Trojaner - Sicherheitscenter oder Treiber wird deaktiviert

Hannem · 22.01.2013, 16:23

hi,

Falls du Namen oder dergleichen findest bitte löschen.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 1/22/2013 4:10:27 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Eigene Dateien
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: XXXXX | Language: DEA | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.46% Memory free
7.73 Gb Paging File | 5.61 Gb Available in Paging File | 72.57% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 65.58 Gb Free Space | 36.64% Space Free | Partition Type: NTFS
Drive D: | 266.66 Gb Total Space | 58.10 Gb Free Space | 21.79% Space Free | Partition Type: NTFS
Drive F: | 25.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SATURN-PC | User Name: saturn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Eigene Dateien\OTL (2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\A1 Dashboard\Dashboard.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\SysWOW64\Rezip.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
MOD - C:\Program Files (x86)\A1 Dashboard\Skins\A1\A1Skin.dbskin ()
MOD - C:\Program Files (x86)\A1 Dashboard\resetregistry.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\SysWOW64\Rezip.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (gfiark) -- C:\Windows\SysNative\drivers\gfiark.sys (GFI Software)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKLM\..\SearchScopes\Yandex: "URL" = hxxp://yandex.ru/yandsearch?clid=39942&text={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=AT&userid=19d02a35-f5b8-423b-8334-9a43331abd6c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=AT&userid=19d02a35-f5b8-423b-8334-9a43331abd6c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com?fr=fp-comodo
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=AT&userid=19d02a35-f5b8-423b-8334-9a43331abd6c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=AT&userid=19d02a35-f5b8-423b-8334-9a43331abd6c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=AT&userid=19d02a35-f5b8-423b-8334-9a43331abd6c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\..\SearchScopes\{1C1C23FD-730C-4DDB-B8A8-06536CE0F91F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=U3&apn_dtid=YYYYYYYYAT&apn_uid=3E29FE37-322E-4685-81C4-B8C4C5C158B9&apn_sauid=6CFA1673-53E5-4F3A-A155-DBFD36316D45
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=F2E5642EFB1712700EF90850EDEAAEE2&q={searchTerms}
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deAT451
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\..\SearchScopes\Moikrug: "URL" = hxxp://moikrug.ru/persons/?clid=39942&charset=utf-8&keywords={searchTerms}&submitted=1
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\..\SearchScopes\Yandex: "URL" = hxxp://yandex.ru/yandsearch?clid=39942&text={searchTerms}
IE - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:6.0.1289
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://us.yahoo.com?fr=fp-comodo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/20 01:52:16 | 000,000,000 | ---D | M]
 
[2011/08/11 01:47:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\saturn\AppData\Roaming\mozilla\Extensions
[2012/05/14 16:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\1un5q3vp.default\extensions
[2012/05/14 16:24:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\1un5q3vp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013/01/10 00:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\1un5q3vp.default\extensions\ffxtlbr@babylon.com
[2011/12/31 06:03:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/11/24 23:16:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 
========== Chrome  ==========
 
