Malwarebytes findet 18 infizierte Dateien

nicej · 14.01.2013, 18:53

Hallo,

Malwarebytes hat 18 infizierte Dateien auf meinen Laptop gefunden. Anschließend habe ich die 3 Schritte durchgeführt, die ihr verlangt. Anbei die geforderten Logdateien. Die Logfiles von OTL und GMER habe ich angehängt, da die Fehlermeldung auftauchte, der Text sei zu lang.

Ich würde mich freuen, wenn ihr mir helfen könnt meinen Laptop wieder sauber zu bekommen. Vielen Dank im Voraus für Eure Hilfe.

Gruss
Jürgen

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
volkyleo :: VOLKYLEO-HP [Administrator]

Schutz: Aktiviert

12.01.2013 14:08:21
mbam-log-2013-01-12 (14-08-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207959
Laufzeit: 6 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=89e2381d-2342-11e1-93d8-1cc1deb35165) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:32 on 12/01/2013 (volkyleo)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

markusg · 14.01.2013, 19:42

hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

nicej · 14.01.2013, 21:33

Hallo Markus,

danke für die schnelle Hilfe.
Anbei die Logfile.

Code:

ATTFilter

21:22:39.0612 2220  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:22:40.0064 2220  ============================================================
21:22:40.0064 2220  Current date / time: 2013/01/14 21:22:40.0064
21:22:40.0064 2220  SystemInfo:
21:22:40.0064 2220  
21:22:40.0064 2220  OS Version: 6.1.7601 ServicePack: 1.0
21:22:40.0064 2220  Product type: Workstation
21:22:40.0064 2220  ComputerName: VOLKYLEO-HP
21:22:40.0064 2220  UserName: volkyleo
21:22:40.0064 2220  Windows directory: C:\windows
21:22:40.0064 2220  System windows directory: C:\windows
21:22:40.0064 2220  Running under WOW64
21:22:40.0064 2220  Processor architecture: Intel x64
21:22:40.0064 2220  Number of processors: 1
21:22:40.0064 2220  Page size: 0x1000
21:22:40.0064 2220  Boot type: Normal boot
21:22:40.0064 2220  ============================================================
21:22:42.0046 2220  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:22:42.0046 2220  ============================================================
21:22:42.0046 2220  \Device\Harddisk0\DR0:
21:22:42.0046 2220  MBR partitions:
21:22:42.0046 2220  Initialize success
21:22:42.0046 2220  ============================================================
21:22:49.0003 3972  ============================================================
21:22:49.0003 3972  Scan started
21:22:49.0003 3972  Mode: Manual; SigCheck; TDLFS; 
21:22:49.0003 3972  ============================================================
21:22:49.0081 3972  ================ Scan system memory ========================
21:22:49.0081 3972  System memory - ok
21:22:49.0081 3972  ================ Scan services =============================
21:22:49.0128 3972  1394ohci - ok
21:22:49.0144 3972  a2acc - ok
21:22:49.0159 3972  a2AntiMalware - ok
21:22:49.0159 3972  A2DDA - ok
21:22:49.0190 3972  a2injectiondriver - ok
21:22:49.0190 3972  a2util - ok
21:22:49.0206 3972  ACPI - ok
21:22:49.0206 3972  AcpiPmi - ok
21:22:49.0237 3972  AdobeARMservice - ok
21:22:49.0268 3972  AdobeFlashPlayerUpdateSvc - ok
21:22:49.0284 3972  adp94xx - ok
21:22:49.0284 3972  adpahci - ok
21:22:49.0300 3972  adpu320 - ok
21:22:49.0300 3972  AeLookupSvc - ok
21:22:49.0315 3972  AESTFilters - ok
21:22:49.0331 3972  AFD - ok
21:22:49.0331 3972  agp440 - ok
21:22:49.0346 3972  ALG - ok
21:22:49.0346 3972  aliide - ok
21:22:49.0362 3972  AMD External Events Utility - ok
21:22:49.0378 3972  amdide - ok
21:22:49.0378 3972  AmdK8 - ok
21:22:49.0393 3972  amdkmdag - ok
21:22:49.0393 3972  amdkmdap - ok
21:22:49.0424 3972  AmdPPM - ok
21:22:49.0424 3972  amdsata - ok
21:22:49.0440 3972  amdsbs - ok
21:22:49.0440 3972  amdxata - ok
21:22:49.0471 3972  AntiVirSchedulerService - ok
21:22:49.0487 3972  AntiVirService - ok
21:22:49.0502 3972  AppID - ok
21:22:49.0502 3972  AppIDSvc - ok
21:22:49.0549 3972  Appinfo - ok
21:22:49.0565 3972  arc - ok
21:22:49.0580 3972  arcsas - ok
21:22:49.0596 3972  AsyncMac - ok
21:22:49.0596 3972  atapi - ok
21:22:49.0612 3972  AtiHdmiService - ok
21:22:49.0627 3972  AtiPcie - ok
21:22:49.0627 3972  AudioEndpointBuilder - ok
21:22:49.0643 3972  AudioSrv - ok
21:22:49.0643 3972  avgntflt - ok
21:22:49.0658 3972  avipbb - ok
21:22:49.0658 3972  avkmgr - ok
21:22:49.0674 3972  AxInstSV - ok
21:22:49.0690 3972  b06bdrv - ok
21:22:49.0690 3972  b57nd60a - ok
21:22:49.0705 3972  BCM43XX - ok
21:22:49.0721 3972  BDESVC - ok
21:22:49.0736 3972  Beep - ok
21:22:49.0752 3972  BFE - ok
21:22:49.0768 3972  BITS - ok
21:22:49.0768 3972  blbdrive - ok
21:22:49.0783 3972  bowser - ok
21:22:49.0799 3972  BrFiltLo - ok
21:22:49.0799 3972  BrFiltUp - ok
21:22:49.0814 3972  Browser - ok
21:22:49.0814 3972  Brserid - ok
21:22:49.0830 3972  BrSerWdm - ok
21:22:49.0830 3972  BrUsbMdm - ok
21:22:49.0846 3972  BrUsbSer - ok
21:22:49.0861 3972  BthEnum - ok
21:22:49.0861 3972  BTHMODEM - ok
21:22:49.0877 3972  BthPan - ok
21:22:49.0877 3972  BTHPORT - ok
21:22:49.0892 3972  bthserv - ok
21:22:49.0892 3972  BTHUSB - ok
21:22:49.0908 3972  btwampfl - ok
21:22:49.0939 3972  btwaudio - ok
21:22:49.0955 3972  btwavdt - ok
21:22:49.0955 3972  btwdins - ok
21:22:49.0970 3972  btwl2cap - ok
21:22:49.0970 3972  btwrchid - ok
21:22:49.0986 3972  cdfs - ok
21:22:50.0002 3972  cdrom - ok
21:22:50.0002 3972  CertPropSvc - ok
21:22:50.0017 3972  circlass - ok
21:22:50.0017 3972  CLFS - ok
21:22:50.0033 3972  clr_optimization_v2.0.50727_32 - ok
21:22:50.0033 3972  clr_optimization_v2.0.50727_64 - ok
21:22:50.0111 3972  clr_optimization_v4.0.30319_32 - ok
21:22:50.0126 3972  clr_optimization_v4.0.30319_64 - ok
21:22:50.0142 3972  CmBatt - ok
21:22:50.0158 3972  cmdide - ok
21:22:50.0189 3972  cmnsusbser - ok
21:22:50.0204 3972  CNG - ok
21:22:50.0204 3972  Compbatt - ok
21:22:50.0220 3972  CompositeBus - ok
21:22:50.0236 3972  COMSysApp - ok
21:22:50.0236 3972  crcdisk - ok
21:22:50.0251 3972  CryptSvc - ok
21:22:50.0267 3972  cvhsvc - ok
21:22:50.0267 3972  DcomLaunch - ok
