users\Public\Desktop\Tajima DGML by Pulse Ambassador.lnk
[2012.12.15 17:18:24 | 001,190,601 | ---- | C] () -- C:\Windows\System32\LTOCX13n.CAB
[2012.12.15 17:18:20 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2012.12.15 17:18:20 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2012.12.13 14:47:16 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.04.27 17:42:01 | 000,003,504 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.03.07 02:44:25 | 000,917,504 | ---- | C] () -- C:\Windows\System32\dtsdecoderdll.dll
[2012.03.07 02:44:25 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2012.03.04 12:57:19 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012.03.04 11:40:08 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012.02.29 20:34:45 | 000,000,333 | ---- | C] () -- C:\Windows\BRCALIB.INI
[2012.02.27 19:28:58 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1018.EXE
[2012.01.03 22:46:29 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.01.03 22:18:09 | 000,000,322 | ---- | C] () -- C:\Windows\System32\mr.dat
[2011.11.29 23:02:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.10.18 17:01:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.07.10 18:08:35 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.06.16 21:46:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011.06.16 21:44:56 | 000,038,050 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.06.16 21:43:48 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.06.16 21:43:44 | 000,024,917 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.06.16 02:55:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.16 02:48:34 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.05.18 22:33:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\AnvSoft
[2012.12.13 14:48:50 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\AVG2013
[2012.03.07 22:04:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\avidemux
[2012.05.13 11:49:33 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Canneverbe Limited
[2012.11.02 16:40:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\DAEMON Tools Lite
[2012.11.20 20:12:27 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\DVDVideoSoft
[2011.10.18 08:11:17 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.04 21:33:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\EPSON
[2011.07.29 21:40:48 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Free iPad Video Converter
[2011.10.18 17:22:45 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\FreeVideoConverter
[2012.10.25 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\FRITZ!
[2012.10.25 20:54:39 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.10.18 17:00:51 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\GetRightToGo
[2011.07.29 20:19:52 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\HandBrake
[2011.07.10 17:55:20 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ImgBurn
[2012.03.07 21:28:25 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ImTOO
[2012.12.14 00:52:16 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\IrfanView
[2012.03.04 11:24:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Leawo
[2012.05.02 00:17:28 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Mouse Recorder Pro
[2011.11.29 23:02:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\pdfforge
[2012.06.17 00:19:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Seas0nPass
[2011.07.03 15:39:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\TeamViewer
[2012.03.04 11:25:09 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\tiger-k
[2012.12.13 14:47:15 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\TuneUp Software
[2012.01.03 23:29:26 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Vso
[2012.12.29 21:50:26 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\AVG2013
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:FB1B13D8

< End of report >

--- --- ---

extras

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 29.12.2012 23:56:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXXXX\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,24 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 26,57% Memory free
6,48 Gb Paging File | 3,00 Gb Available in Paging File | 46,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 2,93 Gb Free Space | 4,99% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 277,90 Gb Free Space | 59,67% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 339,20 Gb Free Space | 72,83% Space Free | Partition Type: NTFS
Drive F: | 58,59 Gb Total Space | 49,27 Gb Free Space | 84,09% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 25,74 Gb Free Space | 5,53% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 173,57 Gb Free Space | 37,27% Space Free | Partition Type: NTFS
Drive I: | 814,32 Gb Total Space | 160,70 Gb Free Space | 19,73% Space Free | Partition Type: NTFS
 
