Hallo,

also ich hatte letztens so nen Virus aufm Laptop und kurze Zeit später fiel mir dann auf, dass das Sicherheitscenter unten rechts in der Taskleiste nicht mehr aufgeführt wird. Manuell starten lässt es sich auch nicht, denn dann kommt "Der Windows-Sicherheitsdienst kann nicht gestartet werden". Wenn ich dann bei Diensten nach diesem speziellen Dienst suche, wird dieser nicht einmal mehr aufgeführt. Ich hoffe ihr könnt mir weiter helfen. Vielen Dank im voraus.

Hier noch die Logfiles von HJTScanlist, Malwarebytes, HiJackThis und CCleaner.
Bei HijackThis entfernte ich schon die "mctadmin"-Einträge. Und auch bei Malwarebytes führte ich die Säuberungen durch.

Code: Alles auswählenAufklappen

ATTFilter

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.1.7601]
 
 
C:

  24.02.2013 12:23     C:\Program Files (x86) --------- 20480   
  24.02.2013 12:22     C:\ProgramData --------- 12288   
  24.02.2013 12:22     C:\END --------- 0   
  24.02.2013 12:12     C:\test.log --------- 294   
       C:\pagefile.sys ---------    
       C:\hiberfil.sys ---------    
  24.02.2013 12:10     C:\Windows --------- 32768   
  23.02.2013 23:40     C:\Program Files --------- 12288   
  23.02.2013 22:55     C:\Users --------- 4096   
  17.02.2013 20:30     C:\AILog.txt --------- 0   
  17.02.2013 02:35     C:\System Volume Information --------- 16384   
  14.02.2013 19:29     C:\Downloads --------- 0   
  14.09.2012 15:28     C:\temp --------- 0   
  17.01.2012 20:48     C:\MSOCache --------- 0   
  20.12.2011 14:10     C:\NVIDIA --------- 0   
  27.09.2011 14:20     C:\$Recycle.Bin --------- 0   
  16.09.2011 16:27     C:\Recovery --------- 0   
  16.09.2011 16:27     C:\Programme --------- 0   
  16.09.2011 16:27     C:\Dokumente und Einstellungen --------- 0   
  13.09.2011 04:46     C:\windiag --------- 0   
  30.03.2010 08:36     C:\found.000 --------- 0   
  15.12.2009 08:49     C:\Setup.log --------- 166   
  15.12.2009 08:19     C:\RHDSetup.log --------- 2144   
  15.12.2009 08:17     C:\Intel --------- 0   
  14.07.2009 06:08     C:\Documents and Settings --------- 0   
  14.07.2009 04:20     C:\PerfLogs --------- 0   
----------------------------------------

 
C:\windows

  24.02.2013 12:16     C:\windows\WindowsUpdate.log --------- 1257931   
  24.02.2013 12:10     C:\windows\setupact.log --------- 6527   
  24.02.2013 12:10     C:\windows\bootstat.dat --------- 67584   
  24.02.2013 01:40     C:\windows\PFRO.log --------- 2262   
  23.02.2013 23:40     C:\windows\epplauncher.mif --------- 1912   
  15.01.2013 20:35     C:\windows\setuperr.log --------- 0   
  11.02.2012 07:36     C:\windows\splwow64.exe --------- 67072   
  25.12.2011 14:33     C:\windows\VobEdit.INI --------- 133   
  25.12.2011 13:45     C:\windows\IfoEdit.INI --------- 280   
  13.09.2011 03:02     C:\windows\win.ini --------- 717   
  25.02.2011 07:19     C:\windows\explorer.exe --------- 2871808   
  20.11.2010 14:24     C:\windows\bfsvc.exe --------- 71168   
  20.11.2010 13:21     C:\windows\twain_32.dll --------- 51200   
  15.12.2009 09:04     C:\windows\Csup.txt --------- 10   
  15.12.2009 08:15     C:\windows\HotFixList.ini --------- 2   
  20.11.2009 10:17     C:\windows\R-series.bmp --------- 480056   
  20.11.2009 09:39     C:\windows\R-series.c1 --------- 673   
  20.11.2009 09:39     C:\windows\R-series.c3 --------- 673   
  20.11.2009 09:39     C:\windows\R-series.ico --------- 10446   
  20.11.2009 05:56     C:\windows\R-series.swf --------- 10478708   
  16.11.2009 08:27     C:\windows\Crystal Delight.scr --------- 19480587   
  10.11.2009 02:32     C:\windows\surbey.ico --------- 562718   
  17.09.2009 20:00     C:\windows\SetLCDStretchMode.exe --------- 345600   
  19.08.2009 02:16     C:\windows\RtlExUpd.dll --------- 831488   
  14.07.2009 05:54     C:\windows\WindowsShell.Manifest --------- 749   
  14.07.2009 02:39     C:\windows\write.exe --------- 10240   
  14.07.2009 02:39     C:\windows\regedit.exe --------- 427008   
  14.07.2009 02:39     C:\windows\notepad.exe --------- 193536   
  14.07.2009 02:39     C:\windows\HelpPane.exe --------- 733696   
  14.07.2009 02:39     C:\windows\hh.exe --------- 16896   
  14.07.2009 02:39     C:\windows\fveupdate.exe --------- 15360   
  14.07.2009 02:14     C:\windows\winhlp32.exe --------- 9728   
  14.07.2009 02:14     C:\windows\twunk_32.exe --------- 31232   
  14.07.2009 00:06     C:\windows\mib.bin --------- 43131   
  10.06.2009 22:41     C:\windows\twunk_16.exe --------- 49680   
  10.06.2009 22:41     C:\windows\twain.dll --------- 94784   
  10.06.2009 22:08     C:\windows\system.ini --------- 219   
  10.06.2009 21:52     C:\windows\WMSysPr9.prx --------- 316640   
  10.06.2009 21:36     C:\windows\msdfmap.ini --------- 1405   
  10.06.2009 21:31     C:\windows\Starter.xml --------- 48201   
  10.06.2009 21:30     C:\windows\HomePremium.xml --------- 48265   
  10.06.2009 21:30     C:\windows\HomeBasic.xml --------- 48223   
  15.04.2009 03:21     C:\windows\SetDisplayResolution.exe --------- 307200   
  19.12.2008 20:04     C:\windows\SetDisplayResolutionDT.xml --------- 3282   
  19.12.2008 20:04     C:\windows\SetDisplayResolutionNP.xml --------- 3282   
  20.02.2008 08:50     C:\windows\R-series.scr --------- 903680   
  20.02.2008 08:49     C:\windows\R-series.exe --------- 495104   
  14.11.2007 08:13     C:\windows\Reseal64.exe --------- 423936   
  09.11.2006 23:31     C:\windows\Samsung.png --------- 16018   
  24.10.2006 09:06     C:\windows\R-series.c4 --------- 639   
  08.10.2006 11:33     C:\windows\R-series.ini --------- 0   
  17.12.1999 07:13     C:\windows\unvise32.exe --------- 86016   
----------------------------------------

 
C:\windows\System

 21.09.1994 00:00      C:\windows\System\Wing32.dll --------- 12800 
----------------------------------------

 
C:\windows\System32

 24.02.2013 12:18     C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 13936  
 24.02.2013 12:18     C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 13936  
 24.02.2013 12:26     C:\windows\system32\config --------- 28672  
 24.02.2013 05:32     C:\windows\system32\FNTCACHE.DAT --------- 389920  
 24.02.2013 05:30     C:\windows\system32\migration --------- 0  
 24.02.2013 05:30     C:\windows\system32\drivers --------- 65536  
 24.02.2013 02:30     C:\windows\system32\MRT.exe --------- 70004024  
 24.02.2013 02:28     C:\windows\system32\perfh009.dat --------- 616242  
 24.02.2013 02:28     C:\windows\system32\perfc009.dat --------- 106622  
 24.02.2013 02:28     C:\windows\system32\perfc007.dat --------- 130240  
 24.02.2013 02:28     C:\windows\system32\perfh007.dat --------- 654400  
 24.02.2013 02:28     C:\windows\system32\PerfStringBackup.INI --------- 1520734  
 23.02.2013 23:16     C:\windows\system32\catroot --------- 4096  
 23.02.2013 22:58     C:\windows\system32\catroot2 --------- 40960  
 23.02.2013 22:56     C:\windows\system32\DriverStore --------- 4096  
 10.02.2013 04:25     C:\windows\system32\nvd3dumx.dll --------- 17987192  
 10.02.2013 04:25     C:\windows\system32\nvdispco6420294.dll --------- 1807136  
 10.02.2013 04:25     C:\windows\system32\nvcuda.dll --------- 9422672  
 10.02.2013 04:25     C:\windows\system32\nvinfo.pb --------- 17738  
 10.02.2013 04:25     C:\windows\system32\nvcompiler.dll --------- 25256736  
 10.02.2013 04:25     C:\windows\system32\nvcuvenc.dll --------- 2350368  
 10.02.2013 04:25     C:\windows\system32\nvoglv64.dll --------- 26947360  
 10.02.2013 04:25     C:\windows\system32\nvcuvid.dll --------- 2911008  
 10.02.2013 04:25     C:\windows\system32\nvdispgenco6420162.dll --------- 1510176  
 10.02.2013 04:25     C:\windows\system32\nvopencl.dll --------- 7569184  
 10.02.2013 04:25     C:\windows\system32\nvapi64.dll --------- 2854344  
 10.02.2013 04:25     C:\windows\system32\nvwgf2umx.dll --------- 15275744  
 10.02.2013 02:04     C:\windows\system32\nvsvc64.dll --------- 3472672  
 10.02.2013 02:04     C:\windows\system32\nvcpl.dll --------- 6393120  
 10.02.2013 02:04     C:\windows\system32\nvvsvc.exe --------- 877856  
 10.02.2013 02:04     C:\windows\system32\nvsvcr.dll --------- 2555680  
 10.02.2013 02:04     C:\windows\system32\nvshext.dll --------- 63776  
 10.02.2013 02:04     C:\windows\system32\nvmctray.dll --------- 237856  
 30.01.2013 11:53     C:\windows\system32\MpSigStub.exe --------- 273840  
 09.01.2013 00:08     C:\windows\system32\de-DE --------- 262144  
 08.01.2013 06:40     C:\windows\system32\mshtmled.dll --------- 97792  
 05.01.2013 06:53     C:\windows\system32\ntoskrnl.exe --------- 5553512  
 04.01.2013 06:46     C:\windows\system32\winsrv.dll --------- 215040  
 04.01.2013 04:26     C:\windows\system32\win32k.sys --------- 3153408  
 20.12.2012 14:59     C:\windows\system32\wininet.dll --------- 1188864  
 20.12.2012 14:59     C:\windows\system32\urlmon.dll --------- 1492992  
 20.12.2012 14:59     C:\windows\system32\url.dll --------- 134144  
 20.12.2012 14:56     C:\windows\system32\mshtml.dll --------- 9058304  
 20.12.2012 14:56     C:\windows\system32\msfeeds.dll --------- 735744  
 20.12.2012 14:55     C:\windows\system32\jsproxy.dll --------- 64512  
 20.12.2012 14:55     C:\windows\system32\ieui.dll --------- 247808  
 20.12.2012 14:55     C:\windows\system32\iertutil.dll --------- 2458112  
 20.12.2012 14:55     C:\windows\system32\ieframe.dll --------- 12295168  
 20.12.2012 13:02     C:\windows\system32\mshtml.tlb --------- 1638912  
 19.12.2012 06:42     C:\windows\system32\nvhdap64.dll --------- 31672  
 18.12.2012 09:31     C:\windows\system32\nvhdagenco6420103.dll --------- 1510328  
 16.12.2012 18:11     C:\windows\system32\atmlib.dll --------- 46080  
 16.12.2012 15:45     C:\windows\system32\atmfd.dll --------- 367616  
 07.12.2012 14:20     C:\windows\system32\Wpc.dll --------- 441856  
 07.12.2012 14:15     C:\windows\system32\gameux.dll --------- 2746368  
 07.12.2012 12:20     C:\windows\system32\usk.rs --------- 30720  
 07.12.2012 12:20     C:\windows\system32\csrr.rs --------- 43520  
 07.12.2012 12:20     C:\windows\system32\oflc.rs --------- 23552  
 07.12.2012 12:20     C:\windows\system32\oflc-nz.rs --------- 45568  
 07.12.2012 12:20     C:\windows\system32\pegi-fi.rs --------- 20480  
 07.12.2012 12:20     C:\windows\system32\pegibbfc.rs --------- 44544  
 07.12.2012 12:20     C:\windows\system32\pegi-pt.rs --------- 20480  
 07.12.2012 12:19     C:\windows\system32\pegi.rs --------- 20480  
 07.12.2012 12:19     C:\windows\system32\fpb.rs --------- 46592  
 07.12.2012 12:19     C:\windows\system32\djctq.rs --------- 15360  
 07.12.2012 12:19     C:\windows\system32\grb.rs --------- 21504  
 07.12.2012 12:19     C:\windows\system32\cob-au.rs --------- 40960  
 07.12.2012 12:19     C:\windows\system32\cero.rs --------- 55296  
 07.12.2012 12:19     C:\windows\system32\esrb.rs --------- 51712  
 30.11.2012 06:45     C:\windows\system32\wow64win.dll --------- 362496  
 30.11.2012 06:45     C:\windows\system32\wow64cpu.dll --------- 13312  
 30.11.2012 06:45     C:\windows\system32\wow64.dll --------- 243200  
 30.11.2012 06:43     C:\windows\system32\ntvdm64.dll --------- 16384  
 30.11.2012 06:41     C:\windows\system32\KernelBase.dll --------- 424448  
 30.11.2012 06:41     C:\windows\system32\kernel32.dll --------- 1161216  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll --------- 3072  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-security-base-l1-1-0.dll --------- 6144  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-util-l1-1-0.dll --------- 3072  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll --------- 4608  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll --------- 4096  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll --------- 4096  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-string-l1-1-0.dll --------- 3072  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll --------- 3584  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll --------- 3072  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll --------- 4608  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll --------- 3584  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll --------- 3584  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll --------- 3584  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll --------- 3584  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll --------- 4096  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll --------- 4096  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll --------- 3584  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-io-l1-1-0.dll --------- 3072  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll --------- 3584  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll --------- 3072  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll --------- 3072  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-file-l1-1-0.dll --------- 5120  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll --------- 3072  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll --------- 3072  
 30.11.2012 06:38     C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll --------- 3072  
----------------------------------------