21:22:50.0282 3972  defragsvc - ok
21:22:50.0298 3972  DfsC - ok
21:22:50.0298 3972  Dhcp - ok
21:22:50.0314 3972  discache - ok
21:22:50.0329 3972  Disk - ok
21:22:50.0345 3972  Dnscache - ok
21:22:50.0345 3972  dot3svc - ok
21:22:50.0360 3972  DPS - ok
21:22:50.0360 3972  drmkaud - ok
21:22:50.0376 3972  DXGKrnl - ok
21:22:50.0392 3972  EapHost - ok
21:22:50.0392 3972  ebdrv - ok
21:22:50.0407 3972  EFS - ok
21:22:50.0407 3972  ehRecvr - ok
21:22:50.0423 3972  ehSched - ok
21:22:50.0423 3972  elxstor - ok
21:22:50.0438 3972  ErrDev - ok
21:22:50.0454 3972  EventSystem - ok
21:22:50.0454 3972  exfat - ok
21:22:50.0470 3972  fastfat - ok
21:22:50.0485 3972  Fax - ok
21:22:50.0485 3972  fdc - ok
21:22:50.0501 3972  fdPHost - ok
21:22:50.0501 3972  FDResPub - ok
21:22:50.0516 3972  FileInfo - ok
21:22:50.0516 3972  Filetrace - ok
21:22:50.0532 3972  flpydisk - ok
21:22:50.0548 3972  FltMgr - ok
21:22:50.0548 3972  FontCache - ok
21:22:50.0563 3972  FontCache3.0.0.0 - ok
21:22:50.0563 3972  FsDepends - ok
21:22:50.0579 3972  Fs_Rec - ok
21:22:50.0579 3972  fvevol - ok
21:22:50.0594 3972  gagp30kx - ok
21:22:50.0594 3972  gpsvc - ok
21:22:50.0610 3972  hcw85cir - ok
21:22:50.0626 3972  HdAudAddService - ok
21:22:50.0626 3972  HDAudBus - ok
21:22:50.0641 3972  HidBatt - ok
21:22:50.0657 3972  HidBth - ok
21:22:50.0657 3972  HidIr - ok
21:22:50.0672 3972  hidserv - ok
21:22:50.0672 3972  HidUsb - ok
21:22:50.0688 3972  hkmsvc - ok
21:22:50.0688 3972  HomeGroupListener - ok
21:22:50.0704 3972  HomeGroupProvider - ok
21:22:50.0704 3972  HP Support Assistant Service - ok
21:22:50.0750 3972  HP Wireless Assistant Service - ok
21:22:50.0766 3972  HPDrvMntSvc.exe - ok
21:22:50.0766 3972  hpHotkeyMonitor - ok
21:22:50.0782 3972  HpqKbFiltr - ok
21:22:50.0797 3972  hpqwmiex - ok
21:22:50.0813 3972  HpSAMD - ok
21:22:50.0813 3972  HTTP - ok
21:22:50.0828 3972  hwdatacard - ok
21:22:50.0828 3972  hwpolicy - ok
21:22:50.0844 3972  i8042prt - ok
21:22:50.0844 3972  iaStorV - ok
21:22:50.0860 3972  idsvc - ok
21:22:50.0875 3972  iirsp - ok
21:22:50.0875 3972  IKEEXT - ok
21:22:50.0891 3972  intelide - ok
21:22:50.0906 3972  intelppm - ok
21:22:50.0906 3972  IPBusEnum - ok
21:22:50.0922 3972  IpFilterDriver - ok
21:22:50.0922 3972  iphlpsvc - ok
21:22:50.0938 3972  IPMIDRV - ok
21:22:50.0953 3972  IPNAT - ok
21:22:50.0953 3972  IRENUM - ok
21:22:50.0969 3972  isapnp - ok
21:22:50.0969 3972  iScsiPrt - ok
21:22:50.0984 3972  kbdclass - ok
21:22:50.0984 3972  kbdhid - ok
21:22:51.0000 3972  KeyIso - ok
21:22:51.0000 3972  KSecDD - ok
21:22:51.0016 3972  KSecPkg - ok
21:22:51.0031 3972  ksthunk - ok
21:22:51.0031 3972  KtmRm - ok
21:22:51.0047 3972  LanmanServer - ok
21:22:51.0047 3972  LanmanWorkstation - ok
21:22:51.0062 3972  lltdio - ok
21:22:51.0078 3972  lltdsvc - ok
21:22:51.0078 3972  lmhosts - ok
21:22:51.0094 3972  LSI_FC - ok
21:22:51.0109 3972  LSI_SAS - ok
21:22:51.0109 3972  LSI_SAS2 - ok
21:22:51.0125 3972  LSI_SCSI - ok
21:22:51.0125 3972  luafv - ok
21:22:51.0172 3972  MBAMProtector - ok
21:22:51.0187 3972  MBAMScheduler - ok
21:22:51.0187 3972  MBAMService - ok
21:22:51.0203 3972  Mcx2Svc - ok
21:22:51.0203 3972  megasas - ok
21:22:51.0218 3972  MegaSR - ok
21:22:51.0218 3972  MMCSS - ok
21:22:51.0234 3972  Modem - ok
21:22:51.0250 3972  monitor - ok
21:22:51.0265 3972  mouclass - ok
21:22:51.0265 3972  mouhid - ok
21:22:51.0281 3972  mountmgr - ok
21:22:51.0281 3972  MozillaMaintenance - ok
21:22:51.0296 3972  mpio - ok
21:22:51.0312 3972  mpsdrv - ok
21:22:51.0312 3972  MpsSvc - ok
21:22:51.0328 3972  MRxDAV - ok
21:22:51.0328 3972  mrxsmb - ok
21:22:51.0343 3972  mrxsmb10 - ok
21:22:51.0343 3972  mrxsmb20 - ok
21:22:51.0359 3972  msahci - ok
21:22:51.0359 3972  msdsm - ok
21:22:51.0374 3972  MSDTC - ok
21:22:51.0390 3972  Msfs - ok
21:22:51.0406 3972  mshidkmdf - ok
21:22:51.0421 3972  msisadrv - ok
21:22:51.0421 3972  MSiSCSI - ok
21:22:51.0437 3972  msiserver - ok
21:22:51.0452 3972  MSKSSRV - ok
21:22:51.0452 3972  MSPCLOCK - ok
21:22:51.0468 3972  MSPQM - ok
21:22:51.0484 3972  MsRPC - ok
21:22:51.0484 3972  mssmbios - ok
21:22:51.0499 3972  MSTEE - ok
21:22:51.0499 3972  MTConfig - ok
21:22:51.0515 3972  Mup - ok
21:22:51.0530 3972  napagent - ok
21:22:51.0546 3972  NativeWifiP - ok
21:22:51.0562 3972  NDIS - ok
21:22:51.0562 3972  NdisCap - ok
21:22:51.0577 3972  NdisTapi - ok
21:22:51.0577 3972  Ndisuio - ok
21:22:51.0593 3972  NdisWan - ok
21:22:51.0608 3972  NDProxy - ok
21:22:51.0608 3972  NetBIOS - ok
21:22:51.0624 3972  NetBT - ok
21:22:51.0624 3972  Netlogon - ok
21:22:51.0640 3972  Netman - ok
21:22:51.0640 3972  netprofm - ok
21:22:51.0655 3972  NetTcpPortSharing - ok
21:22:51.0671 3972  nfrd960 - ok
21:22:51.0671 3972  NlaSvc - ok
21:22:51.0686 3972  Npfs - ok
21:22:51.0686 3972  nsi - ok
21:22:51.0702 3972  nsiproxy - ok
21:22:51.0718 3972  Ntfs - ok
21:22:51.0718 3972  Null - ok
21:22:51.0733 3972  nvraid - ok
21:22:51.0733 3972  nvstor - ok
21:22:51.0764 3972  nv_agp - ok
21:22:51.0780 3972  ohci1394 - ok
21:22:51.0796 3972  ose - ok
21:22:51.0811 3972  osppsvc - ok
21:22:51.0827 3972  p2pimsvc - ok
21:22:51.0827 3972  p2psvc - ok
21:22:51.0842 3972  Parport - ok
21:22:51.0858 3972  partmgr - ok
21:22:51.0858 3972  PcaSvc - ok
21:22:51.0874 3972  pci - ok
21:22:51.0874 3972  pciide - ok
21:22:51.0889 3972  pcmcia - ok
21:22:51.0889 3972  pcw - ok
21:22:51.0905 3972  PEAUTH - ok
21:22:51.0920 3972  PerfHost - ok
21:22:51.0936 3972  pla - ok
21:22:51.0967 3972  PlugPlay - ok
21:22:51.0967 3972  PNRPAutoReg - ok
21:22:51.0983 3972  PNRPsvc - ok
21:22:51.0983 3972  PolicyAgent - ok
21:22:51.0998 3972  Power - ok
21:22:52.0014 3972  PptpMiniport - ok
21:22:52.0014 3972  Processor - ok
21:22:52.0030 3972  ProfSvc - ok
21:22:52.0045 3972  ProtectedStorage - ok
21:22:52.0045 3972  Psched - ok
21:22:52.0061 3972  ql2300 - ok
21:22:52.0061 3972  ql40xx - ok
21:22:52.0076 3972  QWAVE - ok
21:22:52.0076 3972  QWAVEdrv - ok
21:22:52.0092 3972  RasAcd - ok
21:22:52.0092 3972  RasAgileVpn - ok
21:22:52.0108 3972  RasAuto - ok