Computer Name: OOOOO | User Name: XXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2180860846-1555781176-264122612-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02294AF9-A841-4E7F-A570-C0A9FD01AF63}" = rport=138 | protocol=17 | dir=out | app=system | 
"{06FCC0C6-4297-4A4D-B2C1-A874917D5D76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{076442CA-CFAB-4052-AC03-C9ED6AF8834C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{077CB168-879D-45D2-BE8B-3B61D5076C69}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe | 
"{0A6C268D-2DC9-448E-A8E7-E1CE3B78FB14}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0A8AC837-6F47-4021-B815-630A25A89C6A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0BC3F451-F815-4D49-A6F9-1C6BFB7455B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C44D143-3469-42EB-AA4B-8B2471D766C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{16DB750F-04F2-4794-B12C-7D8331AB2840}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{19ECD8A8-0587-435F-B1BD-BEE255322CD6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1A5C7E48-1104-4AB0-B367-FA67F9FBC386}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1EEBF253-D343-4991-A47E-DF8046A437B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{23E544C3-4E10-4378-91C5-962C5448CAC3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{247CBAE3-0629-4876-A2FF-E0605CFEBD8C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{257628F1-9C9B-49D5-BAD2-EC2AAB9DFF1B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2EAC8AB0-8F23-4BC5-8238-9E295F276E82}" = lport=1900 | protocol=17 | dir=in | name=upnp device discovery (udp 1900) | 
"{32439363-C002-4325-9F14-368B0AB79142}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{397BD3B2-11F2-4E86-AFDD-3A344A13187A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{415CDE41-383C-4D08-AF9E-88CACE4409DE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{416BC7BB-204D-4894-8727-40473733BC75}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{45F36642-BF64-43E2-86F9-7BE4354FEE6D}" = lport=19540 | protocol=17 | dir=in | name=sxuptp | 
"{483A0190-39B8-4CC7-89A4-6052DE0A670C}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe | 
"{49B38221-F028-4FFB-BA5F-C55867D1E7E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{52F0186B-BF4E-4485-B9F7-A0C40B0E10A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{57BD50E4-6600-4E5A-9B85-1EA3BA9D4D04}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{773761FA-9DFC-4A17-9F31-05E9AC0FEC02}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7B93E35B-FE6E-4451-9FB6-1AD25FEA2E31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8A5C03B0-E232-4DD6-8616-F40F79D17521}" = lport=2869 | protocol=6 | dir=in | name=upnp device discovery (tcp 2869) | 
"{99C3C1E6-1AC3-4EE3-AB43-C259B4CF7E98}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A2871D25-D880-4E6F-BFD9-9490665F97CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AE2B4B05-BB4C-4442-92F1-743CB169BEC5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AE7CAAD1-62A8-464C-893C-83F3895B27B2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C70819F3-825F-43FF-977A-85A97E9A4922}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C824A520-F953-44A7-93A9-929004C6AB76}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CD05D784-485B-4439-8102-BF6913EC5C9F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DF5A57FE-E9DA-4667-A008-313709C8B350}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{F2A8A540-B312-46D9-9B80-BA7C8298517E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0129FAFF-137B-450C-AB6F-8D7A3ECD4208}" = dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | 
"{15F6A51A-2626-4B3E-87A6-9ADB7324F4FA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1F029665-BB2F-4C6C-AC3A-C3E7253668B8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{22D96AD2-C222-400D-98BB-DAF23AF6D1BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{287EAF3C-3BB4-447B-A47E-7CBF785F6BD4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{2B672748-09DF-4428-BD5B-CC82D050DC15}" = protocol=6 | dir=in | app=c:\users\xxxxx\appdata\local\apps\2.0\9l0yldzm.0k7\0jwk020p.bcm\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{37E51F68-6F7E-4B16-AD31-C09935265959}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3D3790B8-5B5C-4206-B17A-45EFF42DC5EF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{3D593480-B88F-447B-B721-462DA7ED229A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3FC1EE8E-B71A-4D7A-98F8-733C437AB8E2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{434C4F4C-5185-484A-AF81-15E61675D456}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{4C6BB5AD-8D6E-41B0-ACDF-6EFD9018103B}" = protocol=17 | dir=in | app=c:\users\xxxxx\appdata\local\apps\2.0\9l0yldzm.0k7\0jwk020p.bcm\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe | 
"{4DBD3B02-AE0B-4639-B8D7-5DBE2E27569E}" = protocol=6 | dir=in | app=c:\users\xxxxx\appdata\local\apps\2.0\9l0yldzm.0k7\0jwk020p.bcm\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe | 
