Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner

Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner


Log-Analyse und Auswertung: Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.02.2013, 09:31   #1
PETERMUELLER
 
Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner - Standard

Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner


Hi,

Ich bin zurzeit auf Geschäftsreise weit weit weg von zu Hause und habe daher nicht meine gewohnten Tools etc. Ich benötige mein Notebook extrem dringend.

Ich bin Softwareentwickler und würde mich als absoluten Computerprofi bezeichnen.

Gestern hatte ich plötzlich einen „Scanhost.exe – Corrupt Disk“ System Repair Trojaner auf meinem System. Meines Wissens das erste Problem in 1.5 Jahren seitdem ich dies Notebook habe. Avira hat nichts gefunden. Alle Updates des OS und der Tools stets gemacht.

(Ich hatte ganz kurz eine sehr alte Version von Acrobat auf dem System, da könnte ich mir etwas eingefangen haben.)

Windows 7 Pro 64 Bit.

Mit Hilfe von Grindin habe ich den Rechner gesäubert und die hidden Files wieder sichtbar gemacht.

Soweit alles okay. Ab und zu finde ich nochmal hidden Dateien, wie z.B. eben die Favoriten. Diese hatte ich eh mit xmarks synchronisiert, so dass ich die leicht wiederherstellen konnte.

Ich würde aber gerne noch eine Systemwiderherstellung machen. Es wurden regelmäßig Systemwiederherstellungspunkte erstellt.

Allerdings sind keine (außer einem neuen) sichtbar. Ich vermute, dass auch diese Dateien hidden sind.

Wie kann ich diese wieder sichtbar machen?

Vielen Dank uns viele Grüße

Peter


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.02.2013 03:33:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Max Mustermann\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,68 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 52,88% Memory free
11,35 Gb Paging File | 9,01 Gb Available in Paging File | 79,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228,87 Gb Total Space | 81,05 Gb Free Space | 35,41% Space Free | Partition Type: NTFS
 