21:22:52.0123 3972  Rasl2tp - ok
21:22:52.0139 3972  RasMan - ok
21:22:52.0154 3972  RasPppoe - ok
21:22:52.0154 3972  RasSstp - ok
21:22:52.0170 3972  rdbss - ok
21:22:52.0186 3972  rdpbus - ok
21:22:52.0186 3972  RDPCDD - ok
21:22:52.0201 3972  RDPENCDD - ok
21:22:52.0217 3972  RDPREFMP - ok
21:22:52.0232 3972  RdpVideoMiniport - ok
21:22:52.0232 3972  RDPWD - ok
21:22:52.0248 3972  rdyboost - ok
21:22:52.0248 3972  RemoteAccess - ok
21:22:52.0264 3972  RemoteRegistry - ok
21:22:52.0295 3972  RFCOMM - ok
21:22:52.0310 3972  RpcEptMapper - ok
21:22:52.0310 3972  RpcLocator - ok
21:22:52.0326 3972  RpcSs - ok
21:22:52.0326 3972  rspndr - ok
21:22:52.0342 3972  RTL8167 - ok
21:22:52.0342 3972  rtsuvc - ok
21:22:52.0357 3972  SamSs - ok
21:22:52.0373 3972  sbp2port - ok
21:22:52.0373 3972  SCardSvr - ok
21:22:52.0388 3972  scfilter - ok
21:22:52.0388 3972  Schedule - ok
21:22:52.0404 3972  SCPolicySvc - ok
21:22:52.0404 3972  sdbus - ok
21:22:52.0420 3972  SDRSVC - ok
21:22:52.0420 3972  secdrv - ok
21:22:52.0435 3972  seclogon - ok
21:22:52.0451 3972  SENS - ok
21:22:52.0451 3972  SensrSvc - ok
21:22:52.0466 3972  Serenum - ok
21:22:52.0466 3972  Serial - ok
21:22:52.0482 3972  sermouse - ok
21:22:52.0498 3972  SessionEnv - ok
21:22:52.0513 3972  sffdisk - ok
21:22:52.0513 3972  sffp_mmc - ok
21:22:52.0529 3972  sffp_sd - ok
21:22:52.0529 3972  sfloppy - ok
21:22:52.0544 3972  Sftfs - ok
21:22:52.0560 3972  sftlist - ok
21:22:52.0576 3972  Sftplay - ok
21:22:52.0576 3972  Sftredir - ok
21:22:52.0591 3972  Sftvol - ok
21:22:52.0591 3972  sftvsa - ok
21:22:52.0607 3972  SharedAccess - ok
21:22:52.0607 3972  ShellHWDetection - ok
21:22:52.0638 3972  SiSRaid2 - ok
21:22:52.0638 3972  SiSRaid4 - ok
21:22:52.0654 3972  SkypeUpdate - ok
21:22:52.0654 3972  Smb - ok
21:22:52.0669 3972  SNMPTRAP - ok
21:22:52.0685 3972  spldr - ok
21:22:52.0700 3972  Spooler - ok
21:22:52.0700 3972  sppsvc - ok
21:22:52.0716 3972  sppuinotify - ok
21:22:52.0716 3972  srv - ok
21:22:52.0732 3972  srv2 - ok
21:22:52.0732 3972  srvnet - ok
21:22:52.0747 3972  SSDPSRV - ok
21:22:52.0763 3972  SstpSvc - ok
21:22:52.0794 3972  STacSV - ok
21:22:52.0794 3972  stexstor - ok
21:22:52.0810 3972  STHDA - ok
21:22:52.0810 3972  stisvc - ok
21:22:52.0825 3972  swenum - ok
21:22:52.0841 3972  swprv - ok
21:22:52.0888 3972  SynTP - ok
21:22:52.0888 3972  SysMain - ok
21:22:52.0903 3972  TabletInputService - ok
21:22:52.0903 3972  TapiSrv - ok
21:22:52.0919 3972  TBS - ok
21:22:52.0919 3972  Tcpip - ok
21:22:52.0966 3972  TCPIP6 - ok
21:22:52.0981 3972  tcpipreg - ok
21:22:52.0997 3972  TDPIPE - ok
21:22:52.0997 3972  TDTCP - ok
21:22:53.0028 3972  tdx - ok
21:22:53.0028 3972  TermDD - ok
21:22:53.0044 3972  TermService - ok
21:22:53.0044 3972  Themes - ok
21:22:53.0059 3972  THREADORDER - ok
21:22:53.0090 3972  TPM - ok
21:22:53.0106 3972  TrkWks - ok
21:22:53.0122 3972  TrustedInstaller - ok
21:22:53.0137 3972  tssecsrv - ok
21:22:53.0137 3972  TsUsbFlt - ok
21:22:53.0153 3972  tunnel - ok
21:22:53.0168 3972  uagp35 - ok
21:22:53.0168 3972  udfs - ok
21:22:53.0184 3972  UI0Detect - ok
21:22:53.0200 3972  uliagpkx - ok
21:22:53.0215 3972  umbus - ok
21:22:53.0215 3972  UmPass - ok
21:22:53.0231 3972  upnphost - ok
21:22:53.0231 3972  usbccgp - ok
21:22:53.0246 3972  usbcir - ok
21:22:53.0246 3972  usbehci - ok
21:22:53.0262 3972  usbhub - ok
21:22:53.0278 3972  usbohci - ok
21:22:53.0278 3972  usbprint - ok
21:22:53.0293 3972  USBSTOR - ok
21:22:53.0293 3972  usbuhci - ok
21:22:53.0324 3972  usbvideo - ok
21:22:53.0340 3972  UxSms - ok
21:22:53.0340 3972  VaultSvc - ok
21:22:53.0356 3972  vdrvroot - ok
21:22:53.0371 3972  vds - ok
21:22:53.0387 3972  vga - ok
21:22:53.0387 3972  VgaSave - ok
21:22:53.0402 3972  vhdmp - ok
21:22:53.0402 3972  viaide - ok
21:22:53.0418 3972  volmgr - ok
21:22:53.0418 3972  volmgrx - ok
21:22:53.0434 3972  volsnap - ok
21:22:53.0434 3972  vsmraid - ok
21:22:53.0449 3972  VSS - ok
21:22:53.0465 3972  vwifibus - ok
21:22:53.0465 3972  vwififlt - ok
21:22:53.0480 3972  W32Time - ok
21:22:53.0496 3972  WacomPen - ok
21:22:53.0496 3972  WANARP - ok
21:22:53.0512 3972  Wanarpv6 - ok
21:22:53.0512 3972  wbengine - ok
21:22:53.0527 3972  WbioSrvc - ok
21:22:53.0543 3972  wcncsvc - ok
21:22:53.0543 3972  WcsPlugInService - ok
21:22:53.0558 3972  Wd - ok
21:22:53.0558 3972  Wdf01000 - ok
21:22:53.0574 3972  WdiServiceHost - ok
21:22:53.0574 3972  WdiSystemHost - ok
21:22:53.0590 3972  WebClient - ok
21:22:53.0590 3972  Wecsvc - ok
21:22:53.0605 3972  wercplsupport - ok
21:22:53.0636 3972  WerSvc - ok
21:22:53.0636 3972  WfpLwf - ok
21:22:53.0652 3972  WIMMount - ok
21:22:53.0668 3972  WinDefend - ok
21:22:53.0668 3972  WinHttpAutoProxySvc - ok
21:22:53.0683 3972  Winmgmt - ok
21:22:53.0699 3972  WinRM - ok
21:22:53.0730 3972  WinUsb - ok
21:22:53.0746 3972  Wlansvc - ok
21:22:53.0746 3972  wlidsvc - ok
21:22:53.0761 3972  WmiAcpi - ok
21:22:53.0777 3972  wmiApSrv - ok
21:22:53.0777 3972  WMPNetworkSvc - ok
21:22:53.0792 3972  WPCSvc - ok
21:22:53.0792 3972  WPDBusEnum - ok
21:22:53.0808 3972  ws2ifsl - ok
21:22:53.0824 3972  wscsvc - ok
21:22:53.0824 3972  WSearch - ok
21:22:53.0855 3972  WTGService - ok
21:22:53.0870 3972  wuauserv - ok
21:22:53.0886 3972  WudfPf - ok
21:22:53.0886 3972  WUDFRd - ok
21:22:53.0902 3972  wudfsvc - ok
21:22:53.0902 3972  WwanSvc - ok
21:22:53.0933 3972  XS Stick Service - ok
21:22:53.0948 3972  ================ Scan global ===============================
21:22:53.0964 3972  [Global] - ok
21:22:53.0980 3972  ================ Scan MBR ==================================
21:22:53.0980 3972  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:22:54.0448 3972  \Device\Harddisk0\DR0 - ok
21:22:54.0448 3972  ================ Scan VBR ==================================
21:22:54.0448 3972  ============================================================
21:22:54.0448 3972  Scan finished
21:22:54.0448 3972  ============================================================
21:22:54.0479 1948  Detected object count: 0
21:22:54.0479 1948  Actual detected object count: 0