"{5E8079CA-DB89-4BEE-B754-AFA5CF2BF3D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{607C5E88-E22B-44A6-B4E7-9E5D0884CFA0}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{617A8D4C-ADFA-4A90-BCC9-B4BF3EE3DF74}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{6430C344-E956-49B3-975F-F87203C2EC71}" = dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | 
"{68534B4B-30A3-40B2-8236-E3568DD83B39}" = protocol=17 | dir=in | app=c:\users\xxxxx\appdata\local\apps\2.0\9l0yldzm.0k7\0jwk020p.bcm\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{6CFFD594-8964-4A8C-8F40-7C9278612A61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{796C6023-723A-4CAA-A012-B98098950B59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{94D2F338-5697-4682-B598-C280D3B42C75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9A8F32A2-C45E-4353-BCC3-94EADBD7E06C}" = protocol=6 | dir=out | app=system | 
"{A799B15C-CE39-41F4-AF19-B8BFD63E5B10}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{B090D191-B8BA-4AA1-85C7-146722B4CCB2}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{B2601207-9C76-4E9C-8C44-5C039E5AD77B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B3050326-DB59-4D70-9BC3-48A930E33CF6}" = dir=in | app=c:\windows\ehome\ehrecvr.exe | 
"{B3BD1080-29B5-4B55-967F-0373EA06B55A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE5D343E-99F3-404F-8F9A-534A25CBFA68}" = dir=in | app=c:\windows\ehome\ehrecvr.exe | 
"{CA29447B-D048-4A62-94BE-29E6235643A7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{CBC85D00-6D7B-4573-88C0-C357585E3058}" = dir=in | app=c:\program files\silex technology\sx virtual link\connect.exe | 
"{CC344A5D-BB2F-4723-B20B-C8D1E506075E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D89A84AA-A976-4D41-95BD-9247E8F7A961}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{DA9F7C5B-3F0A-4210-ADD9-5EDEE6B8B63F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E1384F38-0572-4225-B0F8-4D2228FE7722}" = dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | 
"{E7CF30AD-9DD3-4A69-A423-E9907787F36E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8656EC2-C773-4D7F-AF8F-C5C2D6C4A83E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{F3A16C15-8456-4C85-9CC3-A32469E9C83E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F4E2459D-AEB6-4D03-9E73-E4937BF3EA3A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F514999E-061C-4B40-AEB5-83C2841AC64E}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{FBCF2BAB-2CCE-495D-B6F7-558CC514425A}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | 
"{FDBDEE5A-9422-45F8-A727-510F6E8AEEED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FF79D682-15C5-4E44-9EF8-420E71D51C09}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{2CF50B49-C17D-4C26-B739-9471BA6C7637}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"TCP Query User{2E1ED505-9F4A-4C79-87CD-986C3A3AEDED}C:\program files\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe | 
"TCP Query User{4DD91A41-E358-4172-BA9D-49AF884E5038}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{7A371713-2A0A-4903-8414-9C7AD37AD937}C:\farmhelper\fvbot.exe" = protocol=6 | dir=in | app=c:\farmhelper\fvbot.exe | 
"TCP Query User{88F91FD5-B39D-402F-AE59-BEDDF872AE40}C:\program files\makemkv\makemkvcon.exe" = protocol=6 | dir=in | app=c:\program files\makemkv\makemkvcon.exe | 
"TCP Query User{DDA2FCA4-B551-4805-B353-7E60F8632EBD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{2C22B6B9-4958-42D3-B320-F430364C3EB8}C:\farmhelper\fvbot.exe" = protocol=17 | dir=in | app=c:\farmhelper\fvbot.exe | 
"UDP Query User{6134FF16-19EF-42F1-8FE4-B5B4D661E4B0}C:\program files\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe | 
"UDP Query User{764362B5-E004-4304-826F-40CCABAACE9D}C:\program files\makemkv\makemkvcon.exe" = protocol=17 | dir=in | app=c:\program files\makemkv\makemkvcon.exe | 
"UDP Query User{C0A3239F-F597-4503-8DA8-61314D7CCB10}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{F0195330-5A2C-4F03-A38D-5EF5370DBAEC}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"UDP Query User{FE5F0D28-1662-40DB-869F-E2F78F4D3E0D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{041EDAC5-853E-4A10-A0C8-ED0CF7769306}" = PE-DESIGN NEXT
"{09BD1434-E53C-800A-BAE7-AAE85025E8A5}" = ATI AVIVO Codecs
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C171CF9-E6CB-427F-B1E8-55637C603586}_is1" = FarmHelper
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C6BA2FA-05BB-F6C0-3BDF-2C2DD4E39275}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F57656E-310B-D5C1-8B38-CD8BF09ADC31}" = CCC Help Russian
"{1F8CE8A5-2C35-B10C-9EE4-EB3A937EF192}" = CCC Help Thai
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2BC12018-4A32-E375-FF94-4830A1A9BD17}" = Catalyst Control Center Graphics Previews Common
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0
"{3256C48C-78D0-4FC6-A0F5-81ADF3A9D7D4}" = AVG 2013
"{3A7CEF01-FB6E-B492-0B99-E8C48B80040A}" = CCC Help English
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{47A5EFF0-3A7F-934F-C778-C7E6C8EBE497}" = ATI Catalyst Install Manager
"{48BB3836-2F6F-B8F5-D5B4-106903E92F2F}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A051E47-6E50-437E-9E22-B5A2EBD3F8E3}" = compasX 19.1
"{4B5CB1BC-6D47-B0DA-9C22-1546F98A954F}" = CCC Help German
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{4FA7C6E9-21D7-CFE5-E111-0ADD6DE0D49E}" = CCC Help Swedish