 
C:\windows\Prefetch

 24.02.2013 12:28     C:\windows\Prefetch\CMD.EXE-0BD30981.pf --------- 7172  
 24.02.2013 12:27     C:\windows\Prefetch\CONHOST.EXE-0C6456FB.pf --------- 19700  
 24.02.2013 12:27     C:\windows\Prefetch\WINRAR.EXE-BA8CDB31.pf --------- 31858  
 24.02.2013 12:27     C:\windows\Prefetch\AVK.EXE-DB53F0E8.pf --------- 399878  
 24.02.2013 12:27     C:\windows\Prefetch\SEARCHFILTERHOST.EXE-44162447.pf --------- 20118  
 24.02.2013 12:27     C:\windows\Prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf --------- 46574  
 24.02.2013 12:27     C:\windows\Prefetch\FIREFOX.EXE-359C61A4.pf --------- 442576  
 24.02.2013 12:27     C:\windows\Prefetch\DLLHOST.EXE-E173F32A.pf --------- 135824  
 24.02.2013 12:27     C:\windows\Prefetch\THUNDERBIRD.EXE-69F6F4B4.pf --------- 149848  
 24.02.2013 12:27     C:\windows\Prefetch\PIDGIN.EXE-8C222CF4.pf --------- 227176  
 24.02.2013 12:25     C:\windows\Prefetch\FOOBAR2000.EXE-899D0564.pf --------- 102586  
 24.02.2013 12:25     C:\windows\Prefetch\TASKENG.EXE-35FA9C06.pf --------- 233388  
 24.02.2013 12:25     C:\windows\Prefetch\GOOGLEUPDATE.EXE-0E1E7B82.pf --------- 46810  
 24.02.2013 12:24     C:\windows\Prefetch\RUNDLL32.EXE-EB9F1AB4.pf --------- 194006  
 24.02.2013 12:24     C:\windows\Prefetch\WERMGR.EXE-F439C551.pf --------- 31630  
 24.02.2013 12:23     C:\windows\Prefetch\DLLHOST.EXE-1B239C31.pf --------- 22918  
 24.02.2013 12:23     C:\windows\Prefetch\AU_.EXE-933B346D.pf --------- 57452  
 24.02.2013 12:23     C:\windows\Prefetch\REGSVR32.EXE-B31EC963.pf --------- 23564  
 24.02.2013 12:23     C:\windows\Prefetch\DLLHOST.EXE-6FE41093.pf --------- 43244  
 24.02.2013 12:23     C:\windows\Prefetch\UNINSTALL.EXE-B3F0F389.pf --------- 25040  
 24.02.2013 12:23     C:\windows\Prefetch\DESKTOP.EXE-6503D411.pf --------- 77848  
 24.02.2013 12:22     C:\windows\Prefetch\EXINFO.EXE-203A584B.pf --------- 27898  
 24.02.2013 12:22     C:\windows\Prefetch\HJTSCANLIST.EXE-16EE552A.pf --------- 41734  
 24.02.2013 12:22     C:\windows\Prefetch\MISM.EXE-56B771DC.pf --------- 47736  
 24.02.2013 12:22     C:\windows\Prefetch\ISM.EXE-4A53D039.pf --------- 48150  
 24.02.2013 12:20     C:\windows\Prefetch\AUDIODG.EXE-AB22E9A6.pf --------- 88656  
 24.02.2013 12:20     C:\windows\Prefetch\FLASHPLAYERPLUGIN_11_5_502_14-9CE66719.pf --------- 42640  
 24.02.2013 12:20     C:\windows\Prefetch\PLUGIN-CONTAINER.EXE-6B605020.pf --------- 428938  
 24.02.2013 12:20     C:\windows\Prefetch\WMIPRVSE.EXE-E8B8DD29.pf --------- 102628  
 24.02.2013 12:20     C:\windows\Prefetch\NOTEPAD.EXE-032BB3D8.pf --------- 58190  
 24.02.2013 12:20     C:\windows\Prefetch\HIJACKTHIS204.EXE-3CC9FE52.pf --------- 39808  
 24.02.2013 12:20     C:\windows\Prefetch\TASKHOST.EXE-A0F5E092.pf --------- 1096374  
 24.02.2013 12:15     C:\windows\Prefetch\WMIADAP.EXE-BB21CD77.pf --------- 211378  
 24.02.2013 12:15     C:\windows\Prefetch\MBAM.EXE-493D9B94.pf --------- 108628  
 24.02.2013 12:14     C:\windows\Prefetch\REGSVR32.EXE-03D3FB87.pf --------- 25150  
 24.02.2013 12:14     C:\windows\Prefetch\WUAUCLT.EXE-5D573F0E.pf --------- 167208  
 24.02.2013 12:13     C:\windows\Prefetch\SPPSVC.EXE-96070FE0.pf --------- 31946  
 24.02.2013 12:13     C:\windows\Prefetch\DAEMONU.EXE-73AC4A81.pf --------- 45680  
 24.02.2013 12:13     C:\windows\Prefetch\MSCORSVW.EXE-16B291C4.pf --------- 204582  
 24.02.2013 12:13     C:\windows\Prefetch\MSCORSVW.EXE-8CE1A322.pf --------- 174582  
 24.02.2013 12:13     C:\windows\Prefetch\DLLHOST.EXE-F99091EF.pf --------- 69168  
 24.02.2013 12:13     C:\windows\Prefetch\DRSUPDATE.14956297_RUNASUSER.-600335B2.pf --------- 23408  
 24.02.2013 12:13     C:\windows\Prefetch\DBINSTALLER.EXE-E7FEEF0F.pf --------- 29238  
 24.02.2013 12:13     C:\windows\Prefetch\ReadyBoot --------- 4096  
 24.02.2013 12:12     C:\windows\Prefetch\CSC.EXE-0E09149C.pf --------- 41334  
 24.02.2013 12:12     C:\windows\Prefetch\CVTRES.EXE-F4BA0E72.pf --------- 14512  
 24.02.2013 12:12     C:\windows\Prefetch\SVCHOST.EXE-E52A3372.pf --------- 369656  
 24.02.2013 12:12     C:\windows\Prefetch\ICACLS.EXE-96ACDEBC.pf --------- 2214  
 24.02.2013 12:12     C:\windows\Prefetch\SEARCHINDEXER.EXE-1CF42BC6.pf --------- 100784  
 24.02.2013 12:12     C:\windows\Prefetch\RUNDLL32.EXE-F632BF02.pf --------- 14318  
 24.02.2013 12:12     C:\windows\Prefetch\NVTRAY.EXE-39D19720.pf --------- 34786  
 24.02.2013 12:12     C:\windows\Prefetch\SEARCHANONYMIZER.EXE-9EFE71C4.pf --------- 86884  
 24.02.2013 12:12     C:\windows\Prefetch\CMD.EXE-6D6290C5.pf --------- 14688  
 24.02.2013 12:12     C:\windows\Prefetch\RAVCPL64.EXE-4BB80510.pf --------- 13592  
 24.02.2013 05:34     C:\windows\Prefetch\AgGlFgAppHistory.db --------- 2096274  
 24.02.2013 05:34     C:\windows\Prefetch\AgGlFaultHistory.db --------- 722350  
 24.02.2013 05:34     C:\windows\Prefetch\AgGlGlobalHistory.db --------- 4351914  
 24.02.2013 05:34     C:\windows\Prefetch\AgRobust.db --------- 611056  
 24.02.2013 05:34     C:\windows\Prefetch\PfSvPerfStats.bin --------- 584  
 24.02.2013 05:33     C:\windows\Prefetch\SVCHOST.EXE-EBB13DE6.pf --------- 15376  
 24.02.2013 05:33     C:\windows\Prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf --------- 30314  
 24.02.2013 05:33     C:\windows\Prefetch\SVCHOST.EXE-BFD62F9A.pf --------- 16884  
 24.02.2013 05:33     C:\windows\Prefetch\SVCHOST.EXE-7AB41905.pf --------- 17322  
 24.02.2013 05:33     C:\windows\Prefetch\SVCHOST.EXE-282D6A34.pf --------- 19218  
 24.02.2013 05:33     C:\windows\Prefetch\SVCHOST.EXE-C02BA069.pf --------- 58574  
 24.02.2013 05:30     C:\windows\Prefetch\POQEXEC.EXE-567EE1A6.pf --------- 26004  
 24.02.2013 05:30     C:\windows\Prefetch\LOGONUI.EXE-F639BD7E.pf --------- 51776  
 24.02.2013 04:58     C:\windows\Prefetch\AgGlUAD_P_S-1-5-21-3322448490-314981258-3538992574-1001.db --------- 1031332  
 24.02.2013 04:58     C:\windows\Prefetch\AgGlUAD_S-1-5-21-3322448490-314981258-3538992574-1001.db --------- 1541526  
 24.02.2013 04:46     C:\windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-0129C0B2.pf --------- 24738  
 24.02.2013 04:16     C:\windows\Prefetch\Layout.ini --------- 882522  
 24.02.2013 02:53     C:\windows\Prefetch\SVCHOST.EXE-6D6FB3A1.pf --------- 603948  
 24.02.2013 02:46     C:\windows\Prefetch\MSIEXEC.EXE-CDBFC0F7.pf --------- 567482  
 24.02.2013 02:43     C:\windows\Prefetch\MSIEXEC.EXE-8FFB1633.pf --------- 440752  
 24.02.2013 01:57     C:\windows\Prefetch\WMPNSCFG.EXE-18FC9E64.pf --------- 51660  
 24.02.2013 01:39     C:\windows\Prefetch\NOTEPAD.EXE-C5670914.pf --------- 55464  
 23.02.2013 22:48     C:\windows\Prefetch\DRSUPDATE.13406784_RUNASUSER.-827DBA40.pf --------- 29422  
 22.02.2013 14:36     C:\windows\Prefetch\AgCx_SC4.db --------- 311071  
 10.11.2012 00:55     C:\windows\Prefetch\AgCx_SC2.db --------- 805029  
 14.08.2012 05:20     C:\windows\Prefetch\AgCx_SC1.db --------- 677092  
 14.08.2012 04:14     C:\windows\Prefetch\AgCx_SC1.db.trx --------- 178826  
 16.09.2011 16:25     C:\windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 533870  
 16.09.2011 16:25     C:\windows\Prefetch\AgAppLaunch.db --------- 334168  
----------------------------------------

 
C:\windows\Tasks

 24.02.2013 12:25     C:\windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1110  
 24.02.2013 12:11     C:\windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1106  
 24.02.2013 12:10     C:\windows\Tasks\SA.DAT --------- 6  
 24.02.2013 04:46     C:\windows\Tasks\Adobe Flash Player Updater.job --------- 884  
 21.12.2012 15:23     C:\windows\Tasks\SCHEDLGU.TXT --------- 32640  
----------------------------------------