CHR - homepage: hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=AT&userid=19d02a35-f5b8-423b-8334-9a43331abd6c&affid=111583&searchtype=hp&babsrc=lnkry
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=AT&userid=19d02a35-f5b8-423b-8334-9a43331abd6c&affid=111583&searchtype=hp&babsrc=lnkry
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Disabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Disabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Session Manager = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\
CHR - Extension: YouTube = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Tabs Outliner = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl\0.4.39_0\
CHR - Extension: Safe Search = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik\1.0.0.0_0\
CHR - Extension: Session Manager = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.3_0\
CHR - Extension: Fast save = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\obolonaohefbbbbmhehcenamjebhjecd\1.1_0\
CHR - Extension: Google Reader = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Google Mail = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: RSS Feed Reader = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\4.1.5_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O3 - HKU\S-1-5-21-871626820-2410801721-1010220994-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AutoEJCD_0ACE20FF] C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-871626820-2410801721-1010220994-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-871626820-2410801721-1010220994-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\saturn\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\saturn\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E9177F0-BA1E-45D3-BEDC-CEB7D5FE6A0A}: NameServer = 194.48.139.254 194.48.124.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1034E13-F72B-4B75-9B44-6284186A43C0}: DhcpNameServer = 127.0.0.1 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/22 19:42:32 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/07/20 17:28:08 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9517c0c6-abfb-11e1-ac47-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{9517c0c6-abfb-11e1-ac47-001e101f50a4}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/08/22 19:42:32 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a5d8d4b2-abe8-11e0-8095-e811328461e3}\Shell - "" = AutoRun
O33 - MountPoints2\{a5d8d4b2-abe8-11e0-8095-e811328461e3}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/08/22 19:42:32 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b6a165b9-570c-11e1-b951-e811328461e3}\Shell - "" = AutoRun
O33 - MountPoints2\{b6a165b9-570c-11e1-b951-e811328461e3}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{bbc0e2e4-aba6-11e0-bbd1-e811328461e3}\Shell - "" = AutoRun
O33 - MountPoints2\{bbc0e2e4-aba6-11e0-bbd1-e811328461e3}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/08/22 19:42:32 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{bbc0e2f4-aba6-11e0-bbd1-e811328461e3}\Shell - "" = AutoRun
O33 - MountPoints2\{bbc0e2f4-aba6-11e0-bbd1-e811328461e3}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/08/22 19:42:32 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/08/22 19:42:32 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/18 13:41:58 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\Microgaming
[2013/01/18 13:38:18 | 000,000,000 | ---D | C] -- C:\Microgaming
[2013/01/18 13:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS
[2013/01/18 13:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betsson Poker by Microgaming
[2013/01/16 02:40:05 | 000,000,000 | ---D | C] -- C:\Users\saturn\Documents\ProcAlyzer Dumps
[2013/01/14 03:05:01 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2013/01/10 15:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/01/10 03:16:06 | 000,000,000 | ---D | C] -- C:\0c620edd659dde624356bf416f
[2013/01/10 02:45:12 | 000,038,096 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfiark.sys
[2013/01/09 23:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/01/09 23:30:15 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\LavasoftStatistics
[2013/01/09 23:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/09 23:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/01/09 23:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/01/09 23:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/01/09 23:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/01/09 23:16:22 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2013/01/09 23:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/01/09 23:14:22 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\Downloaded Installations