Computer Name: SK | User Name: Max Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.21 03:00:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max Mustermann\Downloads\OTL.exe
PRC - [2013.02.20 18:13:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.01.24 03:06:40 | 011,184,480 | ---- | M] (SugarSync, Inc.) -- C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
PRC - [2012.12.15 15:16:21 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012.11.28 17:33:52 | 000,567,296 | ---- | M] () -- C:\Program Files (x86)\Prey\platform\windows\bin\bash.exe
PRC - [2012.11.28 17:33:52 | 000,023,552 | ---- | M] (Fork Ltd.) -- C:\Program Files (x86)\Prey\platform\windows\cronsvc.exe
PRC - [2012.10.05 10:08:42 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012.03.07 15:33:00 | 001,122,848 | ---- | M] (Xmarks.com) -- C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
PRC - [2012.01.22 23:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012.01.22 23:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.07.22 07:49:26 | 000,511,920 | ---- | M] (REINER SCT) -- C:\Windows\SysWOW64\cjpcsc.exe
PRC - [2011.06.28 18:26:08 | 000,278,528 | ---- | M] (MAXA Research Int'l Inc.) -- C:\Program Files (x86)\MAXA Notifier for Skype\SkypeNotifier.exe
PRC - [2011.03.02 10:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
PRC - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.01.29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.05.28 10:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
PRC - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.12.29 10:38:50 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
PRC - [2009.12.03 02:27:28 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) -- c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
PRC - [2009.11.04 06:39:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.04 06:39:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.10.29 01:54:00 | 000,312,784 | ---- | M] () -- C:\Program Files (x86)\OneClickInternet\WTGService.exe
PRC - [2009.02.23 04:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2006.03.26 13:31:26 | 000,431,104 | ---- | M] (Unique Internet Services) -- C:\Program Files (x86)\ProxyFirewall\ProxyFirewall.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2009.07.13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2013.02.20 18:13:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.20 18:12:59 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.10 15:55:30 | 000,012,288 | ---- | M] (Chris Pietschmann (hxxp://pietschsoft.com)) [Auto | Running] -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe -- (Virtual Router)
SRV - [2013.02.08 14:46:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.08 02:36:12 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.11.28 17:33:52 | 000,023,552 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Program Files (x86)\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2012.10.26 09:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012.10.05 10:08:42 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012.01.22 23:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.07.22 07:49:26 | 000,511,920 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\SysWOW64\cjpcsc.exe -- (cjpcsc)
SRV - [2011.03.02 10:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.08.11 07:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.05.28 10:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.04.19 23:51:30 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.05 09:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.03.05 09:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.06 07:56:10 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.12.17 01:51:10 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.12.17 01:51:08 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.12.17 01:51:08 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.12.17 01:51:08 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.12.17 01:51:08 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.12.03 02:27:28 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe -- (QDLService2kSony)
SRV - [2009.11.04 06:39:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.04 06:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.10.29 01:54:00 | 000,312,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OneClickInternet\WTGService.exe -- (WTGService)
SRV - [2009.09.28 02:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.09.04 16:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.08.30 18:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.30 18:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 04:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.12.08 08:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.09.05 11:10:00 | 000,136,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
SRV - [2006.01.19 10:29:52 | 002,041,536 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.20 18:14:24 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.20 18:14:23 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.04 09:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011.03.29 10:50:26 | 000,034,672 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cjusb.sys -- (cjusb)
DRV:64bit: - [2011.03.11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 08:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 08:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 06:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 06:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.05.31 11:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010.05.20 14:13:28 | 000,034,840 | ---- | M] (Colasoft Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSN5PDTS82x64.sys -- (CSN5PDTS82x64)
DRV:64bit: - [2010.04.19 20:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010.03.03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.06 00:05:17 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.01.29 01:37:46 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.12.17 15:09:29 | 000,293,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2009.12.17 15:06:59 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.03 01:47:44 | 000,240,640 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbnetsny2k.sys -- (qcusbnetsny2k)
DRV:64bit: - [2009.12.03 01:47:44 | 000,121,216 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbserSny2k.sys -- (qcusbsersny2k)
DRV:64bit: - [2009.12.03 01:47:44 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcfilterSny2k.sys -- (qcfilterSny2k)
DRV:64bit: - [2009.12.02 15:02:50 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.11.18 15:09:45 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 15:09:44 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 15:09:44 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 15:09:43 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 15:09:14 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.06 15:31:27 | 000,076,800 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.11.06 15:31:18 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.09.17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.20 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009.07.13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {4A3CA983-CA40-42E1-9EA3-90FDAFD06257}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4A3CA983-CA40-42E1-9EA3-90FDAFD06257}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE376
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6CCEEA73-FFA5-4F30-A3FC-EE7D66389415}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{A9D75C31-CBC1-40EF-8849-ABCBBB19569F}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{EC9E7945-DF16-420C-B3D3-B5D24E972ABF}: "URL" = hhxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7BD9A7CBEC-DE1A-444f-A092-844461596C4D%7D:5.0
FF - prefs.js..extensions.enabledAddons: plugin%40selectionlinks.com:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.08 14:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.20 19:59:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird2\components [2012.12.31 10:23:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird2\plugins [2013.02.20 19:59:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.20 01:55:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.02.20 01:55:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.08 14:46:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.20 19:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.20 01:55:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.02.20 01:55:30 | 000,000,000 | ---D | M]
 