markusg · 15.01.2013, 21:16

hi
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

nicej · 15.01.2013, 23:47

Hallo Markus,

anbei die Logfile von ComboFix.
Zu deiner Info: ich habe in der Zwischenzeit folgende Änderungen an meinem Rechner vorgenommen:
1. Avira durch Emsisoft ausgetauscht
2. Alle Änderungen durchgeführt, die in deinem Leitfaden http://www.trojaner-board.de/96344-a...-rechners.html sind.
3. Zusätzlich noch deine Checkliste abgearbeitet:
- instalieren von optionalen und wichtigen updates.
- konfigurieren von windows updates.
- dep für alle prozesse aktivieren. (das habe ich nicht gemacht, wie macht man das?)
- sehop aktivieren.
- chrome instalieren. und auch alle von dir empfohlenen Adons
- sandboxie instalieren.
- autorun deaktivieren.
- panda vaccine instalieren.
- secunia instalieren.
- file hippo instalieren.

Ich hoffe diese Änderungen waren nicht zu früh ...

Code:

ATTFilter

ComboFix 13-01-15.02 - volkyleo 15.01.2013  23:21:53.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1789.1001 [GMT 1:00]
ausgeführt von:: c:\users\Juergen_Zock\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\51439337AF.sys
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-15 bis 2013-01-15  ))))))))))))))))))))))))))))))
.
.
2013-01-15 22:30 . 2013-01-15 22:30	--------	d-----w-	c:\users\volkyleo\AppData\Local\temp
2013-01-15 22:30 . 2013-01-15 22:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-15 14:32 . 2013-01-15 14:32	--------	d-----r-	C:\Sandbox
2013-01-15 14:29 . 2013-01-15 14:29	--------	d-----w-	c:\program files\Sandboxie
2013-01-15 14:22 . 2013-01-15 14:22	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7545AEA-94D5-4C9B-84AB-06094C9EDC5B}\offreg.dll
2013-01-15 13:30 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7545AEA-94D5-4C9B-84AB-06094C9EDC5B}\mpengine.dll
2013-01-15 00:05 . 2013-01-15 00:05	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-01-14 23:55 . 2013-01-14 23:55	--------	d-----w-	c:\program files\VideoLAN
2013-01-14 23:47 . 2013-01-14 23:49	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-01-14 23:33 . 2013-01-14 23:33	--------	d-----w-	c:\program files (x86)\FileHippo.com
2013-01-14 23:09 . 2013-01-14 23:09	--------	d-----w-	c:\users\volkyleo\AppData\Local\Secunia PSI
2013-01-14 23:08 . 2013-01-14 23:08	--------	d-----w-	c:\program files (x86)\Secunia
2013-01-14 23:04 . 2013-01-14 23:04	--------	d-----w-	c:\programdata\Panda Security
2013-01-14 23:04 . 2013-01-14 23:04	--------	d-----w-	c:\program files (x86)\Panda USB Vaccine
2013-01-14 22:50 . 2013-01-15 14:24	--------	d-----w-	c:\program files (x86)\Google
2013-01-14 22:40 . 2013-01-14 22:41	--------	d-----w-	c:\users\Juergen_Zock
2013-01-14 19:25 . 2013-01-15 22:17	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2013-01-14 17:45 . 2013-01-14 17:45	--------	d-----w-	c:\program files (x86)\7-Zip
2013-01-12 13:38 . 2013-01-12 13:38	--------	d-----w-	c:\programdata\Microsoft Help
2013-01-12 13:38 . 2013-01-12 13:38	--------	d-----w-	c:\users\volkyleo\AppData\Local\Microsoft Help
2013-01-12 13:06 . 2013-01-12 13:06	--------	d-----w-	c:\users\volkyleo\AppData\Roaming\Malwarebytes
2013-01-12 13:06 . 2013-01-12 13:06	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-11 23:34 . 2013-01-11 23:43	--------	d-----w-	c:\users\volkyleo\AppData\Local\FullTiltPoker
2013-01-11 23:33 . 2013-01-15 22:12	--------	d-----w-	c:\program files (x86)\Full Tilt Poker
2013-01-10 22:49 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-10 22:49 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-10 22:47 . 2012-11-30 05:41	424448	----a-w-	c:\windows\system32\KernelBase.dll
2013-01-10 22:46 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-01-10 22:46 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-20 22:04 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-20 22:04 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-20 22:04 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-20 22:04 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 22:58 . 2011-03-09 11:19	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-10 22:44 . 2012-04-05 17:11	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-10 22:44 . 2011-05-14 07:25	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-30 04:45 . 2013-01-10 22:47	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-21 11:29 . 2012-11-21 11:30	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-21 11:29 . 2012-11-21 11:30	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-14 07:06 . 2012-12-12 22:20	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 22:20	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 22:21	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 22:21	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 22:21	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 22:21	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 22:21	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 22:21	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 22:21	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 22:21	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 22:21	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 22:21	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 22:21	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 22:21	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 22:21	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 22:21	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 22:21	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 22:21	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 22:21	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 22:21	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 22:21	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 22:21	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 20:39	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 20:39	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 20:39	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 20:39	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"VMCL"="c:\program files (x86)\vodafone\vmclite\DongleEnumerator.exe" [2007-11-07 131072]
"Facebook Update"="c:\users\volkyleo\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-10-01 256056]
"VodafoneVMCLiteLauncher"="c:\program files (x86)\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe" [2007-11-07 102400]
"starter4g"="c:\windows\starter4g.exe" [2010-04-30 160424]
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2012-10-17 3364264]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-11-28 117888]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-12-12 3084688]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-03-12 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 203264]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-10-01 280120]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2010-04-12 329168]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-30 145064]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2010-05-21 03:06 96384]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - SBIEDRV
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-15 14:24	1606760	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:44]
.
2013-01-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-837282745-396279724-2516890348-1001Core.job
- c:\users\volkyleo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-24 12:18]
.
2013-01-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-837282745-396279724-2516890348-1001UA.job
- c:\users\volkyleo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-24 12:18]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-15 14:23]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-15 14:23]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837282745-396279724-2516890348-1001Core.job
- c:\users\volkyleo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 15:19]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837282745-396279724-2516890348-1001UA.job
- c:\users\volkyleo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 15:19]
.
2013-01-01 c:\windows\Tasks\HPCeeScheduleForvolkyleo.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-12 489472]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-15  23:34:49
ComboFix-quarantined-files.txt  2013-01-15 22:34
.
Vor Suchlauf: 12 Verzeichnis(se), 31.768.559.616 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 32.405.229.568 Bytes frei
.
- - End Of File - - 9BAB5840691E3FF4030F24F2A15D8FF3