[2013/01/09 23:14:09 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/01/09 23:14:08 | 000,047,496 | ---- | C] (GFI Software) -- C:\windows\SysNative\sbbd.exe
[2013/01/09 23:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2013/01/09 23:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/01/09 23:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\adawaretb
[2013/01/09 23:11:11 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\adawarebp
[2013/01/09 23:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/01/09 23:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/01/09 23:09:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013/01/09 23:07:09 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\Ad-Aware Antivirus
[2013/01/08 21:11:08 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\Programs
[2013/01/01 22:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2012/12/30 02:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
[6 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Users\saturn\Documents\*.tmp files -> C:\Users\saturn\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/22 16:03:47 | 001,474,832 | ---- | M] () -- C:\windows\SysNative\drivers\sfi.dat
[2013/01/22 15:52:10 | 000,051,089 | ---- | M] () -- C:\Users\saturn\Desktop\85104-otl-otlogfile-by-oldtimer.htm
[2013/01/22 15:45:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/22 15:28:01 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/22 14:53:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/22 12:49:51 | 000,079,996 | ---- | M] () -- C:\Users\saturn\Documents\Unbenanntaaabb.PNG
[2013/01/22 10:41:25 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 10:41:25 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 10:35:24 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/01/22 10:33:59 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/22 10:33:43 | 4148,744,192 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/20 02:13:09 | 041,500,672 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\7SRData.sdf
[2013/01/20 01:21:46 | 054,558,720 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\UberReaderData.sdf
[2013/01/18 13:41:47 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Betsson Poker by Microgaming.lnk
[2013/01/16 00:57:32 | 000,101,182 | ---- | M] () -- C:\Users\saturn\Documents\Statistik_Theorie%20(2).odt_0.odt
[2013/01/16 00:57:22 | 000,132,092 | ---- | M] () -- C:\Users\saturn\Documents\Normalv.odt_0.odt
[2013/01/16 00:57:21 | 000,085,767 | ---- | M] () -- C:\Users\saturn\Documents\Binomial_1%20(2).odt_0.odt
[2013/01/16 00:57:21 | 000,056,299 | ---- | M] () -- C:\Users\saturn\Documents\Binomial_2%20(2).odt_0.odt
[2013/01/15 10:35:52 | 000,062,835 | ---- | M] () -- C:\Users\saturn\Documents\Unbenannt-docu.PNG
[2013/01/14 21:59:47 | 000,053,697 | ---- | M] () -- C:\Users\saturn\Documents\Unbenannt-neu2.PNG
[2013/01/14 05:41:56 | 000,072,455 | ---- | M] () -- C:\Users\saturn\Documents\neu-eleven.PNG
[2013/01/10 03:22:06 | 000,462,632 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/10 01:00:20 | 000,011,432 | ---- | M] () -- C:\windows\wininit.ini
[2013/01/09 23:16:45 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/01/09 23:14:08 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/01/07 13:56:47 | 000,062,394 | ---- | M] () -- C:\Users\saturn\Documents\Neu.PNG
[2013/01/07 13:42:41 | 000,066,269 | ---- | M] () -- C:\Users\saturn\Documents\Unbenannt-neu.PNG
[2013/01/07 01:20:54 | 000,065,155 | ---- | M] () -- C:\Users\saturn\Documents\Graph-neu.PNG
[2013/01/06 23:30:04 | 000,053,197 | ---- | M] () -- C:\Users\saturn\Documents\Parabel-Gerade.PNG
[2013/01/06 02:40:51 | 000,016,262 | ---- | M] () -- C:\Users\saturn\Documents\Unbenannt.PNG
[2013/01/06 02:30:07 | 000,005,154 | ---- | M] () -- C:\Users\saturn\Documents\Trapez.ggb
[2013/01/06 01:17:53 | 000,061,214 | ---- | M] () -- C:\Users\saturn\Documents\Fläche-1.PNG
[2013/01/01 22:54:17 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2012/12/30 16:29:20 | 000,049,967 | ---- | M] () -- C:\Users\saturn\Documents\Graph.PNG
[2012/12/30 16:24:25 | 000,051,755 | ---- | M] () -- C:\Users\saturn\Documents\Graphic.PNG
[2012/12/30 02:03:13 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012/12/29 00:59:14 | 000,040,002 | ---- | M] () -- C:\Users\saturn\Documents\Fläche+4.PNG
[2012/12/28 22:34:11 | 000,023,578 | ---- | M] () -- C:\Users\saturn\Documents\Fläche.PNG
