|
Plagegeister aller Art und deren Bekämpfung: Rechner verhält sich komisch - Virus, Trojaner,...?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.04.2013, 02:10 | #1 |
| Rechner verhält sich komisch - Virus, Trojaner,...? Hallo, mein Rechner macht mir Sorgen. Seit einiger Zeit ist er gelegentlich deutlich langsamer und harkt oftmals mittendrin (z.B. bei Firefox). Die Grafikkarte ist auch sehr laut geworden, also ob der Rechner stärker belastet wird (ich habe aber keine Änderungen durchgeführt). Kann ich irgendwie überprüfen ob ich mir etwas eingefangen habe? Manche Dinge kommen mir komisch vor. Ist es zum Beispiel normal wenn ich im Task Manager unter den Prozessen ("alle Benutzer") 12x svchost.exe laufen habe? Da sind auch viele doppelte Prozesse dabei. Viele Grüße, sphagnicola |
03.04.2013, 07:22 | #2 |
/// Malwareteam | Rechner verhält sich komisch - Virus, Trojaner,...?Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld
__________________ |
03.04.2013, 07:54 | #3 |
/// Malwareteam | Rechner verhält sich komisch - Virus, Trojaner,...?Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 2 Bitte lade dir GMER herunter: (Dateiname zufällig)Schritt 3 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________ |
04.04.2013, 00:50 | #4 |
| Rechner verhält sich komisch - Virus, Trojaner,...? Danke schon einmal für deine Mühe! Die Datei von defogger (die auf dem Desktop gespeicherte Datei hieß aber nicht defogger_disable.txt, sondern defogger_disable.log): defogger_disable by jpshortstuff (23.02.10.1) Log created at 01:25 on 04/04/2013 (Sebastian) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- GMER Report: GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - GMER - Rootkit Detector and Remover Rootkit scan 2013-04-04 01:34:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST315003 rev.CC4G 1397,27GB Running: gmer_2.1.19155.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\fglyauoc.sys ---- Threads - GMER 2.1 ---- Thread [800:880] 000000007726aec0 Thread [800:144] 000000007726fbc0 Thread [800:376] 000000007726fbc0 Thread [800:416] 000000007726fbc0 Thread [800:428] 000000007726fbc0 Thread [800:424] 000000007726fbc0 Thread [800:520] 000000007726fbc0 Thread [800:2132] 000000007726fbc0 Thread [800:3856] 000000007726fbc0 Thread [800:1232] 000000007726fbc0 Thread C:\Windows\System32\svchost.exe [1096:1528] 000007fef9f059a0 Thread C:\Windows\System32\svchost.exe [1096:3868] 000007fef67214a0 Thread C:\Windows\System32\svchost.exe [1096:3944] 000007fef63820c0 Thread C:\Windows\System32\svchost.exe [1096:4008] 000007fef63826a8 Thread C:\Windows\System32\svchost.exe [1096:4072] 000007fef62ca2b0 Thread C:\Windows\System32\svchost.exe [1096:4448] 000007fef82a88f8 Thread C:\Windows\System32\svchost.exe [1096:4716] 000007fefd151a70 Thread C:\Windows\System32\svchost.exe [1096:5404] 000007fef7eb44e0 Thread C:\Windows\System32\svchost.exe [1096:5588] 000007feef513efc Thread C:\Windows\System32\svchost.exe [1096:5680] 000007feef788a4c Thread C:\Windows\System32\svchost.exe [1096:2412] 000007fef63829dc Thread C:\Windows\System32\spoolsv.exe [1636:2140] 000007fef87b10c8 Thread C:\Windows\System32\spoolsv.exe [1636:2536] 000007fef81f6144 Thread C:\Windows\System32\spoolsv.exe [1636:2540] 000007fef8535fd0 Thread C:\Windows\System32\spoolsv.exe [1636:2544] 000007fef8343438 Thread C:\Windows\System32\spoolsv.exe [1636:2548] 000007fef85363ec Thread C:\Windows\System32\spoolsv.exe [1636:2560] 000007fef8875e5c Thread C:\Windows\System32\spoolsv.exe [1636:2592] 0000000001f5e0bc Thread C:\Windows\system32\svchost.exe [2892:2932] 000007fef8535fd0 Thread C:\Windows\system32\svchost.exe [2892:2936] 000007fef8343438 Thread C:\Windows\system32\svchost.exe [2892:2940] 000007fef85363ec Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3084:3160] 00000000727d102d Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3084:3168] 00000000724af1dc Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3084:3184] 00000000724af1dc Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3084:3188] 00000000724a55d3 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3084:3404] 000000007277c159 Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [3416:3572] 000000007199473d Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [3416:3588] 00000000719a5ced Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [3416:2136] 00000000763ed864 Thread C:\Windows\System32\WUDFHost.exe [3104:3444] 000007fef61724a0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5068:4856] 000007fefbcc2a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5068:4480] 000007feed5ed618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5068:5280] 000007fef8245124 ---- EOF - GMER 2.1 ---- OTL OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.04.2013 01:38:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 81,36% Memory free 15,96 Gb Paging File | 13,80 Gb Available in Paging File | 86,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1384,85 Gb Total Space | 731,05 Gb Free Space | 52,79% Space Free | Partition Type: NTFS Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) PRC - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu () MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RBScript.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\XML.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CGamma.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RegEx.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Appearance Pak.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CSensor.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Shell.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll () ========== Services (SafeList) ========== SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Macromedia Licensing Service) -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (Spyder3) -- C:\Windows\SysNative\drivers\Spyder3.sys () DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: oce%40imperia.de:0.9.5.18 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.13 17:37:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.08.13 11:10:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 12:14:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 12:26:14 | 000,000,000 | ---D | M] [2011.05.10 20:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions [2013.02.23 20:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\hor1jz9o.default-1353108936275\extensions [2013.02.23 20:15:01 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\hor1jz9o.default-1353108936275\extensions\firebug@software.joehewitt.com.xpi [2012.11.20 00:23:50 | 000,088,602 | ---- | M] () (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\hor1jz9o.default-1353108936275\extensions\oce@imperia.de.xpi [2012.03.17 04:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.12 12:14:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll O1 HOSTS File: ([2011.05.12 13:09:56 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 sams.nikonimaging.com O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120701140422.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120701140422.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C65ED75B-DF41-43D3-9164-8B07E2084D59}: DhcpNameServer = 192.168.100.