Gruss
Jürgen

markusg · 16.01.2013, 18:55

eig schon, aber nu ists ja auch wurscht :-)
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

nicej · 18.01.2013, 00:12

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
volkyleo :: VOLKYLEO-HP [Administrator]

Schutz: Deaktiviert

17.01.2013 23:06:09
mbam-log-2013-01-17 (23-06-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 399739
Laufzeit: 1 Stunde(n), 3 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg · 18.01.2013, 18:41

sieht gut aus
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

nicej · 18.01.2013, 23:12

Code:

ATTFilter

benötigt 7-Zip 9.20		14.01.2013		
unbekannt Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	09.01.2013	6,00 MB	11.5.502.146
unbekannt Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	10.01.2013	6,00 MB	11.5.502.146
benötigt Adobe Reader XI (11.0.01)	Adobe Systems Incorporated	15.01.2013	125 MB	11.0.01
unnötig Akamai NetSession Interface	Akamai Technologies, Inc	15.01.2013		
unbekannt ATI Catalyst Install Manager	ATI Technologies, Inc.	13.10.2010	22,3 MB	3.0.778.0
benötigt BitTorrent	BitTorrent Inc.	11.01.2013		7.7.3.28706
benötigt Broadcom 2070 Bluetooth 3.0	Broadcom Corporation	13.10.2010	183 MB	6.3.0.6300
Benötigt Broadcom 802.11 Wireless LAN Adapter	Broadcom Corporation	13.10.2010		5.60.350.6
unbekannt CCleaner	Piriform	19.12.2012		3.26
benötigt Emsisoft Anti-Malware	Emsisoft GmbH	14.01.2013	286 MB	7.0
benötigt eXtreme Gammon	GameSite 2000, Ltd.	23.05.2011	27,2 MB	1.21
benötigt eXtreme Gammon 2	GameSite 2000, Ltd.	24.02.2012	39,2 MB	2.02
benötigt FileHippo.com Update Checker		15.01.2013		
benötigt Full Tilt Poker		11.12.2012		4.48.2.WIN.FullTilt.COM
benötigt GNU Backgammon (MAIN branch, 20110310 code)	Free Software Foundation	11.03.2011	47,6 MB	
benötigt Google Chrome	Google Inc.	15.01.2013		24.0.1312.52
unbekannt HP Advisor	Hewlett-Packard	08.09.2010	53,9 MB	3.4.10262.3295
unbekannt HP Documentation	Hewlett-Packard	08.09.2010	883 MB	1.5.1.0
unbekannt HP ESU for Microsoft Windows 7	Hewlett-Packard Company	05.09.2011	15,0 MB	1.1.8.1
unbekannt HP HotKey Support	Hewlett-Packard Company	26.03.2011	11,6 MB	4.0.3.1
unbekannt HP Setup	Hewlett-Packard Company	08.09.2010		8.2.4130.3367
unbekannt HP SoftPaq Download Manager	Hewlett-Packard Company	08.09.2010	14,3 MB	3.0.5.0
unbekannt HP Software Framework	Hewlett-Packard Company	12.03.2012	4,74 MB	4.1.13.1
unbekannt HP Software Setup	Hewlett-Packard Company	08.09.2010	11,7 MB	7.0.1.6
unbekannt HP Support Assistant	Hewlett-Packard Company	25.11.2012	91,5 MB	7.0.39.15
unbekannt HP Webcam	Roxio	16.04.2011	9,76 MB	1.0.25.0
unbekannt HP Webcam Driver	Realtek Semiconductor Corp.	13.10.2010		6.1.7600.0049
unbekannt HP Wireless Assistant	Hewlett-Packard	08.09.2010	5,59 MB	4.0.6.0
unbekannt IDT Audio	IDT	12.03.2012		1.0.6300.0
unbekannt K-Lite Mega Codec Pack 9.3.0		21.10.2012	95,1 MB	9.3.0
unbekannt Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	17.01.2013	18,4 MB	1.70.0.1100
unbekannt Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	11.03.2011	38,8 MB	4.0.30319
unnötig Microsoft Office 2010	Microsoft Corporation	08.09.2010	6,31 MB	14.0.4763.1000
unnötig Microsoft Office Klick-und-Los 2010	Microsoft Corporation	15.06.2011		14.0.4763.1000 
unnötig Microsoft Office Starter 2010 - Deutsch	Microsoft Corporation	15.06.2011		14.0.4763.1000 
unbekannt Microsoft Silverlight	Microsoft Corporation	13.05.2012	140 MB	4.1.10329.0
unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	10.03.2011	260 KB	8.0.50727.4053
unbekannt Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	08.09.2010	708 KB	8.0.61000
unbekannt Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	18.04.2011	580 KB	8.0.51011
unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	18.04.2011	790 KB	9.0.30729.5570
unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	18.04.2011	598 KB	9.0.30729.5570
unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	08.09.2010	788 KB	9.0.30729
unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	13.10.2010	788 KB	9.0.30729.4148
unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	16.06.2011	788 KB	9.0.30729.6161
unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	09.03.2011	596 KB	9.0.30729.4148
unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	600 KB	9.0.30729.6161
unbekannt Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	04.11.2011	12,2 MB	10.0.40219
unbekannt Mozilla Maintenance Service	Mozilla	15.01.2013	330 KB	17.0.2
benötigt Mozilla Thunderbird 17.0.2 (x86 de)	Mozilla	15.01.2013	43,3 MB	17.0.2
benötigt OpenOffice.org 3.4.1	Apache Software Foundation	21.11.2012	331 MB	3.41.9593
benötigt Panda USB Vaccine 1.0.1.4	Panda Security	15.01.2013		
benötigt PokerStars	PokerStars	10.12.2011		
benötigt Realtek Ethernet Controller All-In-One Windows Driver	Realtek	08.09.2010		1.12.0011
benötigt Sandboxie 3.76 (64-bit)	SANDBOXIE L.T.D	15.01.2013		3.76
benötigt Secunia PSI (3.0.0.4001)	Secunia	15.01.2013	5,81 MB	3.0.0.4001
benötigt Skype™ 6.1	Skype Technologies S.A.	15.01.2013	21,1 MB	6.1.129
unnötig SopCast 2.0.4	SopCast.com	17.03.2012		2.0.4
unbekannt Synaptics Pointing Device Driver	Synaptics Incorporated	09.03.2011	46,4 MB	15.0.24.0
benötigt VLC media player 2.0.5	VideoLAN	16.01.2013		2.0.5
benötigt VLC media player 2.0.5	VideoLAN	15.01.2013		2.0.5
benötigt Vodafone Mobile Connect Lite	Vodafone	30.08.2011	20,2 MB	3.2.2.182
benötigt Winamp	Nullsoft, Inc	15.01.2013		5.63 
unbekannt Windows 7 Default Setting	Hewlett-Packard Company	08.09.2010	32,0 KB	1.0.1.7
unbekannt Windows Live ID Sign-in Assistant	Microsoft Corporation	08.09.2010	10,0 MB	6.500.3165.0
benötigt XSManager	XSManager	28.11.2011		3.0

markusg · 19.01.2013, 17:46

deinstaliere:
Adobe Flash Player alle
Adobe - Install Adobe Flash Player
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Akamai
K-Lite
Malwarebytes
Microsoft Office : alle

Microsoft Silverlight
SopCast
Windows Live

Öffne CCleaner, analysieren, starten, PC neustarten.

emsisoft öffnen, einstellungen klicken.
geplanter scan.
wähle starten um, ich persönlich hab monatlich, kannst aber auch wöchendlich einstellen.
uhrzeit, und bei monatlich ebenfalls datum wählen.
unsichtbar, falls du das scan fenster nicht sehen möchtest.
und verpasste scans nachholen.
auto update:
intervall, täglich, stündlich von 00.00 bis 23.59
heißt jede stunde updates.
einstellung: update
am antimalware network teilnemen.
die andern beiden haken, beta updates und zusätzliche sprachen, nicht setzen.