[2011.03.18 20:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Extensions
[2010.10.28 09:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.18 20:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.12.21 10:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\qy2j5vdv.default\extensions
[2012.12.14 09:30:53 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\qy2j5vdv.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2012.12.21 10:08:51 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\qy2j5vdv.default\extensions\plugin@selectionlinks.com
[2013.02.08 14:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.08 14:46:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 17:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 17:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 17:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 17:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 17:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 17:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.04.26 16:04:12 | 000,000,861 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll (IE7Pro.com)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (SelectionLinksBHO Class) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - C:\Program Files (x86)\OApps\SelectionLinks.dll (SelectionLinks)
O2 - BHO: (FoxyProxy Internet Explorer Add-on) - {5D4A582E-1F8B-4b0d-93F6-0FAA20B5B95D} - C:\ProgramData\fpie\FoxyProxyAdd-on.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (United MileagePlus Shopping Assistant) - {89867A4A-BDEE-4259-964A-B8E87C4892F3} - C:\Program Files (x86)\United MileagePlus Shopping Assistant\UnitedMPSIE.dll (Billeo, Inc.)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\IEPro\IEProRecorder.dll ()
O3 - HKLM\..\Toolbar: (United MileagePlus Shopping Assistant) - {EF91116F-DE92-4286-9087-093085152182} - C:\Program Files (x86)\United MileagePlus Shopping Assistant\UnitedMPSIE.dll (Billeo, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\IEPro\IEProRecorder.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (United MileagePlus Shopping Assistant) - {EF91116F-DE92-4286-9087-093085152182} - C:\Program Files (x86)\United MileagePlus Shopping Assistant\UnitedMPSIE.dll (Billeo, Inc.)
O4:64bit: - HKLM..\Run: [ApplyEsf-eDocPrintPro] "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] c:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BirdieSync] C:\Program Files (x86)\BirdieSync\BirdieSync.exe -minimized File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [SpeechExec Startup] C:\Program Files (x86)\Common Files\Philips Speech Shared\Components\PSP.SpeechExec.StartupApp.exe (Philips Austria GmbH - Speech Processing)
O4 - HKCU..\Run: [PureText] C:\Users\Max Mustermann\AppData\Local\Temp\_tc\PureText.exe (hxxp://www.SteveMiller.net)
O4 - HKCU..\Run: [SkypeNotifier] C:\Program Files (x86)\MAXA Notifier for Skype\SkypeNotifier.exe (MAXA Research Int'l Inc.)
O4 - HKCU..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_1_0 -reboot 1 File not found
O4 - HKCU..\Run: [VJqeiIpbxgLlY.exe] C:\ProgramData\VJqeiIpbxgLlY.exe File not found
O4 - HKCU..\Run: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (Xmarks.com)
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitcoin.lnk = C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe ()
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk = C:\Program Files (x86)\FastStone Capture\FSCapture.exe (FastStone Soft)
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: FoxyProxy - C:\ProgramData\fpie\FoxyProxyAdd-on.dll ()
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Zu Evernote 4 hinzufügen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: FoxyProxy - C:\ProgramData\fpie\FoxyProxyAdd-on.dll ()
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Zu Evernote 4 hinzufügen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: FoxyProxy - {5D4A582E-1F8B-4b0d-93F6-0FAA20B5B95D} - C:\ProgramData\fpie\FoxyProxyAdd-on.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05D709C7-3DCE-482D-A7C1-0E1374BBFE9F}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46C0F332-C448-430D-B84D-4FC4FEF99F71}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7B95E7D-FDE7-4ACD-9067-404E83E5322C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (c:\Program Files\Protector Suite\psqlpwd.dll) - c:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\Windows\SysWow64\PCANotify.dll (Symantec Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.20 19:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2013.02.20 19:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2013.02.20 18:17:08 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Roaming\Avira
[2013.02.20 18:15:45 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.20 18:15:45 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.20 18:15:45 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.20 18:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.20 18:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.20 01:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.02.19 10:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router
[2013.02.09 14:39:33 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Roaming\AdobeUM
[2013.02.08 14:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.08 11:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PlotSoft
[2013.02.08 11:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlotSoft
[2013.02.08 11:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
[2013.01.31 18:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013.01.31 18:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2013.01.30 01:24:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013.01.28 14:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sketch Drawer
[2013.01.28 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sketch Drawer
[2013.01.27 11:31:46 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\Evernote
[2013.01.25 19:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
[2013.01.25 06:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.25 06:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[4 C:\Users\Max Mustermann\Documents\*.tmp files -> C:\Users\Max Mustermann\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.21 03:32:51 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2013.02.21 03:24:47 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.21 03:24:47 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.21 03:21:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.21 02:59:16 | 000,000,000 | ---- | M] () -- C:\Users\Max Mustermann\defogger_reenable