[2012/12/28 22:33:46 | 000,025,667 | ---- | M] () -- C:\Users\saturn\Documents\Fläche2.PNG
[2012/12/28 22:32:49 | 000,043,132 | ---- | M] () -- C:\Users\saturn\Documents\Fläche1.PNG
[2012/12/28 21:38:42 | 000,048,684 | ---- | M] () -- C:\Users\saturn\Documents\Aufgabe-253d.PNG
[2012/12/28 19:43:13 | 000,054,089 | ---- | M] () -- C:\Users\saturn\Documents\Aufgabe-235b.PNG
[2012/12/28 19:40:36 | 000,032,742 | ---- | M] () -- C:\Users\saturn\Documents\AUfgabe-236a.PNG
[2012/12/28 18:39:26 | 000,031,857 | ---- | M] () -- C:\Users\saturn\Documents\Aufgabe-229a.PNG
[2012/12/27 19:12:44 | 000,028,542 | ---- | M] () -- C:\Users\saturn\Documents\project.PNG
[2012/12/27 19:11:27 | 000,005,572 | ---- | M] () -- C:\Users\saturn\Documents\Project.b.ggb
[2012/12/27 19:10:57 | 000,037,320 | ---- | M] () -- C:\Users\saturn\Documents\Project.b.PNG
[2012/12/27 19:03:37 | 000,005,884 | ---- | M] () -- C:\Users\saturn\Documents\Project.rar
[2012/12/27 18:04:28 | 000,005,958 | ---- | M] () -- C:\Users\saturn\Documents\Project.ggb
[2012/12/24 21:54:25 | 000,028,699 | ---- | M] () -- C:\Users\saturn\Documents\Aufgabe-3.PNG
[2012/12/24 21:28:47 | 000,022,719 | ---- | M] () -- C:\Users\saturn\Documents\Aufgabe-2.PNG
[2012/12/24 19:21:24 | 000,005,228 | ---- | M] () -- C:\Users\saturn\Documents\GEo- Plan.ggb
[2012/12/24 01:57:55 | 000,045,971 | ---- | M] () -- C:\Users\saturn\Documents\Aufgabe-1.PNG
[2012/12/24 01:38:42 | 000,046,265 | ---- | M] () -- C:\Users\saturn\Documents\Kurvendiskussionen.PNG
[2012/12/23 16:32:26 | 000,031,047 | ---- | M] () -- C:\Users\saturn\Documents\Integral-Flächen-berechnen.2.PNG
[6 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Users\saturn\Documents\*.tmp files -> C:\Users\saturn\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/22 15:51:31 | 000,051,089 | ---- | C] () -- C:\Users\saturn\Desktop\85104-otl-otlogfile-by-oldtimer.htm
[2013/01/22 12:49:51 | 000,079,996 | ---- | C] () -- C:\Users\saturn\Documents\Unbenanntaaabb.PNG
[2013/01/18 13:38:18 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Betsson Poker by Microgaming.lnk
[2013/01/16 01:34:24 | 000,132,092 | ---- | C] () -- C:\Users\saturn\Documents\Normalv.odt_0.odt
[2013/01/16 01:34:24 | 000,101,182 | ---- | C] () -- C:\Users\saturn\Documents\Statistik_Theorie%20(2).odt_0.odt
[2013/01/16 01:34:24 | 000,085,767 | ---- | C] () -- C:\Users\saturn\Documents\Binomial_1%20(2).odt_0.odt
[2013/01/16 01:34:24 | 000,056,299 | ---- | C] () -- C:\Users\saturn\Documents\Binomial_2%20(2).odt_0.odt
[2013/01/15 10:35:52 | 000,062,835 | ---- | C] () -- C:\Users\saturn\Documents\Unbenannt-docu.PNG
[2013/01/14 21:59:47 | 000,053,697 | ---- | C] () -- C:\Users\saturn\Documents\Unbenannt-neu2.PNG
[2013/01/14 05:41:56 | 000,072,455 | ---- | C] () -- C:\Users\saturn\Documents\neu-eleven.PNG
[2013/01/10 01:00:12 | 000,011,432 | ---- | C] () -- C:\windows\wininit.ini
[2013/01/09 23:17:47 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/01/09 23:16:48 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/01/09 23:16:45 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/01/07 13:56:47 | 000,062,394 | ---- | C] () -- C:\Users\saturn\Documents\Neu.PNG
[2013/01/07 13:42:40 | 000,066,269 | ---- | C] () -- C:\Users\saturn\Documents\Unbenannt-neu.PNG
[2013/01/07 01:20:54 | 000,065,155 | ---- | C] () -- C:\Users\saturn\Documents\Graph-neu.PNG
[2013/01/06 23:30:03 | 000,053,197 | ---- | C] () -- C:\Users\saturn\Documents\Parabel-Gerade.PNG
[2013/01/06 02:40:51 | 000,016,262 | ---- | C] () -- C:\Users\saturn\Documents\Unbenannt.PNG
[2013/01/06 02:30:06 | 000,005,154 | ---- | C] () -- C:\Users\saturn\Documents\Trapez.ggb
[2013/01/06 01:17:52 | 000,061,214 | ---- | C] () -- C:\Users\saturn\Documents\Fläche-1.PNG
[2013/01/01 22:54:16 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2012/12/30 16:29:20 | 000,049,967 | ---- | C] () -- C:\Users\saturn\Documents\Graph.PNG
[2012/12/30 16:24:24 | 000,051,755 | ---- | C] () -- C:\Users\saturn\Documents\Graphic.PNG
[2012/12/30 02:03:13 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012/12/29 00:59:13 | 000,040,002 | ---- | C] () -- C:\Users\saturn\Documents\Fläche+4.PNG
[2012/12/28 22:34:11 | 000,023,578 | ---- | C] () -- C:\Users\saturn\Documents\Fläche.PNG
[2012/12/28 22:33:46 | 000,025,667 | ---- | C] () -- C:\Users\saturn\Documents\Fläche2.PNG
[2012/12/28 22:32:48 | 000,043,132 | ---- | C] () -- C:\Users\saturn\Documents\Fläche1.PNG
[2012/12/28 21:38:42 | 000,048,684 | ---- | C] () -- C:\Users\saturn\Documents\Aufgabe-253d.PNG
[2012/12/28 19:43:13 | 000,054,089 | ---- | C] () -- C:\Users\saturn\Documents\Aufgabe-235b.PNG
[2012/12/28 19:40:36 | 000,032,742 | ---- | C] () -- C:\Users\saturn\Documents\AUfgabe-236a.PNG