rest bleibt.
klicke jetzt auf wächter:
dort auf wächter.
verhaltensanalyse aktivieren, alles selektieren.
jetzt auf alarme:
aktiviere dort comunety basierte alarm reduktion.
unter anderem dafür gibt es das antimalware network.
die comunety basierte alarm reduktion betrifft die verhaltensanalyse.
emsisoft gibt, bei einigen programmen, meldungen raus, weil das verhalten des programmes dies notwendig macht.
da manche user sich damit nicht auskennen, was keine schande ist, :-) wird hier geprüft, wie viele nutzer haben programm x erlaubt oder blockiert.
hier haben wir im moment 90 % eingestellt, also wenn 90 % sagen, das programm ist io, wird ne erlauben regel angelegt, wenn sie sagen, programm x ist bösartig, automatisch blockiert.
wenn du dir das allein zutraust, musst du den haken nicht setzen.
wenn zb nur 70 % aller user sagen programm x ist gut oder bösartig, wird dir dies in einer grafik angezeigt
jetzt auf datei wächter.
standard atkion für erkannte objekte, alarmieren.
surf schutz:
hier alles auf blockieren mit info.
wenn es eine seite gibt, die versehens blockiert wird, kanns du die direkt über das popup erlauben was es bei der blockierung gibt, oder über host regeln.
wenn dir diese info popups nicht gefallen musst du alles auf unsichtbar blockieren stellen, aber drann denken, zu prüfen wenn du ne seite hast, die nicht geladen wird, ob emsi sie geblockt hatt.

das währe es, hoffe es war verständlich.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste
mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

nicej · 19.01.2013, 18:49

Hallo Markus,

vielen Dank für die Anleitungen, waren alle verständlich. Ich finde es super, wie du das machst!

Anbei die Logfile:

HTML-Code:

# AdwCleaner v2.106 - Datei am 19/01/2013 um 18:47:27 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : volkyleo - VOLKYLEO-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Juergen_Zock\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : \user.js
Ordner Gefunden : C:\Users\volkyleo\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\volkyleo\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\volkyleo\AppData\LocalLow\Softonic

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.52

Datei : C:\Users\volkyleo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Juergen_Zock\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2332 octets] - [19/01/2013 18:47:27]

########## EOF - \AdwCleaner[R1].txt - [2392 octets] ##########

markusg · 19.01.2013, 18:50

Hi,

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe
alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein
Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den
Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

neustarten, testen, wie der PC läuft, auch alle Programme, wie instalierte Browser.

nicej · 19.01.2013, 20:51

scheint alles ok zu laufen, lief es aber davor auch schon.
anbei die logfile

Code:

ATTFilter

# AdwCleaner v2.106 - Datei am 19/01/2013 um 20:36:28 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : volkyleo - VOLKYLEO-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Juergen_Zock\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : \user.js
Ordner Gelöscht : C:\Users\volkyleo\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\volkyleo\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\volkyleo\AppData\LocalLow\Softonic

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.52

Datei : C:\Users\volkyleo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Juergen_Zock\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2457 octets] - [19/01/2013 18:47:27]
AdwCleaner[S1].txt - [2394 octets] - [19/01/2013 20:36:28]

########## EOF - \AdwCleaner[S1].txt - [2454 octets] ##########

markusg · 20.01.2013, 20:38

Hi
fragen muss ich trotzdem :-)
bitte in zukunft software nur beim Hersteller laden.
Benutzerdefinierte Instalation wählen, genau lesen, und evtl. über google über die Software informieren.
Keine toolbars mit instalieren.

Öffne OTL, bereinigen, PC startet neu, Remover werden gelöscht.
Lösche übergebliebene Remover, Logs, Setups, leere den Papierkorb.
PC absichern:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

nicej · 21.01.2013, 15:50

Code:

ATTFilter

OTL Extras logfile created on: 1/21/2013 3:21:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Juergen_Zock\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 47.71% Memory free
3.49 Gb Paging File | 1.81 Gb Available in Paging File | 51.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75.40 Gb Total Space | 29.65 Gb Free Space | 39.33% Space Free | Partition Type: NTFS
Drive E: | 73.36 Gb Total Space | 29.09 Gb Free Space | 39.66% Space Free | Partition Type: NTFS
 
Computer Name: VOLKYLEO-HP | User Name: volkyleo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07CB4B12-8216-4258-B952-46D33D3DCF25}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{14713290-E6DA-4399-B7A5-9BF8E7F2CC79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1837B0B6-1CCA-4F07-A3B4-AAC75098FD9C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1ED4DB4F-7913-4B01-BDCD-69186D9781E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1EDF3467-2E30-4200-BD87-9BFF2E89EEE4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{25DA73ED-AF92-4736-B14B-738ADB80A97C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{28E5D500-D886-4E9E-8AB8-0EA26748CE78}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3F372483-AC04-4BFA-9B0F-CD3DD0F528F5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{419FB766-EDB2-461F-B13B-D4E67728529C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{568BFA06-4D09-4A74-A60A-12656ECAFAD3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{68158B2A-C0EB-47E8-ABE8-23FAE9D4F35A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{69F75725-81AE-4162-9FC5-723DD97931DF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86E27743-491E-48FF-8303-E6555C11B7A6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8A11F362-CCF0-4B87-B3C1-4BC022871161}" = rport=137 | protocol=17 | dir=out | app=system | 
"{975EED42-9DD1-4563-83E1-62EAEE909F9B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9F07D095-3035-4C03-B74D-E2DD9108F635}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A5E19AE3-3321-4319-9580-28FDF7539B76}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AA250559-BCE9-4338-BD8D-B2A141B5BC73}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B85E929F-A056-4A8F-B15D-CA9490D2A48C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CB5F0A60-2735-4BFD-A902-97E2BB35D54E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FA60A24F-424E-4F50-BBA4-13FAE11A78E1}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F2E82A-0880-49D0-BBE7-53EA00CC3AE2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{28099FC0-68EB-4434-A870-6F3C536596A1}" = dir=in | app=c:\users\volkyleo\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{2CC35AE6-798B-4DA0-B380-86A1092CC17C}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{2FDC9323-3638-4825-B143-D3F66C465950}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{43EEF530-ADB8-4B23-B8A3-91905917F288}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{46F280DA-9886-42BC-AE4A-97B3A56CE3D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{47F816BE-B12C-4752-AD19-7C2EFCFFF414}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C316614-1DBE-4E14-B1D5-5BF72222074A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5D455651-95D5-40E1-9D4E-2B731A1C4925}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{619DF061-FC45-4C5E-819A-7B423DCEEAE0}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{766EC886-9592-4A85-8494-6CAE2759640C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{76BAB1A0-BDBC-4D79-B2A0-2003BC0AC4E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{893BC3B1-6B70-46AE-A270-1B1B7B442517}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DF65B78-CF1A-4304-9F34-B95E3FD10182}" = protocol=58 | dir=in | app=system | 
"{9787C3AC-B8E2-44B4-86C7-9C8AE0185BB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A3CF0D49-D241-4446-A243-1350CCD4FBE4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B5FFA59E-8EA7-4C85-913A-BEDBDCEEEEDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B90BC09B-6B11-4554-A659-F0927C9A1921}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B9A451F0-C443-4E01-B6EB-B4EE224C199C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C00246A7-8C6B-4BEB-998D-3B7FE0B2C938}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D1A05F38-27CB-4D2B-8B05-A2BF3FEC5BE7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D84E8A76-CE0B-4C6D-B216-F2FC3677902A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E1DBFC83-B8DD-4077-B784-3B7B9D974258}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E5FF289F-EE53-4777-BE00-73172D3E52C6}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{EC722111-47C0-466A-B087-B4195E222C56}" = protocol=6 | dir=out | app=system | 
"TCP Query User{2C56E90A-D8F4-4607-9191-5A0BF6C2BC48}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{3FBE9233-1882-4280-AB58-560EAB77318E}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{686B0E11-C75F-4542-B7E5-A40A8F723746}C:\users\juergen_zock\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\juergen_zock\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{932CD856-E74D-4B7E-9E9E-6F519D79D597}C:\users\juergen_zock\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\juergen_zock\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{99F3C6BA-A098-49B8-BA2E-3B2C7B56DB0A}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{C4037EA0-C0DE-4E6E-B398-651E8F3FC154}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{E76ACBD7-B270-4D4A-B2BC-D1997D035A5F}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{3B749A97-87DD-427E-B09F-4378BECF1CAA}C:\users\juergen_zock\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\juergen_zock\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{4189E73B-0B2E-455A-A754-A898E69FFA4C}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{76DDE08A-8733-4E9C-A881-BD65EE75A22D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{779FF049-8AA8-4BE7-A553-755267A3F8AC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{93B9294C-26CB-4805-BB7D-164C753A9CA5}C:\users\juergen_zock\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\juergen_zock\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{ACA0763A-A565-49E2-98F6-A1D634DE3F63}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{E5686FCA-4259-4190-A31D-C1ADCDD2B550}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014C6C60-4916-48F7-916E-E8048E12E9F1}" = HP HotKey Support
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2C69D297-A524-1FB1-5C00-1C52363E044F}" = ccc-utility64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{560932B5-8702-7FB8-01AE-265EA44FAEEB}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Sandboxie" = Sandboxie 3.76 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{068D970F-203E-45AF-AFFB-5D0F5BDCF80A}_is1" = eXtreme Gammon
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{2F5AF5E1-E021-4832-A423-EF480EC58A0B}_is1" = eXtreme Gammon 2
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C1DE827D-8A61-4A77-9CCF-31AD84CC1FB6}" = HP Documentation
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"7-Zip" = 7-Zip 9.20
"BitTorrent" = BitTorrent
"FileHippo.com" = FileHippo.com Update Checker
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20110310 code)
"Google Chrome" = Google Chrome
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.3.0
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PokerStars" = PokerStars
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"XSManager" = XSManager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/11/2013 12:41:23 PM | Computer Name = volkyleo-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 1/11/2013 12:41:23 PM | Computer Name = volkyleo-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 1/11/2013 12:41:23 PM | Computer Name = volkyleo-HP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 1/11/2013 12:44:32 PM | Computer Name = volkyleo-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 1/11/2013 12:44:32 PM | Computer Name = volkyleo-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 1/11/2013 12:44:32 PM | Computer Name = volkyleo-HP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 1/11/2013 3:24:15 PM | Computer Name = volkyleo-HP | Source = Google Update | ID = 20
Description = 
 