[2013.02.21 02:36:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.21 00:21:05 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.20 20:38:31 | 001,646,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.20 20:38:31 | 000,713,264 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.20 20:38:31 | 000,663,508 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.20 20:38:31 | 000,154,420 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.20 20:38:31 | 000,124,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.20 20:34:16 | 000,001,054 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitcoin.lnk
[2013.02.20 20:31:58 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2013.02.20 20:31:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.20 20:31:50 | 277,209,087 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.20 20:01:03 | 000,467,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.20 19:03:02 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2013.02.20 18:15:47 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.20 18:14:24 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.20 18:14:23 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.20 18:14:22 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.20 17:59:23 | 000,000,168 | ---- | M] () -- C:\ProgramData\VJqeiIpbxgLlY
[2013.02.20 17:56:44 | 000,000,160 | ---- | M] () -- C:\ProgramData\-VJqeiIpbxgLlY
[2013.02.20 17:41:40 | 000,000,184 | ---- | M] () -- C:\ProgramData\-VJqeiIpbxgLlYr
[2013.02.20 15:26:54 | 000,002,270 | ---- | M] () -- C:\Users\Max Mustermann\Documents\Default.rdp
[2013.02.19 10:53:47 | 000,002,619 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
[2013.02.19 10:38:47 | 000,000,127 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013.02.12 05:34:19 | 000,000,000 | ---- | M] () -- C:\Users\Max Mustermann\Documents\Nuance Image Printer Writer Port
[2013.02.09 15:54:51 | 000,009,252 | ---- | M] () -- C:\test.xml
[2013.02.09 14:48:39 | 000,001,550 | ---- | M] () -- C:\Users\Public\Documents\AcPro7_1_0.ini
[2013.02.09 14:48:02 | 000,000,095 | ---- | M] () -- C:\Users\Public\Documents\AcPro7_1_0.sta
[2013.02.09 14:47:39 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2013.02.08 11:42:32 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\PDFill PDF Editor.lnk
[2013.02.08 11:42:32 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk
[2013.02.08 11:42:32 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\PDFill PDF Writer (Free).lnk
[2013.02.08 07:15:10 | 000,000,988 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Sketch Drawer.lnk
[2013.01.31 20:41:09 | 000,051,840 | ---- | M] () -- C:\Users\Max Mustermann\Documents\v_ktt.de.rtf
[2013.01.31 12:04:10 | 000,000,000 | ---- | M] () -- C:\END
[2013.01.27 11:39:56 | 000,001,112 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
[2013.01.27 11:33:36 | 000,001,127 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2013.01.27 11:29:05 | 000,000,932 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Evernote.lnk
[2013.01.25 06:47:34 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.23 12:50:47 | 000,020,480 | ---- | M] () -- C:\Users\Max Mustermann\Documents\delphian.zdp
[4 C:\Users\Max Mustermann\Documents\*.tmp files -> C:\Users\Max Mustermann\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.21 02:59:16 | 000,000,000 | ---- | C] () -- C:\Users\Max Mustermann\defogger_reenable
[2013.02.20 20:31:58 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2013.02.20 20:30:03 | 000,002,619 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
[2013.02.20 20:30:03 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.02.20 20:30:03 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2013.02.20 20:30:03 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0.lnk
[2013.02.20 20:30:03 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2013.02.20 20:30:03 | 000,002,447 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
[2013.02.20 20:30:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2013.02.20 20:30:03 | 000,002,254 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2013.02.20 20:30:03 | 000,002,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 7.0.lnk
[2013.02.20 20:30:03 | 000,002,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO-Support für Übertragungen.lnk
[2013.02.20 20:30:03 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2013.02.20 20:30:03 | 000,002,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013.02.20 20:30:03 | 000,002,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk
[2013.02.20 20:30:03 | 000,002,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2013.02.20 20:30:03 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013.02.20 20:30:03 | 000,002,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013.02.20 20:30:03 | 000,002,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Media plus.lnk
[2013.02.20 20:30:03 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
[2013.02.20 20:30:03 | 000,001,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync Manager.lnk
[2013.02.20 20:30:03 | 000,001,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Documentation.lnk
[2013.02.20 20:30:03 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.02.20 20:30:03 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2013.02.20 20:30:03 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.02.20 20:30:03 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2013.02.20 20:30:03 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.02.20 20:30:03 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2013.02.20 20:30:03 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2013.02.20 20:30:03 | 000,001,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UnitedMPS.lnk
[2013.02.20 20:30:03 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXA Notifier for Skype.lnk
[2013.02.20 20:30:03 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 7.0.lnk
[2013.02.20 20:30:03 | 000,001,065 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO-Wiederherstellungscenter.lnk
[2013.02.20 20:30:03 | 000,001,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Premium Partners.lnk
[2013.02.20 20:30:03 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.02.20 20:30:03 | 000,000,984 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk
[2013.02.20 20:30:03 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013.02.20 19:49:05 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.20 19:49:05 | 000,002,374 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.20 19:49:05 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2013.02.20 19:49:05 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\PDFill PDF Editor.lnk
[2013.02.20 19:49:05 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.20 19:49:05 | 000,002,061 | ---- | C] () -- C:\Users\Public\Desktop\DPMAdirekt Desktop.lnk
[2013.02.20 19:49:05 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\SugarSync Manager.lnk