[2012/12/28 18:39:24 | 000,031,857 | ---- | C] () -- C:\Users\saturn\Documents\Aufgabe-229a.PNG
[2012/12/27 19:12:44 | 000,028,542 | ---- | C] () -- C:\Users\saturn\Documents\project.PNG
[2012/12/27 19:10:57 | 000,037,320 | ---- | C] () -- C:\Users\saturn\Documents\Project.b.PNG
[2012/12/27 19:09:29 | 000,005,572 | ---- | C] () -- C:\Users\saturn\Documents\Project.b.ggb
[2012/12/27 19:02:00 | 000,005,884 | ---- | C] () -- C:\Users\saturn\Documents\Project.rar
[2012/12/27 18:04:28 | 000,005,958 | ---- | C] () -- C:\Users\saturn\Documents\Project.ggb
[2012/12/24 21:54:25 | 000,028,699 | ---- | C] () -- C:\Users\saturn\Documents\Aufgabe-3.PNG
[2012/12/24 21:28:46 | 000,022,719 | ---- | C] () -- C:\Users\saturn\Documents\Aufgabe-2.PNG
[2012/12/24 19:21:23 | 000,005,228 | ---- | C] () -- C:\Users\saturn\Documents\GEo- Plan.ggb
[2012/12/24 01:57:55 | 000,045,971 | ---- | C] () -- C:\Users\saturn\Documents\Aufgabe-1.PNG
[2012/12/24 01:38:41 | 000,046,265 | ---- | C] () -- C:\Users\saturn\Documents\Kurvendiskussionen.PNG
[2012/12/23 16:32:26 | 000,031,047 | ---- | C] () -- C:\Users\saturn\Documents\Integral-Flächen-berechnen.2.PNG
[2012/10/29 17:15:42 | 000,000,218 | ---- | C] () -- C:\Users\saturn\.recently-used.xbel
[2012/09/26 18:49:06 | 000,007,605 | ---- | C] () -- C:\Users\saturn\AppData\Local\Resmon.ResmonCfg
[2012/07/22 11:09:38 | 000,009,911 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-MMaster.dat
[2012/07/21 15:24:09 | 000,004,621 | ---- | C] () -- C:\Users\saturn\AppData\Local\recently-used.xbel
[2012/06/11 20:46:47 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2012/02/14 20:44:13 | 000,015,872 | ---- | C] () -- C:\windows\SysWow64\InsDrvZD64.DLL
[2011/10/25 16:53:34 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/10/24 19:08:30 | 000,131,584 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall.exe
[2011/08/10 22:12:24 | 000,006,656 | ---- | C] () -- C:\windows\SysWow64\lpcio.dll
[2011/07/18 11:25:11 | 001,592,858 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/30 08:53:34 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011/04/20 03:37:24 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011/04/19 13:27:14 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/04/19 12:51:02 | 000,000,378 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/04/19 12:21:46 | 000,311,296 | ---- | C] () -- C:\windows\SysWow64\Rezip.exe
[2010/12/23 14:39:34 | 041,500,672 | ---- | C] () -- C:\Users\saturn\AppData\Roaming\7SRData.sdf
[2010/08/14 14:34:12 | 054,558,720 | ---- | C] () -- C:\Users\saturn\AppData\Roaming\UberReaderData.sdf
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/10/29 16:07:52 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\.BitTornado
[2013/01/16 02:44:34 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Ad-Aware Antivirus
[2012/11/27 04:04:23 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Azureus
[2012/11/24 20:45:30 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\calibre
[2012/10/29 17:03:20 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\deluge
[2012/05/14 20:47:23 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\DVDVideoSoft
[2012/10/29 17:01:01 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\gtk-2.0
[2012/05/05 00:41:28 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\hdbADS
[2012/05/05 01:05:29 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\IrfanView
[2012/09/24 20:21:57 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\JAM Software
[2012/06/01 22:52:09 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\LibreOffice
[2012/02/29 02:32:38 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Lingo4u
[2013/01/20 01:17:21 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Microgaming
[2012/05/14 16:27:18 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\OpenCandy
[2011/11/25 15:23:35 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\OpenOffice.org
[2011/07/25 18:58:31 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Opera
[2012/06/01 13:41:17 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\SoftGrid Client
[2012/02/25 15:28:52 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\TP
[2012/05/14 16:29:26 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\TuneUp Software
[2012/10/29 17:29:32 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\uTorren
[2013/01/22 16:15:43 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\uTorrent
[2011/10/26 21:34:47 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Yandex
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