 
C:\windows\Temp

 24.02.2013 12:27     C:\windows\Temp\_avast_ --------- 4096  
 24.02.2013 12:16     C:\windows\Temp\tmp000015bc --------- 0  
 24.02.2013 12:16     C:\windows\Temp\GDATA_Online_Update --------- 0  
 24.02.2013 12:11     C:\windows\Temp\lpksetup-20130224-121052-0.log --------- 3516  
 24.02.2013 05:32     C:\windows\Temp\lpksetup-20130224-053224-0.log --------- 3516  
 24.02.2013 01:56     C:\windows\Temp\lpksetup-20130224-015548-0.log --------- 3516  
 24.02.2013 01:40     C:\windows\Temp\lpksetup-20130224-014033-0.log --------- 3516  
 23.02.2013 23:39     C:\windows\Temp\MPTelemetrySubmit --------- 0  
 23.02.2013 23:31     C:\windows\Temp\MpCmdRun.log --------- 106098  
 23.02.2013 23:24     C:\windows\Temp\7668EFBA-83FC-436F-80DD-008A361A3B35-Sigs --------- 0  
 23.02.2013 23:24     C:\windows\Temp\MpSigStub.log --------- 27906  
 23.02.2013 22:59     C:\windows\Temp\lpksetup-20130223-225915-0.log --------- 3516  
 23.02.2013 22:46     C:\windows\Temp\lpksetup-20130223-224556-0.log --------- 3516  
 23.02.2013 17:33     C:\windows\Temp\lpksetup-20130223-173145-0.log --------- 3516  
 23.02.2013 13:40     C:\windows\Temp\lpksetup-20130223-133900-0.log --------- 3516  
 23.02.2013 04:00     C:\windows\Temp\lpksetup-20130223-035947-0.log --------- 3516  
 22.02.2013 22:47     C:\windows\Temp\HamachiSetup.log --------- 2383  
 22.02.2013 19:13     C:\windows\Temp\lpksetup-20130222-191334-0.log --------- 3516  
 22.02.2013 18:17     C:\windows\Temp\lpksetup-20130222-181609-0.log --------- 3516  
 22.02.2013 14:34     C:\windows\Temp\lpksetup-20130222-143402-0.log --------- 3516  
 21.02.2013 17:23     C:\windows\Temp\lpksetup-20130221-172340-0.log --------- 3516  
 20.02.2013 17:21     C:\windows\Temp\lpksetup-20130220-172052-0.log --------- 3516  
 19.02.2013 17:02     C:\windows\Temp\lpksetup-20130219-170202-0.log --------- 3516  
 18.02.2013 23:06     C:\windows\Temp\lpksetup-20130218-230621-0.log --------- 3516  
 18.02.2013 14:59     C:\windows\Temp\lpksetup-20130218-145943-0.log --------- 3516  
 17.02.2013 19:42     C:\windows\Temp\lpksetup-20130217-194233-0.log --------- 3516  
 17.02.2013 13:00     C:\windows\Temp\lpksetup-20130217-130035-0.log --------- 3516  
 16.02.2013 23:11     C:\windows\Temp\lpksetup-20130216-231126-0.log --------- 3516  
 16.02.2013 11:34     C:\windows\Temp\lpksetup-20130216-113347-0.log --------- 3516  
 15.02.2013 18:13     C:\windows\Temp\lpksetup-20130215-181323-0.log --------- 3516  
 15.02.2013 10:10     C:\windows\Temp\lpksetup-20130215-101012-0.log --------- 3516  
 14.02.2013 09:32     C:\windows\Temp\lpksetup-20130214-093224-0.log --------- 3516  
 14.02.2013 07:50     C:\windows\Temp\lpksetup-20130214-074921-0.log --------- 3516  
 13.02.2013 13:05     C:\windows\Temp\lpksetup-20130213-130518-0.log --------- 3516  
 12.02.2013 19:04     C:\windows\Temp\lpksetup-20130212-190435-0.log --------- 3516  
 12.02.2013 11:24     C:\windows\Temp\lpksetup-20130212-112403-0.log --------- 3516  
 12.02.2013 00:41     C:\windows\Temp\lpksetup-20130212-004117-0.log --------- 3516  
 11.02.2013 12:10     C:\windows\Temp\lpksetup-20130211-120943-0.log --------- 3516  
 10.02.2013 10:10     C:\windows\Temp\lpksetup-20130210-101036-0.log --------- 3516  
 09.02.2013 12:41     C:\windows\Temp\lpksetup-20130209-124121-0.log --------- 3516  
 08.02.2013 14:45     C:\windows\Temp\lpksetup-20130208-144416-0.log --------- 3516  
 07.02.2013 09:02     C:\windows\Temp\lpksetup-20130207-090136-0.log --------- 3516  
 07.02.2013 00:28     C:\windows\Temp\lpksetup-20130207-002815-0.log --------- 3516  
 06.02.2013 19:27     C:\windows\Temp\lpksetup-20130206-192721-0.log --------- 3516  
 06.02.2013 17:26     C:\windows\Temp\lpksetup-20130206-172630-0.log --------- 3516  
 06.02.2013 07:51     C:\windows\Temp\avk17D3.tmp --------- 0  
 06.02.2013 00:22     C:\windows\Temp\lpksetup-20130206-002211-0.log --------- 3516  
 06.02.2013 00:18     C:\windows\Temp\lpksetup-20130206-001740-0.log --------- 3516  
 06.02.2013 00:07     C:\windows\Temp\fwtsqmfile11.sqm --------- 608  
 05.02.2013 17:11     C:\windows\Temp\lpksetup-20130205-171134-0.log --------- 3516  
 04.02.2013 15:59     C:\windows\Temp\lpksetup-20130204-155919-0.log --------- 3516  
 03.02.2013 20:33     C:\windows\Temp\lpksetup-20130203-203334-0.log --------- 3516  
 03.02.2013 17:22     C:\windows\Temp\lpksetup-20130203-172112-0.log --------- 3516  
 03.02.2013 10:31     C:\windows\Temp\fwtsqmfile10.sqm --------- 608  
 03.02.2013 10:26     C:\windows\Temp\lpksetup-20130203-102614-0.log --------- 3516  
 02.02.2013 12:57     C:\windows\Temp\lpksetup-20130202-125549-0.log --------- 3508  
 02.02.2013 04:58     C:\windows\Temp\fwtsqmfile09.sqm --------- 608  
 02.02.2013 04:50     C:\windows\Temp\lpksetup-20130202-045008-0.log --------- 3516  
 02.02.2013 04:36     C:\windows\Temp\fwtsqmfile08.sqm --------- 608  
 01.02.2013 23:22     C:\windows\Temp\lpksetup-20130201-232131-0.log --------- 3516  
 01.02.2013 23:20     C:\windows\Temp\fwtsqmfile07.sqm --------- 608  
 01.02.2013 19:20     C:\windows\Temp\lpksetup-20130201-192036-0.log --------- 3516  
 01.02.2013 19:19     C:\windows\Temp\fwtsqmfile06.sqm --------- 608  
 01.02.2013 19:14     C:\windows\Temp\lpksetup-20130201-191339-0.log --------- 3516  
 01.02.2013 16:57     C:\windows\Temp\fwtsqmfile05.sqm --------- 608  
 01.02.2013 16:12     C:\windows\Temp\lpksetup-20130201-161217-0.log --------- 3516  
 31.01.2013 16:32     C:\windows\Temp\lpksetup-20130131-163219-0.log --------- 3516  
 31.01.2013 01:05     C:\windows\Temp\fwtsqmfile04.sqm --------- 608  
 30.01.2013 22:45     C:\windows\Temp\lpksetup-20130130-224447-0.log --------- 3516  
 29.01.2013 17:11     C:\windows\Temp\lpksetup-20130129-171119-0.log --------- 3516  
 29.01.2013 01:59     C:\windows\Temp\fwtsqmfile03.sqm --------- 608  
 29.01.2013 01:47     C:\windows\Temp\lpksetup-20130129-014738-0.log --------- 3516  
 28.01.2013 15:58     C:\windows\Temp\lpksetup-20130128-155806-0.log --------- 3516  
 28.01.2013 00:02     C:\windows\Temp\fwtsqmfile02.sqm --------- 608  
 27.01.2013 19:35     C:\windows\Temp\lpksetup-20130127-193522-0.log --------- 3516  
 27.01.2013 17:48     C:\windows\Temp\fwtsqmfile00.sqm --------- 608  
 27.01.2013 12:28     C:\windows\Temp\lpksetup-20130127-122729-0.log --------- 3516  
 27.01.2013 00:56     C:\windows\Temp\lpksetup-20130127-005508-0.log --------- 3516  
 27.01.2013 00:56     C:\windows\Temp\fwtsqmfile01.sqm --------- 608  
 26.01.2013 12:56     C:\windows\Temp\fwtsqmfile19.sqm --------- 608  
 26.01.2013 12:29     C:\windows\Temp\lpksetup-20130126-122916-0.log --------- 3516  
 26.01.2013 02:18     C:\windows\Temp\fwtsqmfile18.sqm --------- 608  
 26.01.2013 01:17     C:\windows\Temp\lpksetup-20130126-011722-0.log --------- 3516  
 25.01.2013 19:11     C:\windows\Temp\fwtsqmfile17.sqm --------- 608  
 25.01.2013 18:19     C:\windows\Temp\lpksetup-20130125-181847-0.log --------- 3516  
 25.01.2013 16:58     C:\windows\Temp\fwtsqmfile16.sqm --------- 608  
 25.01.2013 15:45     C:\windows\Temp\lpksetup-20130125-154451-0.log --------- 3516  
 24.01.2013 18:38     C:\windows\Temp\fwtsqmfile15.sqm --------- 608  
 24.01.2013 16:33     C:\windows\Temp\lpksetup-20130124-163327-0.log --------- 3516  
 23.01.2013 16:20     C:\windows\Temp\fwtsqmfile14.sqm --------- 608  
 23.01.2013 11:05     C:\windows\Temp\lpksetup-20130123-110421-0.log --------- 3516  
 23.01.2013 07:18     C:\windows\Temp\fwtsqmfile13.sqm --------- 608  
 23.01.2013 07:08     C:\windows\Temp\lpksetup-20130123-070827-0.log --------- 3516  
 22.01.2013 12:52     C:\windows\Temp\fwtsqmfile12.sqm --------- 608  
 22.01.2013 12:28     C:\windows\Temp\lpksetup-20130122-122821-0.log --------- 3516  
 22.01.2013 07:51     C:\windows\Temp\lpksetup-20130122-075121-0.log --------- 3516  
 21.01.2013 14:16     C:\windows\Temp\lpksetup-20130121-141542-0.log --------- 3508  
 20.01.2013 21:56     C:\windows\Temp\lpksetup-20130120-215505-0.log --------- 3516  
 20.01.2013 21:48     C:\windows\Temp\lpksetup-20130120-214746-0.log --------- 3516  
 20.01.2013 11:10     C:\windows\Temp\lpksetup-20130120-110924-0.log --------- 3516  
 19.01.2013 19:00     C:\windows\Temp\lpksetup-20130119-185950-0.log --------- 3516  
 19.01.2013 06:54     C:\windows\Temp\lpksetup-20130119-065410-0.log --------- 3516  
 18.01.2013 18:25     C:\windows\Temp\lpksetup-20130118-182429-0.log --------- 3516  
 17.01.2013 17:34     C:\windows\Temp\lpksetup-20130117-173416-0.log --------- 3516  
 16.01.2013 17:25     C:\windows\Temp\lpksetup-20130116-172458-0.log --------- 3516  
 15.01.2013 20:35     C:\windows\Temp\_avast5_ --------- 0  
 15.01.2013 20:35     C:\windows\Temp\lpksetup-20130115-203519-0.log --------- 3516  
 15.01.2013 17:32     C:\windows\Temp\lpksetup-20130115-173216-0.log --------- 3516  
----------------------------------------

 
C:\Users\tim_oO\AppData\Local\Temp

 24.02.2013 12:23     C:\Users\tim_oO\AppData\Local\Temp\~nsu.tmp --------- 0  
 24.02.2013 12:22     C:\Users\tim_oO\AppData\Local\Temp\acro_rd_dir --------- 4096  
 24.02.2013 12:22     C:\Users\tim_oO\AppData\Local\Temp\nspA46B.tmp --------- 4096  
 24.02.2013 12:22     C:\Users\tim_oO\AppData\Local\Temp\nspBE02.tmp --------- 0  
 24.02.2013 12:22     C:\Users\tim_oO\AppData\Local\Temp\ct2233703 --------- 0  
 24.02.2013 12:13     C:\Users\tim_oO\AppData\Local\Temp\izdd004o.1os --------- 9  
 24.02.2013 12:11     C:\Users\tim_oO\AppData\Local\Temp\WPDNSE --------- 0  
 24.02.2013 02:30     C:\Users\tim_oO\AppData\Local\Temp\KB2789642_20130224_022645521.html --------- 65210  
 24.02.2013 02:30     C:\Users\tim_oO\AppData\Local\Temp\KB2789642_20130224_022645521-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 30932976  
 24.02.2013 02:26     C:\Users\tim_oO\AppData\Local\Temp\KB2789642_10.0.30319 --------- 0  
 24.02.2013 02:26     C:\Users\tim_oO\AppData\Local\Temp\dd_clwireg.txt --------- 3017  
 24.02.2013 01:56     C:\Users\tim_oO\AppData\Local\Temp\teypaznk.qhv --------- 9  
 24.02.2013 01:40     C:\Users\tim_oO\AppData\Local\Temp\{19E8247B-C31B-4010-9B59-AF46CDF335C5} --------- 0  
 24.02.2013 00:04     C:\Users\tim_oO\AppData\Local\Temp\plugtmp-7 --------- 0  
 23.02.2013 23:40     C:\Users\tim_oO\AppData\Local\Temp\MpCmdRun.log --------- 1148  
 23.02.2013 23:24     C:\Users\tim_oO\AppData\Local\Temp\MPTelemetrySubmit --------- 0  
 23.02.2013 23:18     C:\Users\tim_oO\AppData\Local\Temp\msdtadmin --------- 0  
 23.02.2013 23:03     C:\Users\tim_oO\AppData\Local\Temp\GDATA_Online_Update --------- 0  
 23.02.2013 23:01     C:\Users\tim_oO\AppData\Local\Temp\441ibvsb.eti --------- 9  
 23.02.2013 22:46     C:\Users\tim_oO\AppData\Local\Temp\zthoreg0.ogn --------- 9  
 23.02.2013 22:33     C:\Users\tim_oO\AppData\Local\Temp\{9d3cb86d-0b1f-4b68-af5d-fbbf164324ee} --------- 0  
 23.02.2013 22:33     C:\Users\tim_oO\AppData\Local\Temp\{02478504-3a97-4d15-96c4-125f586ef3ae} --------- 0  
 23.02.2013 21:54     C:\Users\tim_oO\AppData\Local\Temp\plugtmp-6 --------- 0  
 23.02.2013 17:33     C:\Users\tim_oO\AppData\Local\Temp\bemtybw2.suy --------- 9  
 23.02.2013 13:40     C:\Users\tim_oO\AppData\Local\Temp\feoxf0tm.b15 --------- 9  
 23.02.2013 04:00     C:\Users\tim_oO\AppData\Local\Temp\zicydw4m.5gf --------- 9  
 22.02.2013 22:47     C:\Users\tim_oO\AppData\Local\Temp\HamachiSetup.log --------- 4212  
 22.02.2013 18:29     C:\Users\tim_oO\AppData\Local\Temp\WER5A30.tmp.resp.erc.xml --------- 0  
 22.02.2013 18:18     C:\Users\tim_oO\AppData\Local\Temp\wddpdkxz.bka --------- 9  
 22.02.2013 14:37     C:\Users\tim_oO\AppData\Local\Temp\zpz1lug4.fpx --------- 9  
 21.02.2013 17:26     C:\Users\tim_oO\AppData\Local\Temp\0ypgirvr.hjb --------- 9  
 20.02.2013 23:00     C:\Users\tim_oO\AppData\Local\Temp\plugtmp-5 --------- 0  
 20.02.2013 17:24     C:\Users\tim_oO\AppData\Local\Temp\eu1kodno.4uo --------- 9  
 19.02.2013 17:05     C:\Users\tim_oO\AppData\Local\Temp\1oq3xm2a.n0e --------- 9  
 18.02.2013 23:09     C:\Users\tim_oO\AppData\Local\Temp\12gpfppn.om0 --------- 9  
 18.02.2013 16:38     C:\Users\tim_oO\AppData\Local\Temp\nY990X+X.htm.part --------- 0  
 18.02.2013 15:02     C:\Users\tim_oO\AppData\Local\Temp\3x043h4d.k2f --------- 9  
 17.02.2013 19:45     C:\Users\tim_oO\AppData\Local\Temp\g3dw4f43.ksv --------- 9  
 17.02.2013 13:04     C:\Users\tim_oO\AppData\Local\Temp\x2tmy5bc.ixh --------- 9  
 16.02.2013 23:12     C:\Users\tim_oO\AppData\Local\Temp\mrwwd3hi.os1 --------- 9  
 16.02.2013 11:40     C:\Users\tim_oO\AppData\Local\Temp\vxtjffkg.pnk --------- 9  
 16.02.2013 01:22     C:\Users\tim_oO\AppData\Local\Temp\plugtmp-4 --------- 0  
 15.02.2013 18:22     C:\Users\tim_oO\AppData\Local\Temp\Blizzard --------- 0  
 15.02.2013 18:14     C:\Users\tim_oO\AppData\Local\Temp\2pw23m4o.idp --------- 9  
 15.02.2013 13:44     C:\Users\tim_oO\AppData\Local\Temp\hsperfdata_tim_oO --------- 0  
 15.02.2013 13:02     C:\Users\tim_oO\AppData\Local\Temp\plugtmp-3 --------- 0  
 14.02.2013 09:33     C:\Users\tim_oO\AppData\Local\Temp\irtwvbut.ukk --------- 9  
 12.02.2013 19:07     C:\Users\tim_oO\AppData\Local\Temp\0iel0xa4.0fo --------- 9  
 12.02.2013 11:26     C:\Users\tim_oO\AppData\Local\Temp\snrur0ys.10c --------- 9  
 12.02.2013 00:43     C:\Users\tim_oO\AppData\Local\Temp\ao3qcxll.egc --------- 9  
 11.02.2013 12:10     C:\Users\tim_oO\AppData\Local\Temp\bmxbeoly.k4d --------- 9  
 11.02.2013 01:56     C:\Users\tim_oO\AppData\Local\Temp\HouseCall --------- 0  
 11.02.2013 01:31     C:\Users\tim_oO\AppData\Local\Temp\HCLauncher.log --------- 6901  
 11.02.2013 01:31     C:\Users\tim_oO\AppData\Local\Temp\HCBackup --------- 0  
 10.02.2013 10:12     C:\Users\tim_oO\AppData\Local\Temp\ggwjmuez.daw --------- 9  
 09.02.2013 12:42     C:\Users\tim_oO\AppData\Local\Temp\3uwphvof.3j0 --------- 9  
 08.02.2013 14:45     C:\Users\tim_oO\AppData\Local\Temp\khzw2olk.uqp --------- 9  
 07.02.2013 09:02     C:\Users\tim_oO\AppData\Local\Temp\d0ecnplu.swh --------- 9  
 07.02.2013 00:31     C:\Users\tim_oO\AppData\Local\Temp\igfcdhur.s2t --------- 9  
 06.02.2013 19:29     C:\Users\tim_oO\AppData\Local\Temp\lxlxlabw.r3b --------- 9  
 06.02.2013 17:28     C:\Users\tim_oO\AppData\Local\Temp\nf3t03nr.bid --------- 9  
 06.02.2013 00:23     C:\Users\tim_oO\AppData\Local\Temp\AdobeARM.log --------- 34228  
 06.02.2013 00:19     C:\Users\tim_oO\AppData\Local\Temp\xgs1zn2m.20o --------- 9  
 05.02.2013 18:00     C:\Users\tim_oO\AppData\Local\Temp\MozillaMailnews --------- 0  
 05.02.2013 17:37     C:\Users\tim_oO\AppData\Local\Temp\ihp0l4gg.eq5 --------- 9  
 04.02.2013 16:02     C:\Users\tim_oO\AppData\Local\Temp\iuthg50a.hf2 --------- 9  
 03.02.2013 23:53     C:\Users\tim_oO\AppData\Local\Temp\plugtmp-2 --------- 0  
 03.02.2013 20:36     C:\Users\tim_oO\AppData\Local\Temp\0fgkwlsf.2zq --------- 9  
 03.02.2013 17:23     C:\Users\tim_oO\AppData\Local\Temp\qmq5uv1g.tq1 --------- 9  
 03.02.2013 10:27     C:\Users\tim_oO\AppData\Local\Temp\0vnqtzpo.1yn --------- 9  
 02.02.2013 12:57     C:\Users\tim_oO\AppData\Local\Temp\s3ncf4p5.ayw --------- 9  
 02.02.2013 04:51     C:\Users\tim_oO\AppData\Local\Temp\jtdkk5ul.uam --------- 9  
 01.02.2013 23:23     C:\Users\tim_oO\AppData\Local\Temp\jnbutcbo.llu --------- 9  
 01.02.2013 19:22     C:\Users\tim_oO\AppData\Local\Temp\vexdxkot.0e0 --------- 9  
 01.02.2013 16:14     C:\Users\tim_oO\AppData\Local\Temp\t4s5fjvg.exq --------- 9  
 31.01.2013 16:34     C:\Users\tim_oO\AppData\Local\Temp\zw0mgegr.wll --------- 9  
 30.01.2013 22:46     C:\Users\tim_oO\AppData\Local\Temp\rsfsch1t.fjq --------- 9  
 29.01.2013 17:15     C:\Users\tim_oO\AppData\Local\Temp\2k1pwf5n.vqe --------- 9  
 29.01.2013 01:50     C:\Users\tim_oO\AppData\Local\Temp\v2sfnpml.ky0 --------- 9  
 28.01.2013 16:07     C:\Users\tim_oO\AppData\Local\Temp\lxfjz421.tal --------- 9  
 27.01.2013 21:19     C:\Users\tim_oO\AppData\Local\Temp\jar_cache1708816180670125365.tmp --------- 0  
 27.01.2013 19:39     C:\Users\tim_oO\AppData\Local\Temp\mirorlhz.3j0 --------- 9  
 27.01.2013 15:11     C:\Users\tim_oO\AppData\Local\Temp\fontconfig --------- 0  
 27.01.2013 12:29     C:\Users\tim_oO\AppData\Local\Temp\gxczjw4a.40b --------- 9  
 27.01.2013 00:56     C:\Users\tim_oO\AppData\Local\Temp\bq4gdrum.bp4 --------- 9  
 26.01.2013 12:32     C:\Users\tim_oO\AppData\Local\Temp\ekqe0mm0.4p5 --------- 9  
 26.01.2013 01:24     C:\Users\tim_oO\AppData\Local\Temp\rhzrjvnv.su3 --------- 9  
 25.01.2013 18:21     C:\Users\tim_oO\AppData\Local\Temp\uvapbbwp.wiw --------- 9  
 25.01.2013 16:13     C:\Users\tim_oO\AppData\Local\Temp\GtKy22Uw.htm.part --------- 0  
 25.01.2013 16:11     C:\Users\tim_oO\AppData\Local\Temp\plugtmp-1 --------- 0  
 25.01.2013 15:47     C:\Users\tim_oO\AppData\Local\Temp\ww5s4ion.vks --------- 9  
 24.01.2013 19:33     C:\Users\tim_oO\AppData\Local\Temp\plugtmp --------- 0  
 24.01.2013 19:16     C:\Users\tim_oO\AppData\Local\Temp\f93wtg0z.mp3.part --------- 0  
 24.01.2013 16:34     C:\Users\tim_oO\AppData\Local\Temp\wuffrars.mgp --------- 9  
 23.01.2013 07:10     C:\Users\tim_oO\AppData\Local\Temp\ysirhvtp.v5n --------- 9  
 22.01.2013 15:22     C:\Users\tim_oO\AppData\Local\Temp\qtsingleapp-combli-839e-1-lockfile --------- 0  
 22.01.2013 07:52     C:\Users\tim_oO\AppData\Local\Temp\facbhuee.ck2 --------- 9  
 21.01.2013 14:19     C:\Users\tim_oO\AppData\Local\Temp\2jg1is2e.prq --------- 9  
 20.01.2013 21:56     C:\Users\tim_oO\AppData\Local\Temp\jn0c2svw.yu4 --------- 9  
 20.01.2013 21:50     C:\Users\tim_oO\AppData\Local\Temp\ai2hojq1.4nd --------- 9  
 20.01.2013 11:11     C:\Users\tim_oO\AppData\Local\Temp\nyegmbba.1td --------- 9  
 19.01.2013 19:01     C:\Users\tim_oO\AppData\Local\Temp\t1jn5d15.1cb --------- 9  
 19.01.2013 06:55     C:\Users\tim_oO\AppData\Local\Temp\d3f3jnig.mfr --------- 9  
 18.01.2013 18:26     C:\Users\tim_oO\AppData\Local\Temp\uf25yxkk.w2m --------- 9  
 17.01.2013 21:15     C:\Users\tim_oO\AppData\Local\Temp\BTN%Copy%1 --------- 0  
 17.01.2013 17:37     C:\Users\tim_oO\AppData\Local\Temp\cbvztqg2.dpn --------- 9  
 16.01.2013 22:58     C:\Users\tim_oO\AppData\Local\Temp\d444rpey.arf --------- 12554  
 16.01.2013 22:58     C:\Users\tim_oO\AppData\Local\Temp\qomszfid.ffe --------- 9  
 16.01.2013 22:57     C:\Users\tim_oO\AppData\Local\Temp\AdobeARM_NotLocked.log --------- 580  
 16.01.2013 22:54     C:\Users\tim_oO\AppData\Local\Temp\History --------- 0  
 16.01.2013 22:54     C:\Users\tim_oO\AppData\Local\Temp\Cookies --------- 0  
 16.01.2013 22:54     C:\Users\tim_oO\AppData\Local\Temp\Temporary Internet Files --------- 0  
 16.01.2013 22:54     C:\Users\tim_oO\AppData\Local\Temp\Adobe --------- 0  
 16.01.2013 17:32     C:\Users\tim_oO\AppData\Local\Temp\tbitso1e.2wc --------- 9  
 15.01.2013 20:36     C:\Users\tim_oO\AppData\Local\Temp\4avqxrpn.wbf --------- 9  
 15.01.2013 17:34     C:\Users\tim_oO\AppData\Local\Temp\xup14avh.g5j --------- 9  
 13.08.2012 18:50     C:\Users\tim_oO\AppData\Local\Temp\STP5715.csv --------- 2027  
 13.08.2012 18:50     C:\Users\tim_oO\AppData\Local\Temp\STP5715.tmp --------- 601224  
 08.05.2012 14:39     C:\Users\tim_oO\AppData\Local\Temp\3d0a1899-e862-43d1-b9db-9650cceb2a80 --------- 0  
 28.10.2011 14:13     C:\Users\tim_oO\AppData\Local\Temp\Low --------- 0  
 16.09.2011 16:39     C:\Users\tim_oO\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
----------------------------------------