[2013.02.20 19:49:05 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2013.02.20 19:49:05 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.20 19:49:05 | 000,001,308 | ---- | C] () -- C:\Users\Public\Desktop\iPhone Backup Extractor.lnk
[2013.02.20 19:49:05 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.02.20 19:49:05 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.20 19:49:05 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\cyberJack Gerätemanager,  Funktionstest.lnk
[2013.02.20 19:49:05 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2013.02.20 19:49:05 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk
[2013.02.20 19:49:05 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Capture.lnk
[2013.02.20 19:49:05 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Exact Audio Copy.lnk
[2013.02.20 19:49:05 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\PDFill PDF Writer (Free).lnk
[2013.02.20 19:49:05 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\No23 Recorder.lnk
[2013.02.20 19:49:05 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2013.02.20 19:03:02 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2013.02.20 18:58:34 | 000,001,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2013.02.20 17:41:40 | 000,000,184 | ---- | C] () -- C:\ProgramData\-VJqeiIpbxgLlYr
[2013.02.20 17:41:40 | 000,000,160 | ---- | C] () -- C:\ProgramData\-VJqeiIpbxgLlY
[2013.02.20 17:41:38 | 000,000,168 | ---- | C] () -- C:\ProgramData\VJqeiIpbxgLlY
[2013.02.19 10:38:47 | 000,000,127 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2013.02.09 14:48:40 | 000,001,550 | ---- | C] () -- C:\Users\Public\Documents\AcPro7_1_0.ini
[2013.02.09 14:48:40 | 000,000,095 | ---- | C] () -- C:\Users\Public\Documents\AcPro7_1_0.sta
[2013.01.31 20:34:03 | 000,051,840 | ---- | C] () -- C:\Users\Max Mustermann\Documents\v_ktt.de.rtf
[2013.01.31 12:04:09 | 000,000,000 | ---- | C] () -- C:\END
[2013.01.28 14:40:16 | 000,000,988 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Sketch Drawer.lnk
[2013.01.27 11:39:56 | 000,001,112 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
[2013.01.27 11:33:36 | 000,001,127 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2013.01.27 11:29:05 | 000,000,932 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Evernote.lnk
[2013.01.23 12:50:50 | 000,020,480 | ---- | C] () -- C:\Users\Max Mustermann\Documents\delphian.zdp
[2012.12.17 15:58:40 | 000,000,000 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\wklnhst.dat
[2012.09.14 03:59:15 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.03.24 20:41:17 | 000,000,288 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\.backup.dm
[2011.11.08 00:32:29 | 000,000,000 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\{5F1DD325-5A67-4DC4-9821-390D7457A532}
[2011.11.03 22:29:36 | 000,000,000 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\{7AE6E0C5-0F43-498B-A3AF-E53C3D747E7E}
[2011.10.24 22:18:12 | 007,678,740 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\census.cache
[2011.10.24 22:15:44 | 000,133,215 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\ars.cache
[2011.10.24 11:54:36 | 000,000,036 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\housecall.guid.cache
[2011.09.13 15:55:35 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2011.09.13 15:55:29 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2011.09.13 15:55:29 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2011.09.11 16:00:25 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2011.06.29 17:51:47 | 000,000,000 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\{B54C9B80-D662-4574-9297-7AB127B58B72}
[2011.05.22 13:15:11 | 000,001,974 | ---- | C] () -- C:\Users\Max Mustermann\Default.rdp
[2011.04.20 10:11:59 | 000,145,920 | ---- | C] () -- C:\Windows\see32.dll
[2011.03.22 16:51:20 | 000,005,120 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.31 15:16:55 | 000,000,600 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\PUTTY.RND
[2010.07.05 00:50:03 | 000,007,674 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2476053136-1873075345-53563557-1003\$f1b2ebf8afe27e5adc9826a56ba2d4e6\n. -- File not found
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.04.20 08:24:26 | 000,000,000 | -HSD | M] -- C:\Users\Max Mustermann\AppData\Roaming\.#
[2011.04.27 12:22:37 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Amazon
[2012.11.23 19:33:22 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Audacity
[2010.05.22 15:40:45 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Auslogics
[2012.07.26 16:00:26 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\BirdieSync
[2013.02.20 20:33:20 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Bitcoin
[2012.04.10 19:21:07 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Colasoft Capsa 7 - Professional Edition
[2012.04.12 17:25:16 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Colasoft MAC Scanner
[2012.04.13 16:02:26 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Colasoft Packet Builder
[2011.09.13 15:47:16 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\D-TRUST Card Assistant
[2012.01.01 09:15:09 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\EAC
[2011.11.08 15:30:42 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\GHISLER
[2013.02.08 18:22:47 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\gnupg
[2012.06.10 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\GoodSync
[2011.01.30 17:30:52 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\GrabPro
[2012.11.07 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\iScreensaver
[2011.02.02 20:12:34 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\MiniDm
[2010.06.23 08:16:09 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\OpenOffice.org
[2011.01.06 19:25:54 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\PC-FAX TX
[2010.06.22 06:40:02 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Philips Speech
[2010.04.20 00:16:08 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Protector Suite
[2011.01.09 08:47:46 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\ScanSoft
[2012.01.09 22:40:59 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\TeamViewer
[2010.10.28 09:56:34 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Thunderbird
[2010.08.03 15:37:08 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\TightVNC
[2011.05.02 20:45:14 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Titanium
[2011.03.18 20:56:28 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\TomTom
[2011.01.09 08:47:49 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1084 bytes -> C:\Users\Max Mustermann\Documents\po1.prg:medfileparm
@Alternate Data Stream - 1084 bytes -> C:\Users\Max Mustermann\Desktop\UniForum:medfileparm