lg

markusg · 22.01.2013, 17:12

ix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hannem · 22.01.2013, 17:23

Hi,

Danke soweit. Muss jetzt arbeiten gehen, bin aber schon um 22 Uhr zurück und werde dann die empfohlenen Schritte dürchführen.

Danke, bis später.

lg

markusg · 22.01.2013, 17:32

lass solche zwischenposts weg, mach einfach wenn du Zeit hast

markusg · 23.01.2013, 12:07

funktioniert das sicherheitscenter wieder?

Hannem · 23.01.2013, 13:16

Hallo,

Ich habe Firewall etc. wieder eingeschalten.
Es ging heute Morgen auch schon wieder aus. Sicherheitscenter deaktiviert, nach einigen Sekunden ist der Laptop aus.

Nachdem ich es wiedereinschalte funktioniert es wieder, bis es irgendwann wieder aus geht. Mir kommt es so vor als ob es mit der Belastung meines Cpus zusammenhängt.

Da es mir oft so vorkommt als ob dieser vor allem dann deaktiviert wird wenn ich meinen Laptop belaste, mehrere Videos anschauen zb. viele Seiten offen lassen, simultan.

lg

Zitat:

Zitat von markusg

funktioniert das sicherheitscenter wieder?

Ich habe einen neuen Wiederherrstellungspunkt erstellt und nicht versucht den Computer dann wiederherzustellen.

Sollte ich dies tun?
Meinst du dies damit?

lg

markusg · 23.01.2013, 13:28

nein, ich meinte damit ob das sicherheitscenter funktioniert, so wie es da steht.
na, auf jeden fall kannst du bis februar mit dem gerät arbeiten und es dann neu machen.

Hannem · 23.01.2013, 13:38

Ich habe leider keinen Plan was es genau ist und wie es aussieht wenn es nicht funktioniert.

Ich erhalte alle paar Stunden eine Fehlermeldung, Sicherheitscenter deaktiviert, danach schaltet sich der Laptop auch von selber aus.