 
C:\Program Files

 24.02.2013 05:30     C:\Program Files\Internet Explorer --------- 4096  
 23.02.2013 22:55     C:\Program Files\NVIDIA Corporation --------- 4096  
 01.02.2013 23:19     C:\Program Files\7-Zip --------- 4096  
 26.12.2012 23:47     C:\Program Files\VstPlugins --------- 0  
 26.12.2012 23:47     C:\Program Files\Common Files --------- 4096  
 26.12.2012 23:47     C:\Program Files\MeldaProduction --------- 0  
 11.09.2012 20:14     C:\Program Files\Stellarium --------- 8192  
 11.09.2012 19:26     C:\Program Files\CCleaner --------- 4096  
 14.08.2012 18:16     C:\Program Files\StarWind Software --------- 0  
 09.05.2012 18:27     C:\Program Files\Windows Journal --------- 4096  
 08.05.2012 14:37     C:\Program Files\SteelSeries --------- 0  
 02.02.2012 21:40     C:\Program Files\WinRAR --------- 4096  
 18.01.2012 21:32     C:\Program Files\Windows Mail --------- 0  
 18.01.2012 21:32     C:\Program Files\Windows Sidebar --------- 4096  
 18.01.2012 21:32     C:\Program Files\DVD Maker --------- 0  
 18.01.2012 21:32     C:\Program Files\Windows Portable Devices --------- 0  
 18.01.2012 21:32     C:\Program Files\Windows Media Player --------- 4096  
 18.01.2012 21:32     C:\Program Files\Windows Photo Viewer --------- 0  
 18.01.2012 21:32     C:\Program Files\Windows Defender --------- 4096  
 18.01.2012 17:49     C:\Program Files\Java --------- 0  
 17.01.2012 20:49     C:\Program Files\Microsoft Office --------- 0  
 27.12.2011 15:54     C:\Program Files\Samsung --------- 0  
 24.09.2011 13:34     C:\Program Files\DIFX --------- 0  
 21.09.2011 22:30     C:\Program Files\GIMP-2.0 --------- 0  
 18.09.2011 20:46     C:\Program Files\Microsoft IntelliPoint --------- 12288  
 16.09.2011 16:29     C:\Program Files\WIDCOMM --------- 0  
 16.09.2011 16:27     C:\Program Files\Windows NT --------- 4096  
 16.09.2011 16:27     C:\Program Files\Gemeinsame Dateien --------- 0  
 15.12.2009 22:47     C:\Program Files\Microsoft Games --------- 4096  
 15.12.2009 08:22     C:\Program Files\Synaptics --------- 0  
 15.12.2009 08:19     C:\Program Files\Realtek --------- 0  
 14.07.2009 06:32     C:\Program Files\Reference Assemblies --------- 0  
 14.07.2009 06:32     C:\Program Files\MSBuild --------- 0  
 14.07.2009 06:09     C:\Program Files\Uninstall Information --------- 0  
 14.07.2009 05:54     C:\Program Files\desktop.ini --------- 174  
----------------------------------------

 
C:\ProgramData\.. 

UpdatusUser    
tim_oO    
Public    
Default    
Default User    
All Users    
desktop.ini    
----------------------------------------

 
C:\windows\system32\drivers\etc\hosts


----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0           304 K
smss.exe                       280 Services                   0         1.208 K
csrss.exe                      500 Services                   0         4.640 K
wininit.exe                    560 Services                   0         4.500 K
csrss.exe                      584 Console                    1         7.600 K
services.exe                   628 Services                   0         9.068 K
lsass.exe                      644 Services                   0        10.376 K
lsm.exe                        652 Services                   0         4.456 K
svchost.exe                    760 Services                   0         9.896 K
nvvsvc.exe                     820 Services                   0         7.080 K
winlogon.exe                   864 Console                    1         7.280 K
svchost.exe                    888 Services                   0         7.280 K
GDScan.exe                     972 Services                   0        36.712 K
AVKWCtlx64.exe                 120 Services                   0        18.296 K
svchost.exe                    512 Services                   0        15.616 K
svchost.exe                    648 Services                   0       150.960 K
svchost.exe                    844 Services                   0        35.036 K
svchost.exe                   1084 Services                   0         5.208 K
svchost.exe                   1152 Services                   0        11.336 K
svchost.exe                   1224 Services                   0        16.876 K
nvxdsync.exe                  1412 Console                    1        17.212 K
nvvsvc.exe                    1420 Console                    1        12.152 K
spoolsv.exe                   1568 Services                   0        11.212 K
armsvc.exe                    1840 Services                   0         3.876 K
AVKProxy.exe                  1864 Services                   0         4.324 K
AVKService.exe                1892 Services                   0         3.124 K
btwdins.exe                   1920 Services                   0         5.680 K
svchost.exe                   1964 Services                   0         5.992 K
hamachi-2.exe                 1532 Services                   0         9.324 K
mbamscheduler.exe              336 Services                   0         6.040 K
mbamservice.exe               2052 Services                   0       113.768 K
Rezip.exe                     2084 Services                   0         4.656 K
SearchAnonymizerHelper.ex     2184 Services                   0        15.572 K
AvkBap64.exe                  2380 Services                   0        37.216 K
taskhost.exe                  2468 Console                    1         7.888 K
mbamgui.exe                   2536 Console                    1        10.236 K
dwm.exe                       2872 Console                    1        38.368 K
StarRAMService.exe            2944 Services                   0         3.856 K
svchost.exe                   2104 Services                   0         5.556 K
taskeng.exe                   2660 Console                    1         6.564 K
APLanMgrC.exe                 2444 Console                    1           528 K
explorer.exe                  2428 Console                    1        91.760 K
SSCKbdHk.exe                  2608 Console                    1         1.088 K
EasySpeedUpManager.exe        2024 Console                    1         1.092 K
dmhkcore.exe                  2556 Console                    1         1.892 K
WCScheduler.exe               3012 Console                    1         1.096 K
nvtray.exe                    2680 Console                    1        12.140 K
RAVCpl64.exe                  3620 Console                    1        10.336 K
SynTPEnh.exe                  3768 Console                    1        12.016 K
SynTPHelper.exe               3952 Console                    1         3.572 K
SteelSeriesEngine.exe         4024 Console                    1       110.484 K
SearchIndexer.exe             3764 Services                   0        90.060 K
AVKTray.exe                   3500 Console                    1         1.528 K
wmpnetwk.exe                  3400 Services                   0        10.792 K
svchost.exe                   3636 Services                   0        52.768 K
mscorsvw.exe                  4200 Services                   0         7.440 K
mscorsvw.exe                  4488 Services                   0         9.080 K
daemonu.exe                   4880 Services                   0         7.876 K
firefox.exe                   5076 Console                    1       297.512 K
plugin-container.exe          4864 Console                    1        12.768 K
FlashPlayerPlugin_11_5_50     2096 Console                    1        10.028 K
FlashPlayerPlugin_11_5_50     4408 Console                    1        18.184 K
audiodg.exe                   4724 Services                   0        31.284 K
taskeng.exe                   4264 Services                   0         5.264 K
foobar2000.exe                2060 Console                    1        29.944 K
pidgin.exe                    3488 Console                    1        30.216 K
SearchProtocolHost.exe        4924 Services                   0         9.356 K
SearchFilterHost.exe          3868 Services                   0         8.860 K
cmd.exe                        592 Console                    1         3.860 K
conhost.exe                   4116 Console                    1         5.828 K
dllhost.exe                   4788 Console                    1         5.980 K
tasklist.exe                  4616 Console                    1         5.772 K
WmiPrvSE.exe                  3572 Services                   0         6.328 K

 
***** Ende des Scans 24.02.2013 um 12:28:29,20 ***
         

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
tim_oO :: TIM_OO-PC [Administrator]

Schutz: Aktiviert

23.02.2013 23:45:10
mbam-log-2013-02-23 (23-45-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 468052
Laufzeit: 1 Stunde(n), 27 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 16
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\tim_oO\Desktop\Programme\Cryptload\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\tim_oO\Downloads\HOMM2GOLD-dm.exe (Adware.TryMedia) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Games\Age of Empires 2\Tools\DirectDraw Patcher\w7ddpatcher.exe (HackTool.Patch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:12, on 24.02.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\Users\tim_oO\Desktop\Programme\Pc Cleaner\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKCU\..\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-3322448490-314981258-3538992574-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Rezip - Unknown owner - C:\Windows\SysWOW64\Rezip.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SearchAnonymizer - Unknown owner - C:\Users\tim_oO\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: StarRAM Service (StarRAMService) - StarWind Software - C:\Program Files\StarWind Software\RAM Disk\StarRAMService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10369 bytes
         