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5B87B431-0A03-4602-66E5-D6E84AACF15D}" = ccc-core-static
"{5D21244C-75F4-4204-8B60-5DE662A245F1}" = CCC Help Finnish
"{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{647FDE6A-C7D5-D8AD-BCB6-3A69FC95C264}" = CCC Help Japanese
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65739FA2-0444-4AB2-B598-872406539EBD}" = pdfforge Toolbar v6.6
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71972D00-4596-11E2-B6EA-B8AC6F97B88E}" = Google Earth Plug-in
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7447DBD6-E712-B7FD-3E1B-C82929E3DC94}" = Catalyst Control Center InstallProxy
"{744F505A-D627-E778-6724-EE7C70F49789}" = CCC Help Turkish
"{77117A63-E036-9CBC-88AA-EA11FFDE706C}" = CCC Help Danish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1" = Mouse Recorder Pro 2.0.7.4
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8F1B38D1-A6CC-982A-158E-A8B97EB5A5D4}" = ccc-utility
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90FD66ED-BF27-2513-2D4C-5FA5EEA239C6}" = CCC Help Hungarian
"{9190F5FB-B316-10E8-56A9-695110CAB551}" = CCC Help Spanish
"{969F1D08-6246-2BAA-A4F8-4C2B291078DF}" = CCC Help Greek
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8142BB-8AD4-A3F3-4191-CE02A9E5BFAB}" = CCC Help French
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF399570-0FB0-122E-0C35-849F15AFAB19}" = Application Profiles
"{B0933BBC-1A09-146A-C40A-BD5C1294749C}" = AMD Drag and Drop Transcoding
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B202B201-5D15-4CA7-A978-047AB4A28960}" = PE-DESIGN Ver.6
"{B28F4C9C-8348-4B52-BB95-F8FAC95A8325}" = PCTV Package - Windows Media Center
"{B42BC17B-B545-E379-96E4-8709AB86034A}" = CCC Help Dutch
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B80BE2E3-EA77-53D4-7A56-C53D452E6D50}" = HydraVision
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51
"{BA02FAF3-7AEE-4B07-A7F8-5AF7F81EB940}" = DRAWings X3
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{BF5B8A54-EE1E-B221-4C1E-4D9E5E93D7A6}" = CCC Help Chinese Traditional
"{C1548201-53B0-EB9E-B662-D3E48406AF50}" = CCC Help Czech
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7132F71-289A-4111-A9A9-1DD28C7B80A7}" = TVCenter
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C7D2B6FB-A766-DAFB-3536-8219ED98EF5F}" = CCC Help Norwegian
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC71BB44-D345-7591-D61B-9233464D6326}" = CCC Help Portuguese
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D1D40FB8-4DF3-8AC7-DB80-5030D6BD7E5F}" = CCC Help Korean
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D554EA85-E14F-A09E-BF72-360CDC8C73F5}" = CCC Help Chinese Standard
"{D903B6D5-B5E7-261E-F5F7-8784A1EC43EF}" = CCC Help Polish
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC73D9BE-30BC-1BBF-3E7F-57F37E96AFEB}" = Catalyst Control Center Graphics Previews Vista
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Aiseesoft iPad Converter Suite_is1" = Aiseesoft iPad Converter Suite
"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.3.7
"AnyDVD" = AnyDVD
"AVG" = AVG 2013
"AVGo Media Recorder_is1" = AVGo Media Recorder 1.10
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"BabylonToolbar" = Babylon toolbar on IE
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"DAEMON Tools Lite" = DAEMON Tools Lite
"dlancockpit" = devolo dLAN Cockpit
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.0
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow v1.1.4305 [2012-02-05]
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.15.602
"Free iPad Video Converter_is1" = Free iPad Video Converter 3.7.2.1
"Free Studio_is1" = Free Studio version 5.3.5
"Free Video to AppleTV Converter_is1" = Free Video to AppleTV Converter version 2.3.3.920
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"FTP Commander" = FTP Commander
"HaaliMkx" = Haali Media Splitter
"iCopy" = iCopy
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"IrfanView" = IrfanView (remove only)
"Junction Link Magic_is1" = Junction Link Magic 2.0
"MagniDriver" = marvell 91xx console driver
"MakeMKV" = MakeMKV v1.7.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 Cutter_is1" = MP4 Cutter 1.0
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"SX Virtual Link" = SX Virtual Link
"Synology Assistant" = Synology Assistant (remove only)
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2180860846-1555781176-264122612-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = FRITZ!Box USB-Fernanschluss
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.12.2012 20:42:04 | Computer Name = OOOOO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Spigot\Search Settings\SearchSettings64.exe".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.12.2012 18:10:13 | Computer Name = OOOOO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
 Zeitstempel: 0x50b71a4b  Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
 Zeitstempel: 0x50b7198b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00144ed8  ID des fehlerhaften
 Prozesses: 0x16ac  Startzeit der fehlerhaften Anwendung: 0x01cde152e542c60a  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: b0203091-4e16-11e2-88e5-009081d691a5
 