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4BB49B4-1A18-4980-B879-47C5F1F05D47}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.04 01:36:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe [2013.04.04 01:13:38 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{74806B54-4F2D-4A18-BF2F-981125A0C19D} [2013.04.02 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{225CE963-1A6A-414F-85D8-E933F0BE6E67} [2013.04.02 00:03:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{152C2AEA-AD24-4358-B29B-1046B0964BB3} [2013.03.29 01:06:06 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{D4CE5FDA-54DC-46D1-A8E2-6C9318D1BAEF} [2013.03.28 13:05:54 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7E953E6E-FC3F-4A26-AB03-F18BF88080C3} [2013.03.28 11:42:46 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.03.28 11:42:46 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.03.28 11:42:46 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2013.03.28 11:42:46 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2013.03.28 11:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2013.03.28 11:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared [2013.03.28 11:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark [2013.03.28 11:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark [2013.03.28 11:31:32 | 612,962,040 | ---- | C] (Acresso Software Inc.) -- C:\Users\Sebastian\Desktop\3DMark06_v120_1901_universal.exe [2013.03.27 22:53:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C0AD6F26-328F-4257-8207-F3B5BED65E42} [2013.03.27 21:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.27 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{961EC8CE-7DDC-480D-87AE-3873F62468F5} [2013.03.26 15:35:56 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{77AF463D-4FE7-4CFC-BD13-59DFBCDFA4C4} [2013.03.25 17:52:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{6AE66F82-48E3-48BE-96EA-2030C92BF27C} [2013.03.23 14:53:52 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C486F88E-E77E-47B0-B4E6-748D2211D215} [2013.03.23 13:28:37 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E348CBF0-BC2B-476E-8390-482A5957E07C} [2013.03.23 01:28:12 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{74A91CBF-F9F5-4131-A6A1-600C09043B49} [2013.03.22 12:53:17 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{5DF5730B-280F-4A7C-B62C-86F19BECDD33} [2013.03.22 00:23:19 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{B5EA6352-C492-49A5-B36E-6A1247953325} [2013.03.21 12:22:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7ADE6515-0DEB-4E65-BC73-71FBC100F230} [2013.03.20 23:25:02 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{2401641C-4D65-4526-9BA7-B65E4B8D2F4F} [2013.03.20 22:50:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.20 11:24:50 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7523BDF3-8AC0-4C25-9F7F-1F356B0BF73A} [2013.03.19 23:24:26 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{F58FCB79-203B-4578-AC78-02023CF9A7CE} [2013.03.19 11:24:14 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{28DCF6B7-E804-46DC-B70E-5EAC7AC2126E} [2013.03.18 22:30:05 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{3D4A36B3-7DE3-43B8-8A95-1D08E35E0463} [2013.03.18 10:29:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E59CB382-4C69-4A3A-944D-55F5F100DC3F} [2013.03.17 22:07:41 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{985DF1AE-F56C-4226-86F6-AC0ADE5777AA} [2013.03.16 12:17:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{BEB30B96-848D-4C77-BDC5-8C03EC48C373} [2013.03.15 10:10:09 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{FCADF748-2BC3-4748-B328-E2B6680CFD76} [2013.03.14 10:51:00 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0C340A67-8473-4B93-AA7B-3A757F5DD586} [2013.03.13 11:55:39 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{1D6DF0C0-51E4-4BCB-A4C0-B2A3BDB9DB33} [2013.03.13 03:00:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 03:00:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 03:00:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 03:00:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 03:00:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 03:00:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 03:00:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.13 03:00:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.13 03:00:05 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.13 03:00:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.13 03:00:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.13 03:00:05 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 03:00:04 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.13 03:00:04 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.13 03:00:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.13 02:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.13 02:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.13 02:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.12 23:55:15 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0F1F4F7E-6D48-4F56-952E-56C5F4479E56} [2013.03.12 11:57:05 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.12 11:56:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.12 11:56:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.12 11:56:54 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.12 11:55:03 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{A818974B-6537-4B0D-9A59-88040111D22C} [2013.03.05 23:58:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{56274CDF-5586-41F2-AD05-141CE9C2CDA1} [2013.03.05 11:58:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{6DD0DE3F-687F-4B33-BDF1-19FB0138D08F} [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Sebastian\Desktop\*.tmp files -> C:\Users\Sebastian\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.04 01:36:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe [2013.04.04 01:27:28 | 000,377,856 | ---- | M] () -- C:\Users\Sebastian\Desktop\gmer_2.1.19155.exe [2013.04.04 01:27:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.04 01:25:20 | 000,000,000 | ---- | M] () -- C:\Users\Sebastian\defogger_reenable [2013.04.04 01:24:31 | 000,050,477 | ---- | M] () -- C:\Users\Sebastian\Desktop\Defogger.exe [2013.04.04 01:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.04 01:09:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.03 21:37:55 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.03 21:37:55 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.03 21:30:44 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.03 21:30:29 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys [2013.04.02 03:43:41 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT [2013.04.02 03:17:26 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT [2013.03.28 16:07:29 | 000,001,456 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2013.03.28 14:59:37 | 000,015,789 | ---- | M] () -- C:\Users\Sebastian\Desktop\Copyright.jpg [2013.03.28 14:58:43 | 001,144,346 | ---- | M] () -- C:\Users\Sebastian\Desktop\Copyright.psd [2013.03.28 11:42:46 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.03.28 11:42:46 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.03.28 11:42:46 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2013.03.28 11:42:46 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2013.03.28 11:38:50 | 612,962,040 | ---- | M] (Acresso Software Inc.) -- C:\Users\Sebastian\Desktop\3DMark06_v120_1901_universal.exe [2013.03.28 11:32:22 | 000,007,652 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg [2013.03.27 21:56:55 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.21 11:34:55 | 000,000,132 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Adobe GIF Format CS5 Prefs [2013.03.21 11:32:55 | 001,448,465 | ---- | M] () -- C:\Users\Sebastian\Desktop\Unbenannt-1.psd [2013.03.18 20:54:51 | 000,000,132 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Adobe PNG Format CS5 Prefs [2013.03.13 12:19:37 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 12:19:37 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.12 11:56:51 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.12 11:56:49 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.12 11:56:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.12 11:56:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.12 11:56:48 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.12 11:56:48 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Sebastian\Desktop\*.tmp files -> C:\Users\Sebastian\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.04 01:27:28 | 000,377,856 | ---- | C] () -- C:\Users\Sebastian\Desktop\gmer_2.1.19155.exe [2013.04.04 01:25:20 | 000,000,000 | ---- | C] () -- C:\Users\Sebastian\defogger_reenable [2013.04.04 01:24:31 | 000,050,477 | ---- | C] () -- C:\Users\Sebastian\Desktop\Defogger.exe [2013.03.28 14:59:34 | 000,015,789 | ---- | C] () -- C:\Users\Sebastian\Desktop\Copyright.jpg [2013.03.27 22:25:45 | 001,144,346 | ---- | C] () -- C:\Users\Sebastian\Desktop\Copyright.psd [2013.03.27 21:56:55 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.18 19:10:40 | 001,448,465 | ---- | C] () -- C:\Users\Sebastian\Desktop\Unbenannt-1.psd [2013.01.30 05:10:25 | 000,007,652 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg [2012.10.10 16:38:22 | 000,479,200 | -H-- | C] () -- C:\Users\Sebastian\.BridgeCacheT [2012.10.10 16:38:22 | 000,025,858 | -H-- | C] () -- C:\Users\Sebastian\.BridgeCache [2012.08.15 22:50:23 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012.08.12 11:11:54 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe AIFF Format CS5 Prefs [2012.07.12 00:43:36 | 000,986,523 | ---- | C] () -- C:\Users\Sebastian\_DSC7309.jpg [2012.02.02 18:48:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2012.01.15 01:09:08 | 000,000,244 | ---- | C] () -- C:\Windows\mobjects.ini [2012.01.02 22:04:37 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2012.01.02 22:04:37 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011.08.22 21:55:07 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.07.05 11:04:21 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Multipressor [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Metadata Importer [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Master [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Mallets [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Mail [2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.06.26 15:09:27 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.05.12 13:19:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\StartupItems [2011.05.12 13:19:39 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bass Reduction [2011.05.12 01:47:06 | 000,001,456 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.05.11 17:36:03 | 001,371,098 | ---- | C] () -- C:\Users\Sebastian\grypus_Helgoland_291210-007.jpg [2011.05.11 12:09:41 | 000,000,508 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.10 20:39:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard Tool [2011.05.10 20:39:40 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Specifications [2011.05.10 20:39:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT [2011.05.10 20:39:40 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bass [2011.05.10 20:39:33 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Speech Enhancer [2011.05.10 20:33:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2011.05.07 02:36:33 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.06 18:09:38 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2011.05.06 18:09:38 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2011.05.06 18:09:38 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2011.05.06 18:09:37 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.05.06 18:09:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.05.06 17:54:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{79145b63-5e27-e084-89a0-7dfa039786d8}\L [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Sebastian\AppData\Local\{79145b63-5e27-e084-89a0-7dfa039786d8}\L [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Sebastian\AppData\Local\{79145b63-5e27-e084-89a0-7dfa039786d8}\U [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.08.22 22:09:39 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.09.12 04:32:55 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\com.adobe.DC3Module.AdobeADC [2011.05.10 20:28:04 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.09.05 18:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Command and Conquer 4 [2011.12.25 20:53:30 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\EPSON [2013.03.21 17:32:18 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\FileZilla [2012.08.15 13:02:21 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\IrfanView [2011.05.11 16:25:06 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\NeatImage PS 64 [2012.08.13 11:10:48 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Nikon [2013.01.02 18:49:47 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Notepad++ [2012.01.18 00:29:33 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Opera [2012.11.15 20:53:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Origin [2013.03.18 00:46:42 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\SoftGrid Client [2011.05.11 00:34:07 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.05.10 20:49:12 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TP [2011.05.11 13:57:27 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.04.2013 01:38:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 81,36% Memory free 15,96 Gb Paging File | 13,80 Gb Available in Paging File | 86,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1384,85 Gb Total Space | 731,05 Gb Free Space | 52,79% Space Free | Partition Type: NTFS Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01E4B30E-9A71-4ADA-B644-632C134CC445}" = lport=139 | protocol=6 | dir=in | app=system | "{058BE1B8-2F1E-4F2D-B038-FC73D09B9A83}" = rport=137 | protocol=17 | dir=out | app=system | "{271CF133-4497-4F8B-982C-3C58A7974A5B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{28AD039F-E2F6-4803-B5A4-B6E4747AF47F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3B7730B6-11E7-4343-9D90-98204C4AFAF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{43B0D46B-86AC-4593-8444-E6D617E3022B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4F0D235C-A421-4909-B57F-EBE6A622E16B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{61E49E05-F40A-47D1-A2BB-0FD5A547BCAA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{663CBDFE-F086-477D-B03C-556D376E64C9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{668ABB36-141E-464C-ACDD-93FB4E8E88AD}" = rport=10243 | protocol=6 | dir=out | app=system | "{680CC1B0-9E33-40E4-AF69-1DB50913FEA9}" = lport=445 | protocol=6 | dir=in | app=system | "{89CAB581-3698-49B2-9E59-114543E6CF37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8BF3E4EB-F2B6-48FB-A21F-EDCAF20E1741}" = lport=10243 | protocol=6 | dir=in | app=system | "{8E8AE1C6-33FC-4CFC-B958-46FD92D2F26E}" = rport=139 | protocol=6 | dir=out | app=system | "{9A9C00E3-464F-483C-BAF5-2FE7C33FD3FF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AC80FEA4-3D65-4298-A6EB-2AC507997B4C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B729EBE9-1D75-4DFB-92CB-3B39BF56DCFA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{C373F06E-AE13-4012-8D46-148BA949D104}" = rport=138 | protocol=17 | dir=out | app=system | "{DA43A349-67FD-472F-9948-036C37CF0669}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E96363AC-EAED-4B2F-B3D6-25C3344D5D2E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E9DC6326-B743-464C-A561-F7DBF287AB89}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E9ECB833-19C0-4F6C-881E-8E3B812A91E0}" = lport=2869 | protocol=6 | dir=in | app=system | "{EC101DCA-2EEA-4669-9836-86A901931F8C}" = lport=138 | protocol=17 | dir=in | app=system | "{ECD29807-E070-4070-9458-17D3FD498AD8}" = rport=445 | protocol=6 | dir=out | app=system | "{F8FF7AEA-5E01-4C9C-9EA6-5AA553F0E189}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FCFA9A55-A8C1-4645-A49A-80B2CC04A60C}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04066DA3-4289-4137-A06C-04CE376D0350}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{0607E14A-D043-432A-8FBD-DF502BA704B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{09820638-96AE-43CF-B4B4-E4964881B8B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0DE1259A-99A3-4C5A-BA3A-008D719B89F4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{19D9FFCA-EF56-4BFC-BCBA-28936EA57381}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{1E8F4506-2E49-4E04-82DB-99A7E5FD3DA4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2290DCCA-BBB3-40C0-9D74-DA6E69792641}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2ED27918-3EDF-4D28-A3F2-95A2F0B57B46}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | "{30EF04EC-958B-4366-AEB8-0F9F44415673}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{366BA739-1E36-4080-96F4-CF4CE8C540D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3AB3A996-D37F-4953-BE0E-E6E247A32541}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{3D811E06-12E4-4D95-9EAA-3259AFBFA6F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{44600033-D75D-4163-9E52-8345C353216B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{48C085F0-FA66-4C6F-BE75-CF057C09DE73}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{50A8946E-7091-433A-A12D-0B07E0B258F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | "{5CE59D45-10D5-43FD-AA84-991DFAAD6C01}" = dir=in | app=%programfiles% (x86)\nikon\nikon message center 2\nkmc2.exe | "{642376C3-5535-4A88-B0E1-816BF589109D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{66F9FAD8-7A54-4A8F-B7FE-C842C99C92B2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{82E15888-2F4A-4E80-9E74-7F7535373A7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8C43F768-352B-48B6-8A95-EE98ECACB59C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8E265C21-8940-4625-81D6-59566E76C301}" = dir=out | app=%programfiles% (x86)\nikon\nikon message center 2\nkmc2.exe | "{99AAB885-8BA9-40CF-A908-8E5AC82985EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AC851886-AFC3-4354-BED3-E41A640CCB3A}" = dir=in | app=c:\windows\system32\hasplms.exe | "{ADF83E6B-6C35-4859-A9C4-AAB46DAEEC0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B2A7613F-85B4-44F7-A309-003A6489D82E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | "{C088E283-B3F5-443F-A59F-81AC57C11CE9}" = protocol=6 | dir=out | app=system | "{C7DF668F-6D62-43C2-9378-EBEFBC4A2D45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CDE1FF60-C5C2-4CD8-B078-DC0F4D26D54F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{D525E825-785A-4179-8496-70DBC24B1283}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{D5E0E353-592C-4415-801A-DC18342BF655}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{DDABF9B4-CD50-4999-9DA4-82A13C67ED05}" = dir=out | app=%programfiles% (x86)\nikon\capture nx 2\capture nx 2.exe | "{E7A0455E-0102-416A-B0A2-B70EAAE1B21A}" = dir=in | app=%programfiles% (x86)\nikon\capture nx 2\capture nx 2.exe | "{F0F15499-2C8A-4022-AB80-ED41AC78F808}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F627E0B4-F953-487E-A583-2384CC379725}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{FEC3DB65-6897-48ED-B59D-550EE35C579F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{87114EA9-FCEA-454E-A3EE-21DE62562FDB}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game | "TCP Query User{8AE4A3DE-7EBF-408F-BD6E-3D037C476561}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{E0D88A0D-FA58-46EC-B6D2-A2657661EB9B}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{80131195-4150-4A89-810E-C9A7BCF74F95}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{B568655D-98B6-4F50-8A89-5B276C141F42}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game | "UDP Query User{F59CDC4C-9008-46D4-911D-6A5113CE76B1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{1EE2A29D-1D30-5546-2305-EDB418EBCEFD}" = ccc-utility64 "{2CA3495A-46E9-4E03-866F-8B9B0AD177CA}" = Microsoft Camera Codec Pack "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{881F6DFF-9090-E49F-4CF7-4827705D0F56}" = ATI Catalyst Install Manager "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6F37831-C06A-4E0A-9E3B-10AC3A1F537E}" = ATI AVIVO64 Codecs "DW WLAN Card" = DW WLAN Card "EPSON S22 Series" = EPSON S22 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "Neat Image plug-in for Photoshop_is1" = Neat Image v7.0 Demo plug-in for Photoshop (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{17407164-F2AD-4E04-886B-8060D503F21C}" = Dell MusicStage "{185CE178-48CD-3588-3229-533617DDC1AD}" = CCC Help Finnish "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1BF5CA6C-C8BE-1770-F4BE-8CC6FB86DD5B}" = CCC Help Greek "{1C1473A1-1A26-4C8F-9548-A52D03066CE7}" = Catalyst Control Center - Branding "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{36842FC7-F4A5-E25F-1068-916EB9CF0BC7}" = CCC Help Spanish "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3958FD3B-1D45-4468-E037-106691DD86AB}" = CCC Help Swedish "{3DE92282-CB49-434F-81BF-94E5B380E889}" = Die Sims™ 3 Jahreszeiten "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{405263FC-E3B5-4CA4-A619-783D7176D25C}" = CCC Help Norwegian "{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader "{44E5BA62-0210-64FA-0E82-5D3A01B0B779}" = CCC Help Dutch "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A24C59F-689D-4B0F-3B39-B6DB3D8D7298}" = CCC Help Chinese Traditional "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{5E558E4F-6630-E777-04A3-1775A4429626}" = Catalyst Control Center InstallProxy "{5FD58FE9-90E9-AAE3-5EC9-C1292CE8E118}" = CCC Help German "{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{66336E9B-5482-B5FB-94F0-405874EE3541}" = Adobe Download Assistant "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{66E89BFB-BF09-1FF1-B4CF-01934C4AF5E9}" = Catalyst Control Center Localization All "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6BFA6B05-8BBA-0B9E-25D4-3FA20E5D604C}" = CCC Help Japanese "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7329D06E-012D-2AE1-952E-F12BC9551DB6}" = CCC Help Portuguese "{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari "{73CA459A-3A47-EEBA-1BBD-E9A684A94CB1}" = CCC Help Czech "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{840F1343-C902-A552-64E8-D5C37C7A62D2}" = CCC Help Italian "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A40FB177-D824-CBC1-DD77-87E6F8614C54}" = ccc-core-static "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A590C358-ACC1-3654-0473-77857D73214A}" = CCC Help English "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AACC8417-9D5D-A0B4-3A5C-03DB3DF030AD}" = CCC Help Korean "{AB1723E2-05BC-49C1-86AB-409764C0E608}" = Dell Stage "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B196A780-B79C-4F35-976D-D3A9D63076BE}" = CCC Help Russian "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{BFFE230A-8520-423D-8A22-DB82C9922925}" = Das Interaktive Kartenwerk. Deutschland "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch "{C143FE2D-8B52-A8AD-8A90-5A8F32B77D89}" = CCC Help Hungarian "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C7BEFFC9-2D4E-3E80-A3C4-FBCE1D8D0771}" = CCC Help Chinese Standard "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D8961DCD-84AF-281C-F3DD-A5109A17DBE0}" = CCC Help Thai "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA32037B-5A44-A050-E107-A172FEA36C87}" = CCC Help French "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5856DAC-D612-4B66-BD10-76720817E1BC}" = Brandenburg Berlin 2.0 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F690BD28-335C-B221-F8ED-17CF552AC0F9}" = CCC Help Danish "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FABAB9BD-E97B-187D-9A8C-46DDED643981}" = CCC Help Polish "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Capture NX 2" = Capture NX 2 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.dmp.contentviewer" = Adobe Content Viewer "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser "DeInst_d2vexcrdTop50 Viewer (Build 1.0.5.388)" = Top50 Viewer "EPSON Scanner" = EPSON Scan "FileZilla Client" = FileZilla Client 3.5.2 "InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "m.objects v5" = m.objects v5 "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "ODBC" = ODBC "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "OpenAL" = OpenAL "Opera 11.51.1087" = Opera 11.51 "Origin" = Origin "Spyder3Express" = Spyder3Express "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.07.2012 16:28:54 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10 Description = Error - 27.07.2012 16:49:50 | Computer Name = Sebastian-PC | Source = Application Hang | ID = 1002 Description = Programm Capture NX 2.exe, Version 2.2.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1098 Startzeit: 01cd6c386058597f Endzeit: 7 Anwendungspfad: C:\Program Files (x86)\Nikon\Capture NX 2\Capture NX 2.exe Berichts-ID: 98622093-d82c-11e1-a7a6-782bcb94fad5 Error - 27.07.2012 16:56:35 | Computer Name = Sebastian-PC | Source = Application Hang | ID = 1002 Description = Programm Capture NX 2.exe, Version 2.2.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c94 Startzeit: 01cd6c395fdedb92 Endzeit: 13 Anwendungspfad: C:\Program Files (x86)\Nikon\Capture NX 2\Capture NX 2.exe Berichts-ID: 8a4efdab-d82d-11e1-a7a6-782bcb94fad5 Error - 28.07.2012 05:10:29 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10 Description = Error - 28.07.2012 07:00:03 | Computer Name = Sebastian-PC | Source = PC-Doctor | ID = 1 Description = Error - 28.07.2012 07:00:03 | Computer Name = Sebastian-PC | Source = PC-Doctor | ID = 1 Description = Error - 28.07.2012 19:32:09 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10 Description = Error - 29.07.2012 04:07:25 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10 Description = Error - 29.07.2012 07:00:02 | Computer Name = Sebastian-PC | Source = PC-Doctor | ID = 1 Description = Error - 29.07.2012 07:00:02 | Computer Name = Sebastian-PC | Source = PC-Doctor | ID = 1 Description = Error - 30.07.2012 01:09:26 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10 Description = [ Dell Events ] Error - 11.02.2013 19:32:58 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 12.02.2013 21:54:33 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 12.02.2013 21:54:33 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 13.02.2013 05:42:04 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 13.02.2013 05:42:04 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 05.03.2013 17:35:26 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 05.03.2013 17:35:26 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 12.03.2013 16:55:20 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 12.03.2013 16:55:20 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 01.04.2013 18:02:54 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. [ Media Center Events ] Error - 23.03.2013 09:30:46 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0 Description = 14:30:46 - Fehler beim Herstellen der Internetverbindung. 14:30:46 - Serververbindung konnte nicht hergestellt werden.. Error - 23.03.2013 09:31:19 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0 Description = 14:31:15 - Fehler beim Herstellen der Internetverbindung. 14:31:15 - Serververbindung konnte nicht hergestellt werden.. Error - 23.03.2013 10:31:50 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0 Description = 15:31:50 - Fehler beim Herstellen der Internetverbindung. 15:31:50 - Serververbindung konnte nicht hergestellt werden.. Error - 23.03.2013 10:32:20 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0 Description = 15:32:20 - Fehler beim Herstellen der Internetverbindung. 15:32:20 - Serververbindung konnte nicht hergestellt werden.. Error - 23.03.2013 11:32:51 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0 Description = 16:32:51 - Fehler beim Herstellen der Internetverbindung. 16:32:51 - Serververbindung konnte nicht hergestellt werden.. Error - 23.03.2013 11:33:21 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0 Description = 16:33:21 - Fehler beim Herstellen der Internetverbindung. 16:33:21 - Serververbindung konnte nicht hergestellt werden.. Error - 23.03.2013 12:33:52 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0 Description = 17:33:52 - Fehler beim Herstellen der Internetverbindung. 17:33:52 - Serververbindung konnte nicht hergestellt werden.. Error - 23.03.2013 12:34:22 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0 Description = 17:34:22 - Fehler beim Herstellen der Internetverbindung. 17:34:22 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 22.03.2013 06:49:19 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 22.03.2013 06:49:19 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 23.03.2013 11:49:04 | Computer Name = Sebastian-PC | Source = NetBT | ID = 4321 Description = Der Name "SEBASTIAN-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.2 registriert werden. Der Computer mit IP-Adresse 192.168.1.3 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 24.03.2013 08:33:52 | Computer Name = Sebastian-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.147.245.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: Microsoft Deutschland | Geräte und Dienste Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9302.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 01.04.2013 17:47:12 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 01.04.2013 17:47:12 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 01.04.2013 18:24:39 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 01.04.2013 18:24:39 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 02.04.2013 13:16:34 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 02.04.2013 13:16:34 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433 Description = < End of report > |