Code: Alles auswählenAufklappen

ATTFilter

7-Zip 9.20 (x64 edition)	Igor Pavlov	01.02.2013	4,53MB	9.20.00.0
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	08.02.2013	6,00MB	11.5.502.149
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	08.02.2013	6,00MB	11.5.502.149
Adobe Reader X (10.1.5) - Deutsch	Adobe Systems Incorporated	16.01.2013	122MB	10.1.5
Age of Empires 2 & The Conquerors v1.1 Userpatch AiO version 0.2	line0	11.04.2012	696MB	0.2
Age of Empires II - the Conquerors WideScreen Patcher	Boekabart	11.04.2012	208KB	1.0.40
AIDA64 Extreme Edition v2.00	FinalWire Ltd.	12.11.2011	22,3MB	2.00
Anno 1701	Sunflowers	18.09.2011		1.00
ANNO 2070	Ubisoft	20.12.2011		1.0.0.0
AnyDVD	SlySoft	24.12.2011		6.8.9.0
AnyPC Client	Doctorsoft	15.12.2009		1.0.0.23
Atheros Client Installation Program	Atheros	15.12.2009		1.0.1.0805
BatteryLifeExtender	Samsung	15.12.2009	14,2MB	1.0.1
BrettspielWelt		26.10.2011		
CCleaner	Piriform	22.08.2012		3.22
Celestia 1.6.1	Shatters Software	02.02.2013	66,5MB	
ChargeableUSB	SAMSUNG	15.12.2009		1.0.0.0
CloneDVD2	Elaborate Bytes	24.12.2011		2.9.3.0
Compatibility Pack für 2007 Office System	Microsoft Corporation	08.01.2013	177MB	12.0.6612.1000
Counter-Strike	Valve	18.09.2011		
Diablo II	Blizzard Entertainment	18.09.2011		
Diablo III	Blizzard Entertainment	15.02.2013		1.0.7.14633
Easy Display Manager	Samsung Electronics Co., Ltd.	15.12.2009		3.0
Easy Network Manager	Samsung	15.12.2009	19,0MB	4.2.4
Easy SpeedUp Manager	Samsung Electronics Co.,Ltd.	15.12.2009		3.0.0.5
EasyBatteryManager	Samsung	15.12.2009		4.0.0.3
EVEREST Ultimate Edition v5.50	Lavalys, Inc.	28.05.2012		5.50
F.E.A.R. 3		18.09.2011		
foobar2000 v1.1.7	Peter Pawlowski	16.09.2011	7,85MB	1.1.7
G Data AntiVirus 2012	G Data Software AG	16.09.2011	73,7MB	22.0.0.0
GIMP 2.6.8		21.09.2011		
Google Earth Plug-in	Google	12.09.2012	48,7MB	6.2.2.6613
Grand Theft Auto Vice City		11.10.2011		1.00.000
Half-Life 2	Valve	15.01.2013		
Half-Life 2: Episode One	Valve	15.01.2013		
Half-Life 2: Episode Two	Valve	15.01.2013		
Heroes II Gold		14.02.2013		
Intel(R) Rapid Storage Technology	Intel Corporation	23.02.2013		9.5.4.1001
Intel(R) Turbo Boost Technology Driver	Intel Corporation	15.12.2009		01.00.01.1002
Java(TM) 6 Update 30	Sun Microsystems, Inc.	26.10.2011	94,9MB	6.0.300
Java(TM) 6 Update 30 (64-bit)	Oracle	18.01.2012	91,8MB	6.0.300
JDownloader 0.9	AppWork GmbH	19.12.2011		0.9
League of Legends	Riot Games	09.01.2012		1.02.0000
LogMeIn Hamachi	LogMeIn, Inc.	22.02.2013		2.1.0.294
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	23.02.2013	18,4MB	1.70.0.1100
Marvell Miniport Driver	Marvell	15.12.2009		11.22.3.3
McAfee Security Scan Plus	McAfee, Inc.	11.09.2012	10,2MB	3.0.207.4
MeldaProduction MFreeEffectsBundle64 7	MeldaProduction	26.12.2012		
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	18.09.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	18.09.2011	2,93MB	4.0.30319
Microsoft IntelliPoint 8.2	Microsoft Corporation	18.09.2011		8.20.468.0
Microsoft Office Home and Student 2010	Microsoft Corporation	17.01.2012		14.0.6029.1000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	23.09.2011	300KB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	18.09.2011	788KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	23.09.2011	788KB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	19.12.2011	240KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	16.09.2011	596KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	23.09.2011	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	15.11.2012	13,8MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	15.11.2012	15,0MB	10.0.40219
Microsoft Works	Microsoft Corporation	11.10.2012	878MB	9.7.0621
Mozilla Firefox 19.0 (x86 de)	Mozilla	20.02.2013	45,1MB	19.0
Mozilla Maintenance Service	Mozilla	20.02.2013	330KB	19.0
Mozilla Thunderbird 17.0.2 (x86 de)	Mozilla	10.01.2013	41,9MB	17.0.2
Mp3tag v2.49a	Florian Heidenreich	19.11.2011		v2.49a
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	25.09.2011	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	25.09.2011	1,33MB	4.20.9876.0
Nero BurningROM 12	Nero AG	03.11.2012	239MB	12.0.00300
Nokia Connectivity Cable Driver	Nokia	29.01.2012	3,94MB	7.1.69.0
Nokia Suite	Nokia	29.01.2012		3.3.86.0
NVIDIA Grafiktreiber 314.07	NVIDIA Corporation	23.02.2013		314.07
NVIDIA HD-Audiotreiber 1.3.23.1	NVIDIA Corporation	23.02.2013		1.3.23.1
NVIDIA PhysX-Systemsoftware 9.12.1031	NVIDIA Corporation	23.02.2013		9.12.1031
NVIDIA Update 1.12.12	NVIDIA Corporation	23.02.2013		1.12.12
Office 2010 Trial Extender	DiSTANTX	21.05.2012	834KB	1.0.0.4
PC Connectivity Solution	Nokia	29.01.2012	20,8MB	11.5.29.0
Pidgin		21.11.2012		2.10.6
Pidgin-Encryption Plugin (nur entfernen)		21.11.2012		
pidgin-otr 4.0.0-1	Cypherpunks CA	01.02.2013		4.0.0-1
PokerStars.eu	PokerStars.eu	05.12.2012		
Portal	Valve	15.01.2013		
Portal 2		13.05.2012		
Postal 2		16.06.2012		
Project64 1.6	Project64	18.09.2011	3,46MB	1.6
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	15.12.2009		6.0.1.5969
REALTEK Wireless LAN Software	REALTEK Semiconductor Corp.	15.12.2009		1.01.0088
Risen	Deep Silver	22.02.2012		1.00.0000
Samsung R-Series	Samsung	15.12.2009	24,2MB	1.0
Samsung Recovery Solution 4	Samsung	15.12.2009		4.0.0.41
Samsung Support Center	Samsung	15.12.2009	40,8MB	1.0.21
Samsung Update Plus	Samsung Electronics Co., Ltd.	15.12.2009		2.0
SearchAnonymizer		18.09.2011		1.0.1 (de)
Serious Sam 2		01.02.2013		
Skype™ 5.10	Skype Technologies S.A.	28.08.2012	19,3MB	5.10.116
SopCast 3.4.0	www.sopcast.com	18.10.2011		3.4.0
Source SDK Base 2007	Valve	10.10.2012		
StarCraft II	Blizzard Entertainment	01.02.2013		1.4.4.22418
StarWind RAM Disk (build 2010-03-10)	StarWind Software	14.08.2012		
Steam	Valve Corporation	16.09.2011	1,59MB	1.0.0.0
SteelSeries Engine	SteelSeries	08.05.2012		2.2.927.31327
Stellarium 0.11.4	Stellarium team	11.09.2012	91,2MB	0.11.4
Synaptics Pointing Device Driver	Synaptics Incorporated	15.12.2009		14.0.10.0
Team Fortress 2	Valve	15.01.2013		
teXXas	metaspinner media GmbH	16.09.2011		1
TmNationsForever	Nadeo	05.09.2012		
Ubisoft Game Launcher	UBISOFT	20.12.2011		1.0.0.0
Veetle TV	Veetle, Inc	18.10.2011		0.9.18
VirtualCloneDrive	Elaborate Bytes	16.09.2011		
VLC media player 2.0.3	VideoLAN	12.08.2012		2.0.3
vShare.tv plugin 1.3	vShare.tv, Inc.	20.09.2011		1.3
Wer wird Millionär	Eidos Interactive	24.06.2012	401MB	1.0.0.0000
WIDCOMM Bluetooth Software	Broadcom Corporation	12.01.2013	258MB	6.2.1.800
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)	Broadcom	16.09.2011		07/30/2009 6.2.0.9405
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)	Broadcom	16.09.2011		09/11/2009 6.2.0.9407
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)	Broadcom	16.09.2011		07/28/2009 6.2.0.9800
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)	Nokia	29.01.2012		08/22/2008 7.0.0.0
WinRAR 4.01 (64-Bit)	win.rar GmbH	16.09.2011		4.01.0
Xvid 1.1.3 final uninstall	Xvid team (Koepi)	03.03.2012		1.1
Zak McKracken - Between Time and Space		03.03.2012
         

Hi
hijackthis will keiner mehr sehen, wird nämlich nicht mehr weiterentwickelt und sollte unter win7 gar nicht genutzt werden.
was heißt "son virus" wer hat wo was gefunden?

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die
  OTL.exe
  .
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die
  Textbox.

Code: Alles auswählenAufklappen

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere
  nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Hi,


zunächst mal vielen Dank für die Antwort.

G-Data:

Code: Alles auswählenAufklappen

ATTFilter

   
Pfad: C:\Users\tim_oO\AppData\Roaming\Thunderbird\Profiles\2zduw2d0.default\ImapMail\imap.web.de
    Status: Virus gefunden
    Virus: PDF:Exploit.JS.CM (Engine A)

Objekt: avk17D3.tmp
    Pfad: C:\windows\Temp
    Status: Virus entfernt
    Virus: Trojan.Generic.8052410 (Engine A)

Datei: C:\Users\tim_oO\AppData\Local\Temp\cxhyr.exe
Virus: Gen:Heur.PIF.6 (Engine A)

Datei: C:\Users\tim_oO\AppData\Local\Temp\cxhyr.exe
Virus: DeepScan:Generic.FakeAv.5.EBBCEDBF (Engine A)

Beim Schließen der Datei "D:\Games\Steam\steamapps\giantdk\counter-strike\cstrike\motd_temp.html" wurde der Virus "HTML:Iframe-inf (Engine B)" entdeckt. Zugriff verweigert.

Datei: C:\$Recycle.Bin\S-1-5-21-3322448490-314981258-3538992574-1001\$83990150359794c1504d02c803aa139f\U\800000cb.@
Virus: Trojan.Sirefef.ML (Engine A)

Datei: C:\Users\tim_oO\AppData\Local\Temp\24962250.bat
Virus: Trojan.BAT.AAGK (Engine A

Beim Schließen der Datei "C:\Users\tim_oO\AppData\Local\Temp\HouseCall\VS5F8F50.022" wurde der Virus "Gen:Variant.Symmi.9112 (Engine A)" entdeckt. Zugriff verweigert.

Beim Schließen der Datei "C:\$Recycle.Bin\S-1-5-21-3322448490-314981258-3538992574-1001\$83990150359794c1504d02c803aa139f\U\80000000.@" wurde der Virus "Trojan.Generic.8052410 (Engine A)" entdeckt. Zugriff verweigert.

Beim Schließen der Datei "C:\Users\tim_oO\AppData\Local\Temp\HouseCall\VS5F8F50.043" wurde der Virus "Trojan.Generic.KDV.832329 (Engine A)" entdeckt. Zugriff verweigert.

Datei: C:\Users\tim_oO\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\4d831927-6e65d920
Virus: Java:Agent-COW [Expl] (Engine B)
         

Code: Alles auswählenAufklappen

ATTFilter

*** Prozess ***

Prozess: 6004
Dateiname: mor.exe
Pfad: c:\users\tim_oo\appdata\local\temp\mor.exe

Herausgeber: Unbekannter Herausgeber
Erstelldatum: 02/05/13 23:06:58
Änderungsdatum: 02/05/13 23:06:58

Gestartet von: java.exe
Herausgeber: Sun Microsystems, Inc.


*** Aktionen ***

Das Programm versucht zu erreichen, dass ein Programm beim Systemstart automatisch gestartet wird.
Das Programm stellt eine Verbindung über ein Netzwerk her.
Das Programm hat eine ausführbare Datei angelegt oder manipuliert.
Das Programm hat eine Kopie von sich selbst angelegt.
Eine ausführbare Datei wurde an einem verdächtigen Ort gespeichert.
Ein Autostart Eintrag verweist auf einen verdächtigen Ort.


*** Quarantäne ***

Folgende Dateien wurden in Quarantäne verschoben:
C:\Users\tim_oO\AppData\Local\Temp\24959551.exe
C:\Users\tim_oO\AppData\Local\Temp\24962031.exe
C:\Users\tim_oO\AppData\Local\Temp\24962250.bat
C:\Users\tim_oO\AppData\Local\Temp\mor.exe
C:\Users\tim_oO\lovikzakvuci.exe

Folgende Registry Einträge wurden gelöscht:

\REGISTRY\USER\S-1-5-21-3322448490-314981258-3538992574-1001\Software\Microsoft\Windows\CurrentVersion\Run || lovikzakvuci

YGLxn+IHJyf3cpJycgwoJ9dygnJyCyknaCYnlyonzKBygiknLie3wHJyYmJyctByonKScnLgcvIpJ5xykganQicrdHJCJwq3crJycnKigCwnKycnJwrocnJiYnJykCsW/ynokC0nB+lykmJicpKgLCcpJiYnCdpyci8nKSfHsCknKiYmJwrbcoJygmJiwConKSYmJwn8cpJygnJy0CYnKScpJgbPcnJiYnJycKdycnCocnJiYnJycLhyknKSYmJwyHJyYmJycnDocnJiYnJycOlygmJicoJw+XKCYmJygnB6coJwupLBWWOmwsKRNWYqJxmcNWYqC6cuJysmJicLty8nKCYmJwjHKCcpJykmBgA
Version der Regeln: 3.1.15
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 64bit OS
BB Revision: 28249

C:\Users\tim_oO\AppData\Local\Temp\mor.exe
"C:\Program Files (x86)\Java\jre6\bin\java.exe" -D__jvm_launched=24936828903 "-Xbootclasspath/a:C:\\PROGRA~2\\Java\\jre6\\lib\\deploy.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\javaws.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\plugin.jar" "-Djava.class.path=C:\\PROGRA~2\\Java\\jre6\\classes" -Dsun.awt.warmup=true "-Dsun.plugin2.jvm.args=-D__jvm_launched=24936828903 \"-Xbootclasspath/a:C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\deploy.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\javaws.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\plugin.jar\" \"-Djava.class.path=C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\classes\" -Dsun.awt.warmup=true --- --" sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid5028_pipe2,read_pipe_name=jpi2_pid5028_pipe1
         

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 2/24/2013 8:58:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\tim_oO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 64.07% Memory free
7.71 Gb Paging File | 5.89 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98.78 Gb Total Space | 36.96 Gb Free Space | 37.41% Space Free | Partition Type: NTFS
Drive D: | 300.29 Gb Total Space | 89.68 Gb Free Space | 29.86% Space Free | Partition Type: NTFS
Drive F: | 182.00 Gb Total Space | 52.36 Gb Free Space | 28.77% Space Free | Partition Type: NTFS
 