Error - 24.12.2012 18:26:26 | Computer Name = OOOOO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7600.16667,
 Zeitstempel: 0x4c7dc5a1  Name des fehlerhaften Moduls: MatroskaDX.ax, Version: 1.0.2.9,
 Zeitstempel: 0x4411e62f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000fe36  ID des fehlerhaften
 Prozesses: 0x1a98  Startzeit der fehlerhaften Anwendung: 0x01cde225b4a22fa1  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmplayer.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\system32\MatroskaDX.ax  Berichtskennung: f3dd8650-4e18-11e2-88e5-009081d691a5
 
Error - 24.12.2012 18:26:33 | Computer Name = OOOOO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7600.16667,
 Zeitstempel: 0x4c7dc5a1  Name des fehlerhaften Moduls: MatroskaDX.ax, Version: 1.0.2.9,
 Zeitstempel: 0x4411e62f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00003aac  ID des fehlerhaften
 Prozesses: 0x1db0  Startzeit der fehlerhaften Anwendung: 0x01cde225b91578ef  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmplayer.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\system32\MatroskaDX.ax  Berichtskennung: f857d499-4e18-11e2-88e5-009081d691a5
 
Error - 24.12.2012 18:26:37 | Computer Name = OOOOO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7600.16667,
 Zeitstempel: 0x4c7dc5a1  Name des fehlerhaften Moduls: MatroskaDX.ax, Version: 1.0.2.9,
 Zeitstempel: 0x4411e62f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00003aac  ID des fehlerhaften
 Prozesses: 0x6b0  Startzeit der fehlerhaften Anwendung: 0x01cde225bc888c8d  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmplayer.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\system32\MatroskaDX.ax  Berichtskennung: fa89ff14-4e18-11e2-88e5-009081d691a5
 