< End of report >
--- --- ---
Geändert von PETERMUELLER (21.02.2013 um 10:01 Uhr)

 

Themen zu Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner
absolute, acrobat, avira, dateien, eingefangen, files, forged physical sector, hijack.trojan.siredef.c, neuen, notebook, plug-in, plötzlich, preferences, problem, pum.disabled.securitycenter, pup.facethemes, rechner, recycle.bin, rootkit.alureon.f.vbr, sichtbar, system, tools, trojaner, updates, verschwunden, version, visual studio, wajam, wiederherstellen, wissens


« Trojaner Problem | Toshiba Satellite C675D Laptop laeuft unrund/ruckelig, Performance Probleme Win 7 »


Ähnliche Themen: Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner


  1. Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem?
    Log-Analyse und Auswertung - 16.11.2014 (21)
  2. System repair wizard trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (13)
  3. Ich brauche Unterstützung bei der Bekämpfung von "System Repair"
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (42)
  4. Netbook kann nicht von USB-Stick booten (zwecks formatieren) "Invalid system disk"
    Alles rund um Windows - 12.11.2012 (14)
  5. "Alle Programme" leer in Windows 7 nach S.M.A.R.T Repair Trojaner Befall
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (11)
  6. "system error. hard disk failure detected" sämtliche daten gelöscht
    Log-Analyse und Auswertung - 25.05.2012 (29)
  7. Virus "System Error. Hard disk failure detected"
    Log-Analyse und Auswertung - 17.05.2012 (39)
  8. Lautstärke-Trojaner nach System Recovery nicht verschwunden
    Log-Analyse und Auswertung - 29.02.2012 (12)
  9. Sicherheitscenter und Defender Dienste verschwunden nach Befall von "Win 7 Home Security 2012"
    Plagegeister aller Art und deren Bekämpfung - 16.01.2012 (7)
  10. Trojaner "System Repair" in Windows Vista wirklich entfernt?
    Log-Analyse und Auswertung - 18.12.2011 (82)
  11. System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden
    Log-Analyse und Auswertung - 10.12.2011 (20)
  12. Trojaner "System Repair, P1kAIMiG2Kb7Fz.exe", Desktop Schwarz, Programme und Dokumente weg
    Log-Analyse und Auswertung - 31.08.2011 (5)
  13. Trojaner System Repair
    Log-Analyse und Auswertung - 02.08.2011 (22)
  14. Windows Fix Disk - Bestehende Probleme nach "Entfernung"
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (18)
  15. "Windows Fix Disk"-Problem und alle Daten und Programme scheinbar verschwunden
    Plagegeister aller Art und deren Bekämpfung - 15.04.2011 (4)
  16. Nach Malewarescann - Win7 "Minianwendungen" verschwunden :(
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (1)
  17. Disk Boot Failure, Insert System Disk and Press Enter
    Alles rund um Windows - 23.07.2006 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner - Hi, Ich bin zurzeit auf Geschäftsreise weit weit weg von zu Hause und habe daher nicht meine gewohnten Tools etc. Ich benötige mein Notebook extrem dringend. Ich bin Softwareentwickler und - Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner...
Archiv
Du betrachtest: Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131