Computer Name: TIM_OO-PC | User Name: tim_oO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/24 20:54:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tim_oO\Desktop\OTL.exe
PRC - [2013/02/10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012/11/29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
PRC - [2012/03/29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2009/11/04 05:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 12:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/20 10:13:00 | 000,079,360 | ---- | M] (DoctorSoft) -- C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe
PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 02:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/02/19 17:47:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/08 15:47:35 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012/11/29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012/11/29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/09/18 20:16:08 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\tim_oO\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011/06/17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/29 14:18:50 | 000,094,720 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\StarWind Software\RAM Disk\StarRAMService.exe -- (StarRAMService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/10/02 18:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/12 14:32:52 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013/01/12 14:32:51 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013/01/12 14:32:25 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013/01/12 14:32:25 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013/01/12 14:32:25 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012/12/19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/23 16:40:42 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012/08/28 03:00:32 | 000,112,640 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:64bit: - [2012/08/28 03:00:26 | 000,034,560 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/22 17:53:21 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR250.SYS -- (SMR250)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 21:09:56 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/02/22 21:09:52 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/12/13 03:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/12/04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/09/16 18:03:35 | 000,031,608 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/03/29 14:20:10 | 000,065,368 | ---- | M] (StarWind Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\StarRAM.sys -- (StarRAM)
DRV:64bit: - [2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/10 04:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/02 08:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/28 19:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/28 19:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 21:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011/12/04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{02BFE015-07A4-4687-909A-6EE9B5FC0442}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&k=0
IE - HKCU\..\SearchScopes\{1BF1A860-37CE-4EE7-B914-9C72BA51D79D}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{247BBEF0-9B17-41CE-ADF0-EBE921F37472}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D314937534D534E5F64654445343439&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&k=0
IE - HKCU\..\SearchScopes\{6C2D1982-5FBC-4D96-A5F3-8147C2AA512A}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{A07B6181-59BF-4CB3-B86D-16776628B5F9}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C162E0C4-337A-4790-93FD-DAFC61871FED}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:7.6.0.2
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..network.proxy.ftp: "176.31.111.181"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "176.31.111.181"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "176.31.111.181"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "176.31.111.181"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/01/29 14:59:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/19 17:47:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/19 17:47:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/09 18:56:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/01/29 14:59:32 | 000,000,000 | ---D | M]
 
[2011/09/17 01:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Extensions
[2013/02/24 12:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Firefox\Profiles\clbrt290.default\extensions
[2012/11/16 23:55:21 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Firefox\Profiles\clbrt290.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012/09/16 10:21:25 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Firefox\Profiles\clbrt290.default\extensions\ich@maltegoetz.de
[2012/07/05 15:54:08 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013/02/10 10:11:46 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\stealthyextension@gmail.com.xpi
[2013/01/30 22:46:20 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013/01/05 15:19:13 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/14 09:39:40 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/09/18 20:16:11 | 000,002,071 | ---- | M] () -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\searchplugins\{2967D1BD-ACCB-4C10-A2BB-A616EAA0FCC0}.xml
[2011/09/18 20:16:11 | 000,002,182 | ---- | M] () -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\searchplugins\{7D78468A-EB75-4471-BDE7-709B08A1152D}.xml
[2011/09/18 20:16:11 | 000,001,864 | ---- | M] () -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\searchplugins\{E168B10A-97BC-400A-B82A-3A0E2812B203}.xml
[2013/02/19 17:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/02/19 17:47:45 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2013/02/19 17:47:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2013/02/19 17:47:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012/06/10 13:09:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/29 23:38:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/10 13:09:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/10 13:09:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/10 13:09:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/10 13:09:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\tim_oO\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [SteelSeries Engine] C:\Programme\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3EDA5FB-2992-4B99-9B89-788630AD6D22}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF03C53C-6E49-4CC4-A855-9F9FFD0625AF}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\30937D~1.207\SSSCHE~1.EXE - (McAfee, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
MsConfig:64bit - StartUpReg: APLangApp - hkey= - key= - C:\Program Files (x86)\AnyPC Client\APLangApp.exe (DoctorSoft)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: mcagent_exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: MSC - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDVD8LanguageShortcut - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RemoteControl8 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RESTART_STICKY_NOTES - hkey= - key= - C:\Windows\SysNative\StikyNot.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/24 20:54:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tim_oO\Desktop\OTL.exe
[2013/02/24 12:53:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/24 12:27:38 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\Desktop\hjtscanlist
[2013/02/24 12:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\4shared Desktop
[2013/02/23 23:42:28 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Malwarebytes
[2013/02/23 23:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/23 23:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/23 23:42:15 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/02/23 23:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/23 23:42:06 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Local\Programs
[2013/02/23 22:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/02/23 22:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/02/22 22:47:31 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\hamachi.sys
[2013/02/22 22:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/02/22 22:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/02/22 22:47:08 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Local\LogMeIn Hamachi
[2013/02/19 17:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/14 20:00:33 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3DO
[2013/02/14 20:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
[2013/02/14 19:29:10 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/02/02 02:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celestia
[2013/02/02 02:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Celestia
[2013/02/01 23:46:10 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2 Patch 2.066.00
[2013/02/01 23:44:08 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll
[2013/02/01 23:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/01 23:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/02/01 22:56:54 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2013/02/01 22:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2013/02/01 22:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pidgin-otr
[2013/02/01 22:38:06 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
[2013/02/01 22:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/24 20:54:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tim_oO\Desktop\OTL.exe
[2013/02/24 20:46:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/02/24 20:25:00 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/24 19:10:51 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/24 19:10:51 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/24 19:04:28 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/24 19:02:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/24 19:02:50 | 3106,103,296 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/24 12:22:42 | 000,000,000 | ---- | M] () -- C:\END
[2013/02/24 12:16:29 | 000,992,122 | ---- | M] () -- C:\windows\SysWow64\sig.bin
[2013/02/24 12:16:29 | 000,052,387 | ---- | M] () -- C:\windows\SysWow64\nmp.map
[2013/02/24 05:32:07 | 000,389,920 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/02/24 02:28:35 | 001,520,734 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/02/24 02:28:35 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/02/24 02:28:35 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/02/24 02:28:35 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/02/24 02:28:35 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/02/23 23:40:29 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/02/23 23:13:04 | 000,002,539 | ---- | M] () -- C:\Users\tim_oO\Hkey.reg
[2013/02/17 01:06:49 | 022,553,929 | ---- | M] () -- C:\Users\tim_oO\Desktop\Rainbow Chicken dance (30 min loop) Longest on youtube! (at time of upload).M4A
[2013/02/14 14:21:05 | 249,837,325 | ---- | M] () -- C:\Users\tim_oO\Desktop\Live @ Beatgetrieben - SHUT UP AND DANCE!.mp3
[2013/02/11 00:57:07 | 000,124,201 | ---- | M] () -- C:\Users\tim_oO\AppData\Local\ars.cache
[2013/02/10 04:25:27 | 000,017,738 | ---- | M] () -- C:\windows\SysNative\nvinfo.pb
[2013/02/09 13:15:55 | 000,000,036 | ---- | M] () -- C:\Users\tim_oO\AppData\Local\housecall.guid.cache
[2013/02/01 23:44:08 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll
[2013/02/01 00:01:44 | 000,002,072 | ---- | M] () -- C:\Users\tim_oO\.recently-used.xbel
[2013/01/27 22:52:09 | 000,007,606 | ---- | M] () -- C:\Users\tim_oO\AppData\Local\Resmon.ResmonCfg
[2013/01/27 15:14:48 | 000,081,333 | ---- | M] () -- C:\Users\tim_oO\treib.jpg
 
========== Files Created - No Company Name ==========
 
[2013/02/24 12:22:42 | 000,000,000 | ---- | C] () -- C:\END
[2013/02/23 23:17:34 | 000,001,912 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/02/23 22:50:54 | 000,017,738 | ---- | C] () -- C:\windows\SysNative\nvinfo.pb
[2013/02/17 01:06:15 | 022,553,929 | ---- | C] () -- C:\Users\tim_oO\Desktop\Rainbow Chicken dance (30 min loop) Longest on youtube! (at time of upload).M4A
[2013/02/14 14:06:12 | 249,837,325 | ---- | C] () -- C:\Users\tim_oO\Desktop\Live @ Beatgetrieben - SHUT UP AND DANCE!.mp3
[2013/02/09 13:32:06 | 000,124,201 | ---- | C] () -- C:\Users\tim_oO\AppData\Local\ars.cache
[2013/02/09 13:15:55 | 000,000,036 | ---- | C] () -- C:\Users\tim_oO\AppData\Local\housecall.guid.cache
[2013/02/09 13:10:11 | 000,002,539 | ---- | C] () -- C:\Users\tim_oO\Hkey.reg
[2013/02/01 00:01:44 | 000,002,072 | ---- | C] () -- C:\Users\tim_oO\.recently-used.xbel
[2013/01/27 15:14:48 | 000,081,333 | ---- | C] () -- C:\Users\tim_oO\treib.jpg
[2013/01/01 19:18:02 | 000,104,440 | ---- | C] () -- C:\Users\tim_oO\268539_539437299401772_1724037471_n.jpg
[2012/12/20 23:07:27 | 000,036,058 | ---- | C] () -- C:\Users\tim_oO\281742_3948986651780_688252857_n.jpg
[2012/09/12 13:46:37 | 000,025,802 | ---- | C] () -- C:\Users\tim_oO\smiley.jpg
[2012/08/19 21:41:37 | 000,007,606 | ---- | C] () -- C:\Users\tim_oO\AppData\Local\Resmon.ResmonCfg
[2012/06/19 12:04:08 | 002,351,742 | ---- | C] () -- C:\Users\tim_oO\5851448161_8a81580842_o.jpg
[2012/04/11 19:48:06 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\iyvu9_32.dll
[2012/03/22 17:53:36 | 000,000,108 | ---- | C] () -- C:\Users\tim_oO\AppData\Roaming\SMRBackup250.dat
[2012/03/03 21:18:28 | 000,765,952 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012/03/03 21:18:28 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/12/25 13:55:37 | 000,000,133 | ---- | C] () -- C:\windows\VobEdit.INI
[2011/12/24 18:34:31 | 000,000,280 | ---- | C] () -- C:\windows\IfoEdit.INI
[2011/12/24 17:52:42 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/11/19 15:52:20 | 000,000,284 | ---- | C] () -- C:\Users\tim_oO\AppData\Roaming\groovedown.settings
[2011/11/19 15:52:20 | 000,000,000 | ---- | C] () -- C:\Users\tim_oO\AppData\Roaming\gd.db
[2011/09/22 22:50:44 | 000,029,100 | ---- | C] () -- C:\Users\tim_oO\de_Nordwest_Europa_900.html
[2011/09/16 18:10:38 | 000,992,122 | ---- | C] () -- C:\windows\SysWow64\sig.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3322448490-314981258-3538992574-1001\$83990150359794c1504d02c803aa139f\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/24 20:55:59 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\.purple
[2011/10/23 14:43:59 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\BOM
[2012/02/14 19:12:46 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\BSW
[2011/11/12 11:29:14 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\DesktopIconForAmazon
[2013/02/24 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\foobar2000
[2013/01/31 17:58:51 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\gtk-2.0
[2011/11/19 15:52:20 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\lang
[2012/12/26 23:48:14 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\MeldaProduction
[2013/01/25 16:25:40 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Mp3tag
[2012/01/29 15:00:42 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Nokia
[2011/09/18 20:16:08 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\OCS
[2011/09/18 20:16:11 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Opera
[2012/01/29 14:16:25 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\PC Suite
[2012/05/08 14:40:06 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\SteelSeries
[2012/09/12 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Stellarium
[2011/09/18 20:24:02 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Thunderbird
[2011/12/19 13:39:26 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011/09/27 14:20:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013/02/24 19:02:50 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/09/16 16:27:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013/02/14 19:29:17 | 000,000,000 | ---D | M] -- C:\Downloads
[2010/03/30 08:36:22 | 000,000,000 | -HSD | M] -- C:\found.000
[2009/12/15 08:17:00 | 000,000,000 | ---D | M] -- C:\Intel
[2012/01/17 20:48:51 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/12/20 14:10:06 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/02/23 23:40:26 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/02/24 12:54:15 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013/02/24 12:22:55 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/09/16 16:27:34 | 000,000,000 | -HSD | M] -- C:\Programme
[2011/09/16 16:27:34 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013/02/24 20:59:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/09/14 15:28:00 | 000,000,000 | ---D | M] -- C:\temp
[2013/02/23 22:55:15 | 000,000,000 | R--D | M] -- C:\Users
[2011/09/13 04:46:06 | 000,000,000 | ---D | M] -- C:\windiag
[2013/02/24 19:02:49 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010/11/20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,640 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/03/30 23:23:14 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2012/09/12 12:07:13 | 000,001,106 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/09/12 12:07:16 | 000,001,110 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/10/06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 07:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 07:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\windows\SysNative\drivers\iaStor.sys
[2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013/02/01 00:01:44 | 000,002,072 | ---- | M] () -- C:\Users\tim_oO\.recently-used.xbel
[2013/01/01 19:18:03 | 000,104,440 | ---- | M] () -- C:\Users\tim_oO\268539_539437299401772_1724037471_n.jpg
[2012/12/20 23:07:28 | 000,036,058 | ---- | M] () -- C:\Users\tim_oO\281742_3948986651780_688252857_n.jpg
[2012/06/19 12:04:10 | 002,351,742 | ---- | M] () -- C:\Users\tim_oO\5851448161_8a81580842_o.jpg
[2011/09/22 22:50:45 | 000,029,100 | ---- | M] () -- C:\Users\tim_oO\de_Nordwest_Europa_900.html
[2013/02/23 23:13:04 | 000,002,539 | ---- | M] () -- C:\Users\tim_oO\Hkey.reg
[2012/02/25 16:29:58 | 000,000,345 | ---- | M] () -- C:\Users\tim_oO\muziK.txt
[2013/02/09 02:47:10 | 000,000,168 | ---- | M] () -- C:\Users\tim_oO\Neues Textdokument.txt
[2013/02/22 16:03:40 | 000,001,268 | ---- | M] () -- C:\Users\tim_oO\Notizen.txt
[2013/02/24 21:10:05 | 002,097,152 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT
[2013/02/24 21:10:05 | 000,262,144 | -HS- | M] () -- C:\Users\tim_oO\ntuser.dat.LOG1
[2011/09/16 16:28:53 | 000,000,000 | -HS- | M] () -- C:\Users\tim_oO\ntuser.dat.LOG2
[2011/09/16 16:43:48 | 000,065,536 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/09/16 16:43:48 | 000,524,288 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/09/16 16:43:48 | 000,524,288 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/09/16 16:28:53 | 000,000,020 | -HS- | M] () -- C:\Users\tim_oO\ntuser.ini
[2012/12/10 17:31:15 | 000,000,192 | ---- | M] () -- C:\Users\tim_oO\ogame.txt
[2012/09/12 13:46:38 | 000,025,802 | ---- | M] () -- C:\Users\tim_oO\smiley.jpg
[2013/01/27 15:14:49 | 000,109,568 | -HS- | M] () -- C:\Users\tim_oO\Thumbs.db
[2013/01/27 15:14:48 | 000,081,333 | ---- | M] () -- C:\Users\tim_oO\treib.jpg
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         