04.04.2013, 13:03 | #5 |
/// Malwareteam | Rechner verhält sich komisch - Virus, Trojaner,...? Hallo Sphagnicola Ich sehe Reste von Zero Access (Rootkit) daher machen wir so weiter.... Schritt 1 Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Geändert von Aneri (04.04.2013 um 13:11 Uhr) |
04.04.2013, 16:10 | #6 |
| Rechner verhält sich komisch - Virus, Trojaner,...? Hallo, hier die File nach dem ersten Durchlauf ("1 Fund"): Malwarebytes Anti-Rootkit BETA 1.01.0.1022 www.malwarebytes.org Database version: v2013.04.04.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sebastian :: SEBASTIAN-PC [administrator] 04.04.2013 16:37:05 mbar-log-2013-04-04 (16-37-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29215 Time elapsed: 9 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 c:\Windows\Installer\{79145b63-5e27-e084-89a0-7dfa039786d8}\L (Backdoor.0Access) -> Delete on reboot. Files Detected: 0 (No malicious items detected) (end) Danach hab ich Cleanup gedrückt, es wurde aber kein Neustart verlangt. Hab ich trotzdem gemacht und nochmal drüber laufen gelassen. Hier das Ergebnis nach dem 2. Durchlauf ("Kein Fund"): Malwarebytes Anti-Rootkit BETA 1.01.0.1022 www.malwarebytes.org Database version: v2013.04.04.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sebastian :: SEBASTIAN-PC [administrator] 04.04.2013 17:06:07 mbar-log-2013-04-04 (17-06-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29168 Time elapsed: 13 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
04.04.2013, 20:01 | #8 |
| Rechner verhält sich komisch - Virus, Trojaner,...?Code:
ATTFilter OTL logfile created on: 04.04.2013 20:52:53 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 73,91% Memory free 15,96 Gb Paging File | 13,49 Gb Available in Paging File | 84,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1384,85 Gb Total Space | 731,39 Gb Free Space | 52,81% Space Free | Partition Type: NTFS Drive D: | 2,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe () PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) PRC - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu () MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RBScript.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\XML.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CGamma.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RegEx.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Appearance Pak.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CSensor.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Shell.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll () ========== Services (SafeList) ========== SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Macromedia Licensing Service) -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (Spyder3) -- C:\Windows\SysNative\drivers\Spyder3.sys () DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: oce%40imperia.de:0.9.5.18 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.13 17:37:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.08.13 11:10:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 12:14:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 12:26:14 | 000,000,000 | ---D | M] [2011.05.10 20:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions [2013.02.23 20:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\hor1jz9o.default-1353108936275\extensions [2013.02.23 20:15:01 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\hor1jz9o.default-1353108936275\extensions\firebug@software.joehewitt.com.xpi [2012.11.20 00:23:50 | 000,088,602 | ---- | M] () (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\hor1jz9o.default-1353108936275\extensions\oce@imperia.de.xpi [2012.03.17 04:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.12 12:14:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll O1 HOSTS File: ([2011.05.12 13:09:56 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 sams.nikonimaging.com O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120701140422.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120701140422.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C65ED75B-DF41-43D3-9164-8B07E2084D59}: DhcpNameServer = 192.168.100.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4BB49B4-1A18-4980-B879-47C5F1F05D47}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.04 16:25:40 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\mbar-1.01.0.1022 [2013.04.04 13:14:02 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C4A81773-FBF7-4FFD-B704-21B3C01BA672} [2013.04.04 11:41:23 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\20130404_093258 [2013.04.04 01:36:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe [2013.04.04 01:13:38 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{74806B54-4F2D-4A18-BF2F-981125A0C19D} [2013.04.02 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{225CE963-1A6A-414F-85D8-E933F0BE6E67} [2013.04.02 00:03:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{152C2AEA-AD24-4358-B29B-1046B0964BB3} [2013.03.29 01:06:06 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{D4CE5FDA-54DC-46D1-A8E2-6C9318D1BAEF} [2013.03.28 13:05:54 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7E953E6E-FC3F-4A26-AB03-F18BF88080C3} [2013.03.28 11:42:46 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.03.28 11:42:46 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.03.28 11:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2013.03.28 11:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared [2013.03.28 11:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark [2013.03.28 11:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark [2013.03.28 11:31:32 | 612,962,040 | ---- | C] (Acresso Software Inc.) -- C:\Users\Sebastian\Desktop\3DMark06_v120_1901_universal.exe [2013.03.27 22:53:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C0AD6F26-328F-4257-8207-F3B5BED65E42} [2013.03.27 21:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.27 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{961EC8CE-7DDC-480D-87AE-3873F62468F5} [2013.03.26 15:35:56 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{77AF463D-4FE7-4CFC-BD13-59DFBCDFA4C4} [2013.03.25 17:52:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{6AE66F82-48E3-48BE-96EA-2030C92BF27C} [2013.03.23 14:53:52 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C486F88E-E77E-47B0-B4E6-748D2211D215} [2013.03.23 13:28:37 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E348CBF0-BC2B-476E-8390-482A5957E07C} [2013.03.23 01:28:12 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{74A91CBF-F9F5-4131-A6A1-600C09043B49} [2013.03.22 12:53:17 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{5DF5730B-280F-4A7C-B62C-86F19BECDD33} [2013.03.22 00:23:19 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{B5EA6352-C492-49A5-B36E-6A1247953325} [2013.03.21 12:22:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7ADE6515-0DEB-4E65-BC73-71FBC100F230} [2013.03.20 23:25:02 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{2401641C-4D65-4526-9BA7-B65E4B8D2F4F} [2013.03.20 11:24:50 