Error - 1/11/2013 3:24:19 PM | Computer Name = volkyleo-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: XSManager.exe, Version: 1.0.0.1, 
Zeitstempel: 0x4bc31251  Name des fehlerhaften Moduls: MFC42u.DLL, Version: 6.6.8064.0,
 Zeitstempel: 0x4d79b239  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000102d1  ID des fehlerhaften
 Prozesses: 0xc60  Startzeit der fehlerhaften Anwendung: 0x01cdf01aa01ba1da  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\XSManager\XSManager.exe  Pfad des 
fehlerhaften Moduls: C:\windows\system32\MFC42u.DLL  Berichtskennung: 7e50f955-5c24-11e2-9d3f-1cc1deb35165
 
Error - 1/11/2013 6:41:32 PM | Computer Name = volkyleo-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 1/11/2013 6:41:32 PM | Computer Name = volkyleo-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 1/11/2013 6:41:32 PM | Computer Name = volkyleo-HP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
[ Hewlett-Packard Events ]
Error - 10/13/2012 1:57:00 PM | Computer Name = volkyleo-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1788  Ram Utilization: 60  TargetSite: Void UpdateAndDetect()  
 
Error - 10/21/2012 4:53:10 PM | Computer Name = volkyleo-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1788  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 10/27/2012 7:42:08 AM | Computer Name = volkyleo-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1788  Ram Utilization: 60  TargetSite: Void UpdateAndDetect()  
 
Error - 11/3/2012 6:42:31 AM | Computer Name = volkyleo-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1788  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 11/11/2012 12:07:20 PM | Computer Name = volkyleo-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1788  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 11/19/2012 5:33:39 PM | Computer Name = volkyleo-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/19/2012 5:34:20 PM | Computer Name = volkyleo-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1788  Ram Utilization: 70  TargetSite: Void UpdateAndDetect()  
 
Error - 11/19/2012 5:35:02 PM | Computer Name = volkyleo-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/19/2012 5:35:46 PM | Computer Name = volkyleo-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/24/2012 3:41:02 PM | Computer Name = volkyleo-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1788  Ram Utilization: 70  TargetSite: Void UpdateAndDetect()  
 
[ HP Software Framework Events ]
Error - 11/24/2012 3:36:01 PM | Computer Name = volkyleo-HP | Source = CaslWmi | ID = 5
Description = 2012.11.24 20:36:01.923|00000C70|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/24/2012 3:36:02 PM | Computer Name = volkyleo-HP | Source = CaslWmi | ID = 5
Description = 2012.11.24 20:36:02.126|00000C70|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/24/2012 3:36:02 PM | Computer Name = volkyleo-HP | Source = CaslWmi | ID = 5
Description = 2012.11.24 20:36:02.172|00000C70|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/24/2012 3:36:02 PM | Computer Name = volkyleo-HP | Source = CaslWmi | ID = 5
Description = 2012.11.24 20:36:02.219|00000C70|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/24/2012 3:41:31 PM | Computer Name = volkyleo-HP | Source = CaslWmi | ID = 5
Description = 2012.11.24 20:41:31.576|00000248|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/25/2012 1:09:26 AM | Computer Name = volkyleo-HP | Source = CaslWmi | ID = 5
Description = 2012.11.25 06:09:26.903|000003C4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/25/2012 1:09:27 AM | Computer Name = volkyleo-HP | Source = CaslWmi | ID = 5
Description = 2012.11.25 06:09:27.121|000003C4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/25/2012 1:09:27 AM | Computer Name = volkyleo-HP | Source = CaslWmi | ID = 5
Description = 2012.11.25 06:09:27.168|000003C4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/25/2012 1:09:27 AM | Computer Name = volkyleo-HP | Source = CaslWmi | ID = 5
Description = 2012.11.25 06:09:27.199|000003C4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/25/2012 1:09:27 AM | Computer Name = volkyleo-HP | Source = CaslWmi | ID = 5
Description = 2012.11.25 06:09:27.277|000003C4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ HP Wireless Assistant Events ]
Error - 10/13/2010 5:20:40 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     at HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 10/13/2010 5:20:40 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0
Description = System.Exception Register() failed : e_GENERAL_EXCEPTION    at HP_Common.CaslWrapper.Register(EventArrivedEventHandler
 handler)     at HPPA_Service.CurrentConfiguration..ctor()
 
Error - 10/13/2010 5:20:43 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
 calibration)     at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 11/18/2011 3:26:40 PM | Computer Name = volkyleo-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 7/5/2012 12:02:56 PM | Computer Name = volkyleo-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException     bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 7/5/2012 12:02:56 PM | Computer Name = volkyleo-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException     bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 8/6/2012 3:49:44 PM | Computer Name = volkyleo-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException     bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 8/6/2012 3:49:44 PM | Computer Name = volkyleo-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException     bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 8/6/2012 3:49:45 PM | Computer Name = volkyleo-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException     bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

   bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)

   bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

   bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
[ System Events ]
Error - 1/17/2013 4:29:22 PM | Computer Name = volkyleo-HP | Source = bowser | ID = 8003
Description = 
 
Error - 1/18/2013 3:28:33 PM | Computer Name = volkyleo-HP | Source = bowser | ID = 8003
Description = 
 
Error - 1/19/2013 1:06:43 PM | Computer Name = volkyleo-HP | Source = bowser | ID = 8003
Description = 
 
Error - 1/19/2013 1:09:38 PM | Computer Name = volkyleo-HP | Source = bowser | ID = 8003
Description = 
 
Error - 1/19/2013 1:39:41 PM | Computer Name = volkyleo-HP | Source = bowser | ID = 8003
Description = 
 
Error - 1/19/2013 3:33:52 PM | Computer Name = volkyleo-HP | Source = bowser | ID = 8003
Description = 
 
Error - 1/19/2013 3:43:35 PM | Computer Name = volkyleo-HP | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 1/19/2013 3:45:54 PM | Computer Name = volkyleo-HP | Source = bowser | ID = 8003
Description = 
 
Error - 1/19/2013 6:19:16 PM | Computer Name = volkyleo-HP | Source = bowser | ID = 8003
Description = 
 
Error - 1/19/2013 8:16:03 PM | Computer Name = volkyleo-HP | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >

Code:

ATTFilter

OTL logfile created on: 1/21/2013 3:21:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Juergen_Zock\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 47.71% Memory free
3.49 Gb Paging File | 1.81 Gb Available in Paging File | 51.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75.40 Gb Total Space | 29.65 Gb Free Space | 39.33% Space Free | Partition Type: NTFS
Drive E: | 73.36 Gb Total Space | 29.09 Gb Free Space | 39.66% Space Free | Partition Type: NTFS
 