--- --- ---


OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 2/24/2013 8:58:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\tim_oO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 64.07% Memory free
7.71 Gb Paging File | 5.89 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98.78 Gb Total Space | 36.96 Gb Free Space | 37.41% Space Free | Partition Type: NTFS
Drive D: | 300.29 Gb Total Space | 89.68 Gb Free Space | 29.86% Space Free | Partition Type: NTFS
Drive F: | 182.00 Gb Total Space | 52.36 Gb Free Space | 28.77% Space Free | Partition Type: NTFS
 
Computer Name: TIM_OO-PC | User Name: tim_oO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"SearchAnonymizer" = SearchAnonymizer
"StarWind RAM Disk_is1" = StarWind RAM Disk (build 2010-03-10)
"SteelSeries Engine" = SteelSeries Engine
"Stellarium_is1" = Stellarium 0.11.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CEC2F82-AEB2-4C4B-B450-62C6CEF159FE}_is1" = Age of Empires 2 & The Conquerors v1.1 Userpatch AiO version 0.2
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1AD8819A-70E8-4380-92DA-F5B2421DAE35}" = G Data AntiVirus 2012
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1" = Office 2010 Trial Extender
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766FF098-68AB-48BE-BF41-05708D178198}" = Wer wird Millionär
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{BA2F3EBC-FE07-4AB5-B906-14DF2C74C523}" = Age of Empires II - the Conquerors WideScreen Patcher
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F3DCD04C-BE9C-408C-BC8C-B77AF972DBC2}" = teXXas
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.00
"AnyDVD" = AnyDVD
"BSW" = BrettspielWelt
"Celestia_is1" = Celestia 1.6.1
"CloneDVD2" = CloneDVD2
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"F.E.A.R. 3_is1" = F.E.A.R. 3
"foobar2000" = foobar2000 v1.1.7
"Heroes II Gold" = Heroes II Gold
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"MeldaProduction MFreeEffectsBundle64 7" = MeldaProduction MFreeEffectsBundle64 7
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"Nokia Suite" = Nokia Suite
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pidgin" = Pidgin
"pidgin-encryption" = Pidgin-Encryption Plugin (nur entfernen)
"pidgin-otr" = pidgin-otr 4.0.0-1
"PokerStars.eu" = PokerStars.eu
"Postal 2" = Postal 2
"Postal 2_is1" = Portal 2
"SeriousSam2" = Serious Sam 2
"SopCast" = SopCast 3.4.0
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"TmNationsForever_is1" = TmNationsForever
"Veetle TV" = Veetle TV
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.3
"vShare.tv plugin" = vShare.tv plugin 1.3
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/2/2012 3:15:27 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/2/2012 3:15:27 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 11:40:08 AM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 5:43:53 PM | Computer Name = tim_oO-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Diablo III.exe, Version: 1.0.6.13300,
 Zeitstempel: 0x50a45e28  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000222b2  ID des fehlerhaften
 Prozesses: 0x6fc  Startzeit der fehlerhaften Anwendung: 0x01cdd17678533bf9  Pfad der
 fehlerhaften Anwendung: D:\Games\Diablo III\Diablo III.exe  Pfad des fehlerhaften
 Moduls: C:\windows\SysWOW64\ntdll.dll  Berichtskennung: 87d6b93d-3d92-11e2-9cf6-b482fe9a12fa
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/4/2012 12:22:10 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 2/24/2013 7:10:55 AM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 2/24/2013 7:10:56 AM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 2/24/2013 7:12:21 AM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 2/24/2013 7:12:21 AM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 2/24/2013 2:03:10 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 2/24/2013 2:03:11 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/24/2013 2:03:11 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/24/2013 2:03:15 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 2/24/2013 2:05:21 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 2/24/2013 2:05:21 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
 
< End of report >
         

--- --- ---

hi
wann war dieser Fund:
Datei: C:\$Recycle.Bin\S-1-5-21-3322448490-314981258-3538992574-1001\$83990150359794c1504d02c803aa139f\U\800000cb.@
Virus: Trojan.Sirefef.ML (Engine A)

Hi,
der Fund war am 06.02. Wurde im Laufe des Tages mehrfach gemeldet. Generell waren viele Virenmeldungen doppelt und dreifach. Falls es hilfreich ist kann ich ja mal alle Meldungen teilen.

Hi
nutzt du das Gerät für onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?

Naja PayPal...

Hi
paypal von nem andern pc aus passwort ändern.
du hast ein Rootkit auf dem PC.
The ZeroAccess rootkit | Naked Security

Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC
für zahlungsverkehr, verwendest
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.
Wenn es meiner währe,würd ich ihn neu machen.

Okay, danke schon mal.
Ich würde es gerne erst mal mit einer Bereinigung versuchen, da ich momentan keine Möglichkeit habe Dateien zu sichern.

aber dann solltest du vom den pc aus nie wieder paypal nutzen, dass sollte dir bewusst sein.
bzw nichts anderes sensibles mehr, also zb auch nicht einkaufen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Hat nichts gefunden.
Wollte mein Paypal-Passwort von nem anderen Rechner aus ändern, leider sind mir die genauen Schreibweisen der Sicherheitsfragen entfallen. Naja ich habs dann so weit getrieben, dass man sich nicht mehr einloggen kann und dem Support bescheid gegeben.

wo ist das log?

Komisch, erst nicht gefunden.