Eine Möglichkeit den Virus rauszujagen besteht demnach nicht und ich bin gezwungen neu aufzusetzen?

lg

Ps.
Wäre ein längeres arbeiten mit dem Gerät auch möglich trotz täglicher Abstürze?
Folgeschäden?

Wie soll ich fortfahren?
Welches Antivir, Firewall, Antimalware Programm verwenden.
Tipps für die Zukunft?

Los werde ich das Virus auf jeden Fall nicht mehr?

markusg · 23.01.2013, 15:51

hi das betriebssystem kann schaden nemen, wenn dauernd das system absstürtzt, deswegen baldmöglich neu aufsetzen

Hannem · 23.01.2013, 19:53

Eine Alternative gibt es nicht den Virus zu entfernen?

b.
Wie soll ich meinen Computer nach neuem aufsetzen schützen?
c.
Wovor Angst haben bzw. aus dem Weg gehen.

lg

markusg · 23.01.2013, 20:24

nein
verzcihte auf illegale streamings, downloads etc
zur absicherung kommen wir nach daten rettung

Hannem · 23.01.2013, 23:44

Hi,

Werde es Anfang Februar aufsetzen wenn ich mir eine externe Festplatte gekauft habe um Daten zu sichern.

Frage:
Ich darf keine Programme sichern, aber wenn ich gedownladete Dateien sichere, kann ich diese Programme ja dann auf den "neu aufgesetzen" Laptop leiten und dort neu installieren.

Es handelt sich ja dabei genauso um eine Datei wie bei einer Video Datei.

2.
Nachdem ich manche Videos anklicke erhalte ich ein Pop up und manchmal erscheint Adobe raider, dabei ist kein Buch geöffnet, es erscheint einfach und ich muss es per rechtem Mausklick schließen. Handelt es sich dabei um einen Virus.

3.
Warum haben wir alle diese Dinge ausgeführt wenn ich es sowieso neu aufsetzen muss?
Versteh mich hier nicht falsch.

lg

markusg · 24.01.2013, 12:23

du wolltest den pc nutzen bis feburar und hast mich um einen check gebeten, den habe ich ausgeführt.
Programme sichert man nicht, da die potentiell träger von schädlingen sein können.
wo meinst du öffnet sich der adobe reader, auf youtube oder wo?

Hannem · 24.01.2013, 13:45

Was meinst du mit Programme sichert man nicht?

Ich soll die Daten von diesem Programm nicht sichern?

Für die Zukunft, wie gehe ich mit Downloads um?
Wie kontrolliere ich diese auf Gefahr?
Wie gehe ich sicher keine infizierten Daten zu sichern?

In meiner Taskleiste geht Adobe Raider auf ohne das etwas erscheint. Ich schließe es dann einfach immer.

lg

Leider kann ich nicht edieren:

Bitte lösche doch meine Einträge mit sensibler Information.

Dein Tipp zur Datenrettung + Tipp für eine gute externe Platte die ich Online per Rechnung bestellen kann.

Regeln:

No Downloads von unsicheren Quellen.
No Videos etc. Online außer von renommierten Stellen wie Zeitungen etc.

lg

markusg · 24.01.2013, 16:06

hi
die meisten Fragen hab ich schon beantwortet, lies bitte vernünftig ich sag nicht alles 4 mal
welche sensiblen daten meinst du? logs löschen wir nicht, nur einträge, die eindeutig auf Personen schließen lassen, vor/nachname kombinationen zb, oder adressen etc
externe festplatten bekommst du beim elektronik händler, mediamarkt zb, oder amazon, da ich nicht weis wie viel du ausgeben willst kann ich dir da nichts posten

23.01.2013, 12:07	#5
markusg /// Malware-holic	Trojaner - Sicherheitscenter oder Treiber wird deaktiviert funktioniert das sicherheitscenter wieder? __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Trojaner - Sicherheitscenter oder Treiber wird deaktiviert

Plagegeister aller Art und deren Bekämpfung: Trojaner - Sicherheitscenter oder Treiber wird deaktiviert