Computer Name: VOLKYLEO-HP | User Name: volkyleo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/01/21 15:18:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Juergen_Zock\Desktop\OTL.exe
PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/12 18:02:06 | 003,084,688 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/09/24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012/09/24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/10/01 14:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010/04/30 12:24:26 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2010/04/30 12:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2010/04/12 18:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/12/16 12:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/03/12 20:45:05 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2012/03/12 20:45:05 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/08/05 00:22:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/07/30 03:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/04/05 19:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/01/10 23:44:44 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 15:19:46 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/12 18:02:06 | 003,084,688 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012/09/24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012/09/24 13:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/01 14:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010/04/30 12:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010/04/12 18:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/16 12:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/12 20:45:06 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011/11/28 10:21:24 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/13 10:28:51 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/11 17:43:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/08/05 00:52:36 | 006,859,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/04 23:47:20 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/20 22:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 22:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 22:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 15:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/21 04:06:38 | 000,096,384 | ---- | M] (Realtek Semiconductor Corp.) [2 MP Fixed] [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2010/03/09 18:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/02 23:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/16 20:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/05 11:56:58 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/04/30 17:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2012/04/30 17:45:00 | 000,044,688 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2011/05/19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2010/05/05 08:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{35CE336A-53D5-4D6F-860D-B022C1A845E1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{35CE336A-53D5-4D6F-860D-B022C1A845E1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=89e2381d-2342-11e1-93d8-1cc1deb35165&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\volkyleo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\volkyleo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\volkyleo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/15 01:26:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013/01/15 15:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\volkyleo\AppData\Roaming\mozilla\Extensions
[2011/03/11 10:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\volkyleo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/01/15 15:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/01/10 23:44:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/10 23:44:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/06/28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.dhttp//www.google.de/webhp?source=search_app
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.dhttp//www.google.de/webhp?source=search_app
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - Extension: Docs = C:\Users\volkyleo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\volkyleo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\volkyleo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\volkyleo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\volkyleo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/01/15 23:30:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [VodafoneVMCLiteLauncher] C:\Program Files (x86)\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\volkyleo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [VMCL] C:\Program Files (x86)\vodafone\vmclite\DongleEnumerator.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED76974C-9DCF-4CDA-A754-ADA275DDACEA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/19 18:26:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/19 18:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/01/19 18:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/01/18 20:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/01/18 20:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/16 00:12:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/15 23:34:53 | 000,000,000 | ---D | C] -- C:\Users\volkyleo\AppData\Local\temp
[2013/01/15 23:17:39 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/01/15 15:32:21 | 000,000,000 | R--D | C] -- C:\Sandbox
[2013/01/15 15:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2013/01/15 15:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2013/01/15 15:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/15 01:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/15 01:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/01/15 00:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/01/15 00:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2013/01/15 00:09:55 | 000,000,000 | ---D | C] -- C:\Users\volkyleo\AppData\Local\Secunia PSI
[2013/01/15 00:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013/01/15 00:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/01/15 00:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/01/15 00:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013/01/14 23:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/01/14 20:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013/01/14 20:25:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013/01/14 20:25:20 | 000,000,000 | ---D | C] -- C:\Users\volkyleo\Documents\Anti-Malware
[2013/01/14 18:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/01/14 18:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013/01/12 14:38:42 | 000,000,000 | ---D | C] -- C:\Users\volkyleo\AppData\Local\Microsoft Help
[2013/01/12 14:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/01/12 14:06:53 | 000,000,000 | ---D | C] -- C:\Users\volkyleo\AppData\Roaming\Malwarebytes
[2013/01/12 14:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/12 00:34:34 | 000,000,000 | ---D | C] -- C:\Users\volkyleo\AppData\Local\FullTiltPoker
[2013/01/12 00:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2013/01/12 00:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Tilt Poker
[2013/01/10 23:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/21 15:21:56 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 15:21:56 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 15:18:36 | 004,535,194 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/01/21 15:18:36 | 001,789,880 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/21 15:18:36 | 001,373,802 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/01/21 15:18:36 | 001,227,500 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/21 15:18:35 | 000,005,438 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/21 15:13:50 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/21 15:13:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/21 15:13:27 | 1875,439,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/20 02:53:00 | 000,001,132 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-837282745-396279724-2516890348-1001UA.job
[2013/01/20 02:33:00 | 000,001,114 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 02:24:04 | 000,001,150 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-837282745-396279724-2516890348-1001UA.job
[2013/01/20 00:11:49 | 000,003,626 | ---- | M] () -- C:\windows\Sandboxie.ini
[2013/01/19 23:03:34 | 000,001,080 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-837282745-396279724-2516890348-1001Core.job
[2013/01/16 14:24:00 | 000,001,128 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-837282745-396279724-2516890348-1001Core.job
[2013/01/15 23:30:55 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/01/15 00:08:41 | 000,001,106 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/01/12 14:32:57 | 000,000,000 | ---- | M] () -- C:\Users\volkyleo\defogger_reenable
[2013/01/11 00:10:28 | 000,295,976 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/01 21:46:24 | 000,000,344 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForvolkyleo.job
 
========== Files Created - No Company Name ==========
 
[2013/01/19 18:18:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/15 15:29:37 | 000,003,626 | ---- | C] () -- C:\windows\Sandboxie.ini
[2013/01/15 15:23:51 | 000,001,114 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/15 15:23:48 | 000,001,110 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/15 00:33:56 | 000,001,999 | ---- | C] () -- C:\Users\volkyleo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2013/01/15 00:08:40 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/01/15 00:08:40 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013/01/12 14:32:57 | 000,000,000 | ---- | C] () -- C:\Users\volkyleo\defogger_reenable
[2012/10/21 22:05:30 | 000,650,752 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012/10/21 22:05:30 | 000,243,200 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2012/10/21 22:05:30 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\lagarith.dll
[2012/10/21 22:05:27 | 000,112,640 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012/05/20 12:19:52 | 000,007,597 | ---- | C] () -- C:\Users\volkyleo\AppData\Local\Resmon.ResmonCfg
[2011/09/13 19:03:17 | 000,000,218 | ---- | C] () -- C:\Users\volkyleo\.recently-used.xbel
[2011/06/15 18:31:07 | 001,541,588 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/09 13:00:19 | 000,001,854 | ---- | C] () -- C:\Users\volkyleo\AppData\Roaming\GhostObjGAFix.xml
[2011/03/09 16:04:03 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2011/03/09 10:37:31 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/01/18 20:48:20 | 000,000,000 | ---D | M] -- C:\Users\volkyleo\AppData\Roaming\BitTorrent
[2011/09/13 18:59:27 | 000,000,000 | ---D | M] -- C:\Users\volkyleo\AppData\Roaming\gtk-2.0
[2012/11/21 12:56:11 | 000,000,000 | ---D | M] -- C:\Users\volkyleo\AppData\Roaming\OpenOffice.org
[2012/09/20 08:58:19 | 000,000,000 | ---D | M] -- C:\Users\volkyleo\AppData\Roaming\Party
[2013/01/19 18:26:20 | 000,000,000 | ---D | M] -- C:\Users\volkyleo\AppData\Roaming\SoftGrid Client
[2011/03/15 12:41:55 | 000,000,000 | ---D | M] -- C:\Users\volkyleo\AppData\Roaming\SuperMailer
[2011/03/11 10:32:37 | 000,000,000 | ---D | M] -- C:\Users\volkyleo\AppData\Roaming\Thunderbird
[2011/06/15 18:35:52 | 000,000,000 | ---D | M] -- C:\Users\volkyleo\AppData\Roaming\TP
[2012/11/06 18:12:34 | 000,000,000 | ---D | M] -- C:\Users\volkyleo\AppData\Roaming\XSManager
 
========== Purity Check ==========
 
 

< End of report >

14.01.2013, 19:42	#2
markusg /// Malware-holic	Malwarebytes findet 18 infizierte Dateien hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten __________________ __________________

Malwarebytes findet 18 infizierte Dateien

Plagegeister aller Art und deren Bekämpfung: Malwarebytes findet 18 infizierte Dateien