Code: Alles auswählenAufklappen

ATTFilter

19:48:00.0675 4036  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:48:00.0835 4036  ============================================================
19:48:00.0835 4036  Current date / time: 2013/02/25 19:48:00.0835
19:48:00.0835 4036  SystemInfo:
19:48:00.0835 4036  
19:48:00.0835 4036  OS Version: 6.1.7601 ServicePack: 1.0
19:48:00.0835 4036  Product type: Workstation
19:48:00.0835 4036  ComputerName: TIM_OO-PC
19:48:00.0835 4036  UserName: tim_oO
19:48:00.0835 4036  Windows directory: C:\windows
19:48:00.0835 4036  System windows directory: C:\windows
19:48:00.0835 4036  Running under WOW64
19:48:00.0835 4036  Processor architecture: Intel x64
19:48:00.0835 4036  Number of processors: 4
19:48:00.0835 4036  Page size: 0x1000
19:48:00.0835 4036  Boot type: Normal boot
19:48:00.0835 4036  ============================================================
19:48:01.0135 4036  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:48:01.0145 4036  ============================================================
19:48:01.0145 4036  \Device\Harddisk0\DR0:
19:48:01.0145 4036  MBR partitions:
19:48:01.0145 4036  Initialize success
19:48:01.0145 4036  ============================================================
19:48:05.0305 3736  ============================================================
19:48:05.0305 3736  Scan started
19:48:05.0305 3736  Mode: Manual; SigCheck; TDLFS; 
19:48:05.0305 3736  ============================================================
19:48:05.0315 3736  ================ Scan system memory ========================
19:48:05.0315 3736  System memory - ok
19:48:05.0315 3736  ================ Scan services =============================
19:48:05.0365 3736  1394ohci - ok
19:48:05.0385 3736  ACPI - ok
19:48:05.0385 3736  AcpiPmi - ok
19:48:05.0415 3736  AdobeARMservice - ok
19:48:05.0445 3736  AdobeFlashPlayerUpdateSvc - ok
19:48:05.0455 3736  adp94xx - ok
19:48:05.0455 3736  adpahci - ok
19:48:05.0465 3736  adpu320 - ok
19:48:05.0465 3736  AeLookupSvc - ok
19:48:05.0485 3736  AFD - ok
19:48:05.0485 3736  agp440 - ok
19:48:05.0495 3736  ALG - ok
19:48:05.0495 3736  aliide - ok
19:48:05.0495 3736  amdide - ok
19:48:05.0495 3736  AmdK8 - ok
19:48:05.0505 3736  AmdPPM - ok
19:48:05.0515 3736  amdsata - ok
19:48:05.0515 3736  amdsbs - ok
19:48:05.0515 3736  amdxata - ok
19:48:05.0555 3736  AnyDVD - ok
19:48:05.0565 3736  AppID - ok
19:48:05.0575 3736  AppIDSvc - ok
19:48:05.0575 3736  Appinfo - ok
19:48:05.0575 3736  arc - ok
19:48:05.0585 3736  arcsas - ok
19:48:05.0585 3736  AsyncMac - ok
19:48:05.0595 3736  atapi - ok
19:48:05.0605 3736  athr - ok
19:48:05.0625 3736  atksgt - ok
19:48:05.0625 3736  AudioEndpointBuilder - ok
19:48:05.0635 3736  AudioSrv - ok
19:48:05.0645 3736  AVKProxy - ok
19:48:05.0645 3736  AVKService - ok
19:48:05.0645 3736  AVKWCtl - ok
19:48:05.0665 3736  AxInstSV - ok
19:48:05.0665 3736  b06bdrv - ok
19:48:05.0675 3736  b57nd60a - ok
19:48:05.0675 3736  BDESVC - ok
19:48:05.0685 3736  Beep - ok
19:48:05.0685 3736  BITS - ok
19:48:05.0685 3736  blbdrive - ok
19:48:05.0695 3736  bowser - ok
19:48:05.0695 3736  BrFiltLo - ok
19:48:05.0705 3736  BrFiltUp - ok
19:48:05.0705 3736  Browser - ok
19:48:05.0705 3736  Brserid - ok
19:48:05.0715 3736  BrSerWdm - ok
19:48:05.0715 3736  BrUsbMdm - ok
19:48:05.0715 3736  BrUsbSer - ok
19:48:05.0735 3736  BthEnum - ok
19:48:05.0735 3736  BTHMODEM - ok
19:48:05.0755 3736  BthPan - ok
19:48:05.0755 3736  BTHPORT - ok
19:48:05.0755 3736  bthserv - ok
19:48:05.0765 3736  BTHUSB - ok
19:48:05.0765 3736  btusbflt - ok
19:48:05.0795 3736  btwaudio - ok
19:48:05.0805 3736  btwavdt - ok
19:48:05.0835 3736  btwdins - ok
19:48:05.0855 3736  btwl2cap - ok
19:48:05.0855 3736  btwrchid - ok
19:48:05.0865 3736  busenum - ok
19:48:05.0865 3736  cdfs - ok
19:48:05.0875 3736  cdrom - ok
19:48:05.0885 3736  CertPropSvc - ok
19:48:05.0895 3736  circlass - ok
19:48:05.0895 3736  CLFS - ok
19:48:05.0895 3736  clr_optimization_v2.0.50727_32 - ok
19:48:05.0905 3736  clr_optimization_v2.0.50727_64 - ok
19:48:05.0915 3736  clr_optimization_v4.0.30319_32 - ok
19:48:05.0915 3736  clr_optimization_v4.0.30319_64 - ok
19:48:05.0935 3736  CmBatt - ok
19:48:05.0935 3736  cmdide - ok
19:48:05.0935 3736  CNG - ok
19:48:05.0945 3736  Compbatt - ok
19:48:05.0955 3736  CompositeBus - ok
19:48:05.0955 3736  COMSysApp - ok
19:48:05.0965 3736  crcdisk - ok
19:48:05.0975 3736  CryptSvc - ok
19:48:05.0975 3736  DcomLaunch - ok
19:48:05.0985 3736  defragsvc - ok
19:48:05.0985 3736  DfsC - ok
19:48:05.0985 3736  Dhcp - ok
19:48:06.0005 3736  discache - ok
19:48:06.0005 3736  Disk - ok
19:48:06.0015 3736  Dnscache - ok
19:48:06.0015 3736  dot3svc - ok
19:48:06.0025 3736  DPS - ok
19:48:06.0025 3736  drmkaud - ok
19:48:06.0025 3736  DXGKrnl - ok
19:48:06.0035 3736  EapHost - ok
19:48:06.0045 3736  ebdrv - ok
19:48:06.0045 3736  EFS - ok
19:48:06.0045 3736  ehRecvr - ok
19:48:06.0055 3736  ehSched - ok
19:48:06.0055 3736  ElbyCDIO - ok
19:48:06.0065 3736  elxstor - ok
19:48:06.0065 3736  ErrDev - ok
19:48:06.0075 3736  EventSystem - ok
19:48:06.0075 3736  exfat - ok
19:48:06.0075 3736  fastfat - ok
19:48:06.0085 3736  Fax - ok
19:48:06.0085 3736  fdc - ok
19:48:06.0085 3736  fdPHost - ok
19:48:06.0095 3736  FDResPub - ok
19:48:06.0095 3736  FileInfo - ok
19:48:06.0095 3736  Filetrace - ok
19:48:06.0095 3736  flpydisk - ok
19:48:06.0105 3736  FltMgr - ok
19:48:06.0105 3736  FontCache - ok
19:48:06.0105 3736  FontCache3.0.0.0 - ok
19:48:06.0115 3736  FsDepends - ok
19:48:06.0115 3736  Fs_Rec - ok
19:48:06.0115 3736  fvevol - ok
19:48:06.0115 3736  gagp30kx - ok
19:48:06.0125 3736  GDBehave - ok
19:48:06.0135 3736  GDMnIcpt - ok
19:48:06.0145 3736  GdNetMon - ok
19:48:06.0145 3736  GDPkIcpt - ok
19:48:06.0155 3736  GDScan - ok
19:48:06.0165 3736  gdwfpcd - ok
19:48:06.0165 3736  gpsvc - ok
19:48:06.0175 3736  GRD - ok
19:48:06.0215 3736  gupdate - ok
19:48:06.0235 3736  gupdatem - ok
19:48:06.0245 3736  hamachi - ok
19:48:06.0265 3736  Hamachi2Svc - ok
19:48:06.0265 3736  hcw85cir - ok
19:48:06.0275 3736  HdAudAddService - ok
19:48:06.0295 3736  HDAudBus - ok
19:48:06.0295 3736  HidBatt - ok
19:48:06.0295 3736  HidBth - ok
19:48:06.0305 3736  HidIr - ok
19:48:06.0305 3736  hidserv - ok
19:48:06.0305 3736  HidUsb - ok
19:48:06.0315 3736  hkmsvc - ok
19:48:06.0315 3736  HomeGroupListener - ok
19:48:06.0315 3736  HomeGroupProvider - ok
19:48:06.0315 3736  HookCentre - ok
19:48:06.0325 3736  HpSAMD - ok
19:48:06.0325 3736  HTTP - ok
19:48:06.0325 3736  hwpolicy - ok
19:48:06.0335 3736  i8042prt - ok
19:48:06.0335 3736  iaStor - ok
19:48:06.0335 3736  iaStorV - ok
19:48:06.0335 3736  idsvc - ok
19:48:06.0345 3736  igfx - ok
19:48:06.0345 3736  iirsp - ok
19:48:06.0365 3736  IKEEXT - ok
19:48:06.0385 3736  Impcd - ok
19:48:06.0405 3736  IntcAzAudAddService - ok
19:48:06.0405 3736  intelide - ok
19:48:06.0405 3736  intelppm - ok
19:48:06.0405 3736  IPBusEnum - ok
19:48:06.0415 3736  IpFilterDriver - ok
19:48:06.0425 3736  IPMIDRV - ok
19:48:06.0425 3736  IPNAT - ok
19:48:06.0425 3736  IRENUM - ok
19:48:06.0435 3736  isapnp - ok
19:48:06.0435 3736  iScsiPrt - ok
19:48:06.0445 3736  kbdclass - ok
19:48:06.0445 3736  kbdhid - ok
19:48:06.0455 3736  KeyIso - ok
19:48:06.0455 3736  KSecDD - ok
19:48:06.0455 3736  KSecPkg - ok
19:48:06.0455 3736  ksthunk - ok
19:48:06.0465 3736  KtmRm - ok
19:48:06.0465 3736  LanmanServer - ok
19:48:06.0465 3736  LanmanWorkstation - ok
19:48:06.0485 3736  lirsgt - ok
19:48:06.0485 3736  lltdio - ok
19:48:06.0485 3736  lltdsvc - ok
19:48:06.0495 3736  lmhosts - ok
19:48:06.0495 3736  LSI_FC - ok
19:48:06.0495 3736  LSI_SAS - ok
19:48:06.0505 3736  LSI_SAS2 - ok
19:48:06.0505 3736  LSI_SCSI - ok
19:48:06.0505 3736  luafv - ok
19:48:06.0525 3736  MBAMProtector - ok
19:48:06.0535 3736  MBAMScheduler - ok
19:48:06.0545 3736  MBAMService - ok
19:48:06.0545 3736  Mcx2Svc - ok
19:48:06.0545 3736  megasas - ok
19:48:06.0555 3736  MegaSR - ok
19:48:06.0555 3736  MMCSS - ok
19:48:06.0555 3736  Modem - ok
19:48:06.0575 3736  monitor - ok
19:48:06.0575 3736  mouclass - ok
19:48:06.0585 3736  mouhid - ok
19:48:06.0585 3736  mountmgr - ok
19:48:06.0605 3736  MozillaMaintenance - ok
19:48:06.0605 3736  mpio - ok
19:48:06.0605 3736  mpsdrv - ok
19:48:06.0605 3736  MRxDAV - ok
19:48:06.0615 3736  mrxsmb - ok
19:48:06.0615 3736  mrxsmb10 - ok
19:48:06.0615 3736  mrxsmb20 - ok
19:48:06.0625 3736  msahci - ok
19:48:06.0625 3736  msdsm - ok
19:48:06.0625 3736  MSDTC - ok
19:48:06.0635 3736  Msfs - ok
19:48:06.0645 3736  mshidkmdf - ok
19:48:06.0645 3736  msisadrv - ok
19:48:06.0645 3736  MSiSCSI - ok
19:48:06.0655 3736  msiserver - ok
19:48:06.0655 3736  MSKSSRV - ok
19:48:06.0655 3736  MSPCLOCK - ok
19:48:06.0655 3736  MSPQM - ok
19:48:06.0665 3736  MsRPC - ok
19:48:06.0665 3736  mssmbios - ok
19:48:06.0665 3736  MSTEE - ok
19:48:06.0675 3736  MTConfig - ok
19:48:06.0675 3736  Mup - ok
19:48:06.0675 3736  napagent - ok
19:48:06.0705 3736  NativeWifiP - ok
19:48:06.0715 3736  NDIS - ok
19:48:06.0715 3736  NdisCap - ok
19:48:06.0725 3736  NdisTapi - ok
19:48:06.0725 3736  Ndisuio - ok
19:48:06.0725 3736  NdisWan - ok
19:48:06.0735 3736  NDProxy - ok
19:48:06.0745 3736  NetBIOS - ok
19:48:06.0755 3736  NetBT - ok
19:48:06.0755 3736  Netlogon - ok
19:48:06.0755 3736  Netman - ok
19:48:06.0765 3736  netprofm - ok
19:48:06.0765 3736  NetTcpPortSharing - ok
19:48:06.0775 3736  nfrd960 - ok
19:48:06.0785 3736  NlaSvc - ok
19:48:06.0795 3736  nmwcd - ok
19:48:06.0795 3736  nmwcdc - ok
19:48:06.0795 3736  Npfs - ok
19:48:06.0805 3736  nsi - ok
19:48:06.0805 3736  nsiproxy - ok
19:48:06.0805 3736  Ntfs - ok
19:48:06.0805 3736  Null - ok
19:48:06.0815 3736  NVHDA - ok
19:48:06.0835 3736  nvlddmkm - ok
19:48:06.0855 3736  nvraid - ok
19:48:06.0855 3736  nvstor - ok
19:48:06.0875 3736  nvsvc - ok
19:48:06.0885 3736  nvUpdatusService - ok
19:48:06.0885 3736  nv_agp - ok
19:48:06.0895 3736  ohci1394 - ok
19:48:06.0915 3736  ose - ok
19:48:06.0925 3736  osppsvc - ok
19:48:06.0935 3736  p2pimsvc - ok
19:48:06.0935 3736  p2psvc - ok
19:48:06.0935 3736  Parport - ok
19:48:06.0935 3736  partmgr - ok
19:48:06.0945 3736  PcaSvc - ok
19:48:06.0955 3736  pccsmcfd - ok
19:48:06.0965 3736  pci - ok
19:48:06.0965 3736  pciide - ok
19:48:06.0965 3736  pcmcia - ok
19:48:06.0965 3736  pcw - ok
19:48:06.0975 3736  PEAUTH - ok
19:48:06.0975 3736  PerfHost - ok
19:48:06.0985 3736  pla - ok
19:48:06.0995 3736  PlugPlay - ok
19:48:06.0995 3736  PNRPAutoReg - ok
19:48:06.0995 3736  PNRPsvc - ok
19:48:07.0005 3736  Point64 - ok
19:48:07.0005 3736  PolicyAgent - ok
19:48:07.0005 3736  Power - ok
19:48:07.0015 3736  PptpMiniport - ok
19:48:07.0015 3736  Processor - ok
19:48:07.0015 3736  ProfSvc - ok
19:48:07.0025 3736  ProtectedStorage - ok
19:48:07.0035 3736  Psched - ok
19:48:07.0045 3736  ql2300 - ok
19:48:07.0045 3736  ql40xx - ok
19:48:07.0045 3736  QWAVE - ok
19:48:07.0045 3736  QWAVEdrv - ok
19:48:07.0055 3736  RasAcd - ok
19:48:07.0055 3736  RasAgileVpn - ok
19:48:07.0055 3736  RasAuto - ok
19:48:07.0065 3736  Rasl2tp - ok
19:48:07.0065 3736  RasMan - ok
19:48:07.0065 3736  RasPppoe - ok
19:48:07.0065 3736  RasSstp - ok
19:48:07.0075 3736  rdbss - ok
19:48:07.0075 3736  rdpbus - ok
19:48:07.0075 3736  RDPCDD - ok
19:48:07.0085 3736  RDPENCDD - ok
19:48:07.0095 3736  RDPREFMP - ok
19:48:07.0105 3736  RdpVideoMiniport - ok
19:48:07.0105 3736  RDPWD - ok
19:48:07.0115 3736  rdyboost - ok
19:48:07.0115 3736  RemoteAccess - ok
19:48:07.0115 3736  RemoteRegistry - ok
19:48:07.0125 3736  Rezip - ok
19:48:07.0135 3736  RFCOMM - ok
19:48:07.0145 3736  RpcEptMapper - ok
19:48:07.0145 3736  RpcLocator - ok
19:48:07.0145 3736  RpcSs - ok
19:48:07.0155 3736  rspndr - ok
19:48:07.0155 3736  RTL8167 - ok
19:48:07.0155 3736  SABI - ok
19:48:07.0175 3736  SAlphamHid - ok
19:48:07.0175 3736  SamSs - ok
19:48:07.0175 3736  sbp2port - ok
19:48:07.0175 3736  SCardSvr - ok
19:48:07.0185 3736  scfilter - ok
19:48:07.0185 3736  Schedule - ok
19:48:07.0185 3736  SCPolicySvc - ok
19:48:07.0195 3736  SDRSVC - ok
19:48:07.0205 3736  SearchAnonymizer - ok
19:48:07.0205 3736  secdrv - ok
19:48:07.0205 3736  seclogon - ok
19:48:07.0215 3736  SENS - ok
19:48:07.0215 3736  SensrSvc - ok
19:48:07.0225 3736  Serenum - ok
19:48:07.0225 3736  Serial - ok
19:48:07.0235 3736  sermouse - ok
19:48:07.0235 3736  ServiceLayer - ok
19:48:07.0245 3736  SessionEnv - ok
19:48:07.0245 3736  sffdisk - ok
19:48:07.0245 3736  sffp_mmc - ok
19:48:07.0255 3736  sffp_sd - ok
19:48:07.0255 3736  sfloppy - ok
19:48:07.0255 3736  ShellHWDetection - ok
19:48:07.0265 3736  SiSRaid2 - ok
19:48:07.0265 3736  SiSRaid4 - ok
19:48:07.0275 3736  SkypeUpdate - ok
19:48:07.0285 3736  Smb - ok
19:48:07.0285 3736  SMR250 - ok
19:48:07.0295 3736  SNMPTRAP - ok
19:48:07.0295 3736  spldr - ok
19:48:07.0305 3736  Spooler - ok
19:48:07.0305 3736  sppsvc - ok
19:48:07.0305 3736  sppuinotify - ok
19:48:07.0305 3736  srv - ok
19:48:07.0315 3736  srv2 - ok
19:48:07.0315 3736  srvnet - ok
19:48:07.0325 3736  SSDPSRV - ok
19:48:07.0325 3736  SstpSvc - ok
19:48:07.0335 3736  StarRAM - ok
19:48:07.0345 3736  StarRAMService - ok
19:48:07.0365 3736  Steam Client Service - ok
19:48:07.0375 3736  stexstor - ok
19:48:07.0375 3736  stisvc - ok
19:48:07.0375 3736  swenum - ok
19:48:07.0385 3736  swprv - ok
19:48:07.0395 3736  SynTP - ok
19:48:07.0395 3736  SysMain - ok
19:48:07.0405 3736  TabletInputService - ok
19:48:07.0405 3736  TapiSrv - ok
19:48:07.0405 3736  TBS - ok
19:48:07.0415 3736  Tcpip - ok
19:48:07.0425 3736  TCPIP6 - ok
19:48:07.0425 3736  tcpipreg - ok
19:48:07.0435 3736  TDPIPE - ok
19:48:07.0435 3736  TDTCP - ok
19:48:07.0435 3736  tdx - ok
19:48:07.0445 3736  TermDD - ok
19:48:07.0445 3736  TermService - ok
19:48:07.0445 3736  Themes - ok
19:48:07.0445 3736  THREADORDER - ok
19:48:07.0455 3736  TrkWks - ok
19:48:07.0455 3736  TrustedInstaller - ok
19:48:07.0455 3736  tssecsrv - ok
19:48:07.0465 3736  TsUsbFlt - ok
19:48:07.0465 3736  tunnel - ok
19:48:07.0475 3736  uagp35 - ok
19:48:07.0475 3736  udfs - ok
19:48:07.0475 3736  UI0Detect - ok
19:48:07.0495 3736  uliagpkx - ok
19:48:07.0495 3736  umbus - ok
19:48:07.0505 3736  UmPass - ok
19:48:07.0505 3736  upnphost - ok
19:48:07.0505 3736  upperdev - ok
19:48:07.0505 3736  usbccgp - ok
19:48:07.0515 3736  usbcir - ok
19:48:07.0515 3736  usbehci - ok
19:48:07.0515 3736  usbhub - ok
19:48:07.0525 3736  usbohci - ok
19:48:07.0525 3736  usbprint - ok
19:48:07.0525 3736  usbser - ok
19:48:07.0535 3736  UsbserFilt - ok
19:48:07.0535 3736  USBSTOR - ok
19:48:07.0535 3736  usbuhci - ok
19:48:07.0555 3736  usbvideo - ok
19:48:07.0555 3736  UxSms - ok
19:48:07.0555 3736  VaultSvc - ok
19:48:07.0565 3736  VClone - ok
19:48:07.0565 3736  vdrvroot - ok
19:48:07.0565 3736  vds - ok
19:48:07.0575 3736  vga - ok
19:48:07.0575 3736  VgaSave - ok
19:48:07.0575 3736  vhdmp - ok
19:48:07.0575 3736  viaide - ok
19:48:07.0585 3736  volmgr - ok
19:48:07.0585 3736  volmgrx - ok
19:48:07.0585 3736  volsnap - ok
19:48:07.0595 3736  vsmraid - ok
19:48:07.0605 3736  VSS - ok
19:48:07.0605 3736  vwifibus - ok
19:48:07.0615 3736  vwififlt - ok
19:48:07.0635 3736  vwifimp - ok
19:48:07.0635 3736  W32Time - ok
19:48:07.0645 3736  WacomPen - ok
19:48:07.0645 3736  WANARP - ok
19:48:07.0645 3736  Wanarpv6 - ok
19:48:07.0655 3736  wbengine - ok
19:48:07.0655 3736  WbioSrvc - ok
19:48:07.0655 3736  wcncsvc - ok
19:48:07.0665 3736  WcsPlugInService - ok
19:48:07.0665 3736  Wd - ok
19:48:07.0665 3736  Wdf01000 - ok
19:48:07.0665 3736  WdiServiceHost - ok
19:48:07.0675 3736  WdiSystemHost - ok
19:48:07.0675 3736  WebClient - ok
19:48:07.0675 3736  Wecsvc - ok
19:48:07.0675 3736  wercplsupport - ok
19:48:07.0685 3736  WerSvc - ok
19:48:07.0685 3736  WfpLwf - ok
19:48:07.0695 3736  WIMMount - ok
19:48:07.0695 3736  WinHttpAutoProxySvc - ok
19:48:07.0695 3736  Winmgmt - ok
19:48:07.0705 3736  WinRM - ok
19:48:07.0725 3736  WinUsb - ok
19:48:07.0725 3736  Wlansvc - ok
19:48:07.0735 3736  WmiAcpi - ok
19:48:07.0735 3736  wmiApSrv - ok
19:48:07.0735 3736  WMPNetworkSvc - ok
19:48:07.0745 3736  WPCSvc - ok
19:48:07.0745 3736  WPDBusEnum - ok
19:48:07.0745 3736  ws2ifsl - ok
19:48:07.0765 3736  WSearch - ok
19:48:07.0765 3736  wuauserv - ok
19:48:07.0765 3736  WudfPf - ok
19:48:07.0775 3736  WUDFRd - ok
19:48:07.0775 3736  wudfsvc - ok
19:48:07.0775 3736  WwanSvc - ok
19:48:07.0795 3736  yukonw7 - ok
19:48:07.0825 3736  ================ Scan global ===============================
19:48:07.0825 3736  [Global] - ok
19:48:07.0825 3736  ================ Scan MBR ==================================
19:48:07.0835 3736  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
19:48:08.0195 3736  \Device\Harddisk0\DR0 - ok
19:48:08.0195 3736  ================ Scan VBR ==================================
19:48:08.0195 3736  ============================================================
19:48:08.0195 3736  Scan finished
19:48:08.0195 3736  ============================================================
19:48:08.0205 4356  Detected object count: 0
19:48:08.0205 4356  Actual detected object count: 0
19:48:14.0875 1564  Deinitialize success
         

hi,
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Mein Problem ist grad, dass sich G Data nicht ausschalten lässt. Wächter und automatische Virenprüfung sind eigentlich aus, trotzdem kommen ständig Meldungen von G Data. Per Taskmanager killen kann ich den Prozess auch nicht.