Error - 24.12.2012 18:30:24 | Computer Name = OOOOO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: makemkvcon.exe, Version: 1.7.9.0,
 Zeitstempel: 0x50972580  Name des fehlerhaften Moduls: makemkvcon.exe, Version: 1.7.9.0,
 Zeitstempel: 0x50972580  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000a827  ID des fehlerhaften
 Prozesses: 0x15f4  Startzeit der fehlerhaften Anwendung: 0x01cde1619850c7f2  Pfad der
 fehlerhaften Anwendung: C:\Program Files\MakeMKV\makemkvcon.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\MakeMKV\makemkvcon.exe  Berichtskennung: 81bbfa4a-4e19-11e2-88e5-009081d691a5
 
Error - 27.12.2012 09:20:31 | Computer Name = OOOOO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Embedit.exe, Version: 6.0.0.1, Zeitstempel:
 0x40fef1df  Name des fehlerhaften Moduls: CardIO.dll, Version: 3.0.0.2, Zeitstempel:
 0x40fef18a  Ausnahmecode: 0x80000003  Fehleroffset: 0x000019b4  ID des fehlerhaften Prozesses:
 0xaf0  Startzeit der fehlerhaften Anwendung: 0x01cde434e7b7385f  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Brother\PE-DESIGN Ver6\Embedit.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Brother\PE-DESIGN Ver6\CardIO.dll  Berichtskennung: 2ff16567-5028-11e2-ba69-009081d691a5
 
Error - 27.12.2012 12:18:01 | Computer Name = OOOOO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe_shell32.dll, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc637  Name des fehlerhaften Moduls: unknown, Version:
 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x060ef568
ID
 des fehlerhaften Prozesses: 0x1f64  Startzeit der fehlerhaften Anwendung: 0x01cde44d6f55e4ed
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\rundll32.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: fbb86f75-5040-11e2-ba69-009081d691a5
 
Error - 28.12.2012 15:55:13 | Computer Name = OOOOO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16768,
 Zeitstempel: 0x4d6878c3  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x053cfc7c  ID des fehlerhaften
 Prozesses: 0x1a8c  Startzeit der fehlerhaften Anwendung: 0x01cde534a992042a  Pfad der
 fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 7ddba9fa-5128-11e2-ba69-009081d691a5
 
Error - 28.12.2012 16:21:43 | Computer Name = OOOOO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PDFXCview.exe, Version: 2.0.44.0,
 Zeitstempel: 0x4b3b9080  Name des fehlerhaften Moduls: PDFXCview.exe, Version: 2.0.44.0,
 Zeitstempel: 0x4b3b9080  Ausnahmecode: 0xc0000005  Fehleroffset: 0x004873f5  ID des fehlerhaften
 Prozesses: 0x16e8  Startzeit der fehlerhaften Anwendung: 0x01cde534ef2860f5  Pfad der
 fehlerhaften Anwendung: I:\Windows.old\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
Pfad
 des fehlerhaften Moduls: I:\Windows.old\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
Berichtskennung:
 3184a4cf-512c-11e2-ba69-009081d691a5
 
[ DRAWings Events ]
Error - 30.10.2012 18:43:57 | Computer Name = OOOOO | Source = DRAWingsApp | ID = 4001
Description = CBU key not attached
 
Error - 30.10.2012 18:45:35 | Computer Name = OOOOO | Source = DRAWingsApp | ID = 4001
Description = CBU key not attached
 
Error - 30.10.2012 18:47:17 | Computer Name = OOOOO | Source = DRAWingsApp | ID = 4001
Description = CBU key not attached
 
Error - 23.11.2012 18:37:22 | Computer Name = OOOOO | Source = DRAWingsApp | ID = 4003
Description = Last exception was unhandled.
 
Error - 16.12.2012 18:40:41 | Computer Name = OOOOO | Source = DRAWingsApp | ID = 4003
Description = Last exception was unhandled.
 
[ Media Center Events ]
Error - 28.03.2012 17:36:44 | Computer Name = OOOOO | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80070001) PCTV 100e/150e
 WDM TVTuner
 
Error - 16.05.2012 17:00:42 | Computer Name = OOOOO | Source = MCUpdate | ID = 0
Description = 23:00:42 - Directory konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
Error - 16.05.2012 17:04:02 | Computer Name = OOOOO | Source = MCUpdate | ID = 0
Description = 23:04:02 - MCESpotlight konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
Error - 16.05.2012 17:09:43 | Computer Name = OOOOO | Source = MCUpdate | ID = 0
Description = 23:08:03 - Broadband konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
Error - 16.05.2012 17:11:25 | Computer Name = OOOOO | Source = MCUpdate | ID = 0
Description = 23:11:23 - EpgListings konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
[ System Events ]
Error - 23.12.2012 16:43:46 | Computer Name = OOOOO | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 23.12.2012 16:43:46 | Computer Name = OOOOO | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 23.12.2012 21:42:21 | Computer Name = OOOOO | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 25.12.2012 04:20:22 | Computer Name = OOOOO | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 25.12.2012 21:17:05 | Computer Name = OOOOO | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 27.12.2012 02:45:02 | Computer Name = OOOOO | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 27.12.2012 02:45:05 | Computer Name = OOOOO | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 29.12.2012 16:47:15 | Computer Name = OOOOO | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 29.12.2012 16:47:18 | Computer Name = OOOOO | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 29.12.2012 18:27:49 | Computer Name = OOOOO | Source = VDS Basic Provider | ID = 33554433
Description = 
 
 
< End of report >

--- --- ---

t'john · 30.12.2012, 14:03

Bitte das Malwarebytes Logfile posten!
(Reiter Logdateien)

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL
SRV - (Winmgmt) -- C:\Users\xxxxx\wgsdgsdgdsgsd.exe File not found 

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:FB1B13D8 

:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\XXXXX\*.tmp
C:\Users\XXXXX\AppData\Local\Temp\*.exe
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

danach:

3. Schritt
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Spike007 · 30.12.2012, 14:39

Schritt 1

Zitat:

All processes killed
========== OTL ==========
Service Winmgmt stopped successfully!
Service Winmgmt deleted successfully!
File C:\Users\xxxxx\wgsdgsdgdsgsd.exe File not found not found.
ADS C:\ProgramData\Temp:FB1B13D8 deleted successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1} folder moved successfully.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861} folder moved successfully.
C:\ProgramData\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} folder moved successfully.
C:\ProgramData\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\XXXXX\*.tmp not found.
File\Folder C:\Users\XXXXX\AppData\Local\Temp\*.exe not found.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\XXXXX\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\XXXXX\Desktop\cmd.bat deleted successfully.
C:\Users\XXXXX\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: xxxxx
->Temp folder emptied: 111827407 bytes
->Temporary Internet Files folder emptied: 259315522 bytes
->Java cache emptied: 6839407 bytes
->FireFox cache emptied: 432830661 bytes
->Apple Safari cache emptied: 95560704 bytes
->Flash cache emptied: 9884368 bytes

User: XXXXX
->Temp folder emptied: 386615 bytes
->Temporary Internet Files folder emptied: 32810643 bytes
->Flash cache emptied: 57482 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 169950027 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.068,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12302012_142158

Files\Folders moved on Reboot...
C:\Users\XXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8ABLK1R6\ads[7].htm moved successfully.
C:\Users\XXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2DB1FH9B\128838-gvu-trojaner-mich-eiskalt-erwischt[2].htm moved successfully.
C:\Users\XXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\056UEUJI\ads[5].htm moved successfully.
File\Folder C:\Users\XXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\056UEUJI\index[1].htm not found!
C:\Users\XXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\056UEUJI\montsplinks-ctxbab[1].htm moved successfully.
C:\Users\XXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\056UEUJI\rd[1].htm moved successfully.
C:\Users\XXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Schritt 2

Zitat:

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.30.06

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
XXXXX :: OOOOO [administrator]

30.12.2012 14:45:29
mbar-log-2012-12-30 (14-45-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27533
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Schritt 3

Zitat:

# AdwCleaner v2.104 - Datei am 30/12/2012 um 14:56:27 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate (32 bits)
# Benutzer : XXXXX - OOOOO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\XXXXX\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

Gestoppt & Gelöscht : Application Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files\Application Updater
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\Program Files\Common Files\spigot
Ordner Gelöscht : C:\Program Files\pdfforge Toolbar
Ordner Gelöscht : C:\Program Files\vShare.tv plugin
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\xxxxx\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\xxxxx\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\xxxxx\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\xxxxx\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\xxxxx\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\XXXXX\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\XXXXX\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\XXXXX\AppData\LocalLow\Search Settings

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [8358 octets] - [30/12/2012 14:56:27]

########## EOF - C:\AdwCleaner[S1].txt - [8418 octets] ##########

Und jetzt ?
bin ich sauber als das ich mir neue Viren einfangen darf ?

t'john · 31.12.2012, 09:00

Sehr gut!

Wie laeuft der Rechner?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Spike007 · 03.01.2013, 00:41

Malware-Scan mit Emsisoft Anti-Malware

folgt in Kürze ich habe ein platzproblem auf c und er kann das windows update nicht fahren. das ist aber grundlage dafür das er die emisoft installieren kann.

2 weitere Probleme haben sich aufgetan.

ich muss im infizierten zustand beim hochladen von grafiken auf meinen webspace bei strato diesen mit verseucht haben. was zur folge hat das meine dort gehosteten webseiten beim öffnen versuchen genau den gvu trojaner abzusetzen.
hast ne idee das zu beseitigen?

meine frau hat ein wenig gelächelt als ich leidender weise versucht habe meinen pc virenfrei zu bekommen. ihrer ist noch ganz neu und jungfreudig sozusagen. auch noch nicht im vollen umfang viren gesichert.
Richtig meine frau ging auf eine unserer webseiten und hat sich auch den gvu virus eingehandelt. habe noch vor dem ersten booten die antimalware istalliert und laufen lassen.

wäre echt super wenn wir den pc meiner frau auch noch mal durchhecheln könnten.

t'john · 03.01.2013, 04:52

Windows Repair Tool (AIO)

Downloade Windows repair tool
Entpacke das Zip und starte Repair_Windows.exe
Klicke auf Start repairs Tab dann: Start

folgende Punkte auswählen

Register System Files
Repair WMI
Repair Windows Firewall
Repair Windows Updates
Set Windows Services To Default Startup

Auswählen: Restart System When Finished
Dann Start Button klicken.

danach:

Alles Windows Updates einspielen, inkl. Service Pack!

Zitat:

wäre echt super wenn wir den pc meiner frau auch noch mal durchhecheln könnten.

Bitte neues Thema dafuer erstellen! Nur ein Rechner pro Thema.

t'john · 02.03.2013, 11:07

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

GVU Trojaner.. auch mich eiskalt erwischt.

Log-Analyse und Auswertung: GVU Trojaner.. auch mich eiskalt erwischt.