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7523BDF3-8AC0-4C25-9F7F-1F356B0BF73A} [2013.03.19 23:24:26 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{F58FCB79-203B-4578-AC78-02023CF9A7CE} [2013.03.19 11:24:14 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{28DCF6B7-E804-46DC-B70E-5EAC7AC2126E} [2013.03.18 22:30:05 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{3D4A36B3-7DE3-43B8-8A95-1D08E35E0463} [2013.03.18 10:29:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E59CB382-4C69-4A3A-944D-55F5F100DC3F} [2013.03.17 22:07:41 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{985DF1AE-F56C-4226-86F6-AC0ADE5777AA} [2013.03.16 12:17:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{BEB30B96-848D-4C77-BDC5-8C03EC48C373} [2013.03.15 10:10:09 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{FCADF748-2BC3-4748-B328-E2B6680CFD76} [2013.03.14 10:51:00 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0C340A67-8473-4B93-AA7B-3A757F5DD586} [2013.03.13 11:55:39 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{1D6DF0C0-51E4-4BCB-A4C0-B2A3BDB9DB33} [2013.03.13 02:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.13 02:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.13 02:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.12 23:55:15 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0F1F4F7E-6D48-4F56-952E-56C5F4479E56} [2013.03.12 11:55:03 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{A818974B-6537-4B0D-9A59-88040111D22C} [2013.03.05 23:58:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{56274CDF-5586-41F2-AD05-141CE9C2CDA1} [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Sebastian\Desktop\*.tmp files -> C:\Users\Sebastian\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.04 20:27:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.04 20:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.04 19:27:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.04 16:54:22 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.04 16:54:22 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.04 16:46:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.04 16:46:46 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys [2013.04.04 16:21:35 | 012,894,739 | ---- | M] () -- C:\Users\Sebastian\Desktop\mbar-1.01.0.1022.zip [2013.04.04 01:36:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe [2013.04.04 01:27:28 | 000,377,856 | ---- | M] () -- C:\Users\Sebastian\Desktop\gmer_2.1.19155.exe [2013.04.04 01:25:20 | 000,000,000 | ---- | M] () -- C:\Users\Sebastian\defogger_reenable [2013.04.04 01:24:31 | 000,050,477 | ---- | M] () -- C:\Users\Sebastian\Desktop\Defogger.exe [2013.04.02 03:43:41 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT [2013.04.02 03:17:26 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT [2013.03.28 16:07:29 | 000,001,456 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2013.03.28 14:59:37 | 000,015,789 | ---- | M] () -- C:\Users\Sebastian\Desktop\Copyright.jpg [2013.03.28 14:58:43 | 001,144,346 | ---- | M] () -- C:\Users\Sebastian\Desktop\Copyright.psd [2013.03.28 11:42:46 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.03.28 11:42:46 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.03.28 11:38:50 | 612,962,040 | ---- | M] (Acresso Software Inc.) -- C:\Users\Sebastian\Desktop\3DMark06_v120_1901_universal.exe [2013.03.28 11:32:22 | 000,007,652 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg [2013.03.27 21:56:55 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.21 11:34:55 | 000,000,132 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Adobe GIF Format CS5 Prefs [2013.03.21 11:32:55 | 001,448,465 | ---- | M] () -- C:\Users\Sebastian\Desktop\Unbenannt-1.psd [2013.03.18 20:54:51 | 000,000,132 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Adobe PNG Format CS5 Prefs [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Sebastian\Desktop\*.tmp files -> C:\Users\Sebastian\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.04 16:21:15 | 012,894,739 | ---- | C] () -- C:\Users\Sebastian\Desktop\mbar-1.01.0.1022.zip [2013.04.04 01:27:28 | 000,377,856 | ---- | C] () -- C:\Users\Sebastian\Desktop\gmer_2.1.19155.exe [2013.04.04 01:25:20 | 000,000,000 | ---- | C] () -- C:\Users\Sebastian\defogger_reenable [2013.04.04 01:24:31 | 000,050,477 | ---- | C] () -- C:\Users\Sebastian\Desktop\Defogger.exe [2013.03.28 14:59:34 | 000,015,789 | ---- | C] () -- C:\Users\Sebastian\Desktop\Copyright.jpg [2013.03.27 22:25:45 | 001,144,346 | ---- | C] () -- C:\Users\Sebastian\Desktop\Copyright.psd [2013.03.27 21:56:55 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.18 19:10:40 | 001,448,465 | ---- | C] () -- C:\Users\Sebastian\Desktop\Unbenannt-1.psd [2013.01.30 05:10:25 | 000,007,652 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg [2012.10.10 16:38:22 | 000,479,200 | -H-- | C] () -- C:\Users\Sebastian\.BridgeCacheT [2012.10.10 16:38:22 | 000,025,858 | -H-- | C] () -- C:\Users\Sebastian\.BridgeCache [2012.08.15 22:50:23 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012.08.12 11:11:54 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe AIFF Format CS5 Prefs [2012.07.12 00:43:36 | 000,986,523 | ---- | C] () -- C:\Users\Sebastian\_DSC7309.jpg [2012.02.02 18:48:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2012.01.15 01:09:08 | 000,000,244 | ---- | C] () -- C:\Windows\mobjects.ini [2012.01.02 22:04:37 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2012.01.02 22:04:37 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011.08.22 21:55:07 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.07.05 11:04:21 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Multipressor [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Metadata Importer [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Master [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Mallets [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Mail [2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.06.26 15:09:27 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.05.12 13:19:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\StartupItems [2011.05.12 13:19:39 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bass Reduction [2011.05.12 01:47:06 | 000,001,456 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.05.11 17:36:03 | 001,371,098 | ---- | C] () -- C:\Users\Sebastian\grypus_Helgoland_291210-007.jpg [2011.05.11 12:09:41 | 000,000,508 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.10 20:39:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard Tool [2011.05.10 20:39:40 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Specifications [2011.05.10 20:39:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT [2011.05.10 20:39:40 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bass [2011.05.10 20:39:33 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Speech Enhancer [2011.05.10 20:33:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2011.05.07 02:36:33 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.06 18:09:38 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2011.05.06 18:09:38 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2011.05.06 18:09:38 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2011.05.06 18:09:37 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.05.06 18:09:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.05.06 17:54:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Sebastian\AppData\Local\{79145b63-5e27-e084-89a0-7dfa039786d8}\L [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Sebastian\AppData\Local\{79145b63-5e27-e084-89a0-7dfa039786d8}\U [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.08.22 22:09:39 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.09.12 04:32:55 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\com.adobe.DC3Module.AdobeADC [2011.05.10 20:28:04 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.09.05 18:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Command and Conquer 4 [2011.12.25 20:53:30 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\EPSON [2013.03.21 17:32:18 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\FileZilla [2012.08.15 13:02:21 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\IrfanView [2011.05.11 16:25:06 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\NeatImage PS 64 [2012.08.13 11:10:48 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Nikon [2013.01.02 18:49:47 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Notepad++ [2012.01.18 00:29:33 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Opera [2012.11.15 20:53:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Origin [2013.03.18 00:46:42 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\SoftGrid Client [2011.05.11 00:34:07 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.05.10 20:49:12 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TP [2011.05.11 13:57:27 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > |
05.04.2013, 07:39 | #9 |
/// Malwareteam | Rechner verhält sich komisch - Virus, Trojaner,...? wunderbar, das Rootkit existiert nur noch in Fragmenten... die gehen wir jetz an, zusätzlich kümmern wir uns um unerwünschte Werbung Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Sebastian\AppData\Local\{79145b63-5e27-e084-89a0-7dfa039786d8}\L [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Sebastian\AppData\Local\{79145b63-5e27-e084-89a0-7dfa039786d8}\U :Commands [emtpytemp]
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. |
05.04.2013, 10:57 | #10 |
| Rechner verhält sich komisch - Virus, Trojaner,...? Das ist Schritt 1. Ist was falsch gelaufen oder kann ich weitermachen? Dauerte nur 2 Sekunden und wollte keinen Neustart Code:
ATTFilter ========== OTL ========== C:\Users\Sebastian\AppData\Local\{79145b63-5e27-e084-89a0-7dfa039786d8}\L folder moved successfully. C:\Users\Sebastian\AppData\Local\{79145b63-5e27-e084-89a0-7dfa039786d8}\U folder moved successfully. ========== COMMANDS ========== Error: Unable to interpret <[emtpytemp]> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 04052013_115451 Geändert von sphagnicola (05.04.2013 um 11:34 Uhr) |
06.04.2013, 11:33 | #11 |
/// Malwareteam | Rechner verhält sich komisch - Virus, Trojaner,...? da hat sich der Fehlerteufel eingeschlichen... bitte nochmals abarbeiten... Schritt 1 Fixen mit OTL
Code:
ATTFilter :Commands [emptytemp]
Zusätzlich bitte die offenen Schritte des alten Posts noch abarbeiten... |
06.04.2013, 12:39 | #12 |
| Rechner verhält sich komisch - Virus, Trojaner,...? OTL Fix: Code:
ATTFilter All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Sebastian ->Temp folder emptied: 307772 bytes ->Temporary Internet Files folder emptied: 229946340 bytes ->Java cache emptied: 1541303 bytes ->FireFox cache emptied: 350745624 bytes ->Apple Safari cache emptied: 15919104 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 2827 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 6464 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 398475624 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78140 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes RecycleBin emptied: 1568 bytes Total Files Cleaned = 951,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 04062013_130733 Files\Folders moved on Reboot... C:\Users\Sebastian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter # AdwCleaner v2.200 - Datei am 06/04/2013 um 13:18:28 erstellt # Aktualisiert am 02/04/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Sebastian - SEBASTIAN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Sebastian\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16521 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v19.0.2 (de) Datei : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\hor1jz9o.default-1353108936275\prefs.js [OK] Die Datei ist sauber. -\\ Opera v11.51.1087.0 Datei : C:\Users\Sebastian\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [886 octets] - [06/04/2013 13:18:28] ########## EOF - C:\AdwCleaner[S1].txt - [945 octets] ########## Code:
ATTFilter OTL logfile created on: 06.04.2013 13:22:26 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,51 Gb Available Physical Memory | 81,60% Memory free 15,96 Gb Paging File | 14,24 Gb Available in Paging File | 89,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1384,85 Gb Total Space | 749,98 Gb Free Space | 54,16% Space Free | Partition Type: NTFS Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) PRC - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu () MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RBScript.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\XML.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CGamma.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RegEx.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Appearance Pak.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CSensor.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Shell.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll () ========== Services (SafeList) ========== SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Macromedia Licensing Service) -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (Spyder3) -- C:\Windows\SysNative\drivers\Spyder3.sys () DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: oce%40imperia.de:0.9.5.18 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.13 17:37:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.08.13 11:10:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 12:14:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 12:26:14 | 000,000,000 | ---D | M] [2011.05.10 20:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions [2013.02.23 20:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\hor1jz9o.default-1353108936275\extensions [2013.02.23 20:15:01 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\hor1jz9o.default-1353108936275\extensions\firebug@software.joehewitt.com.xpi [2012.11.20 00:23:50 | 000,088,602 | ---- | M] () (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\hor1jz9o.default-1353108936275\extensions\oce@imperia.de.xpi [2012.03.17 04:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.12 12:14:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll O1 HOSTS File: ([2011.05.12 13:09:56 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 sams.nikonimaging.com O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120701140422.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120701140422.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C65ED75B-DF41-43D3-9164-8B07E2084D59}: DhcpNameServer = 192.168.100.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4BB49B4-1A18-4980-B879-47C5F1F05D47}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.06 01:32:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\2013-03-07-Dr. Ferry Böhme [2013.04.06 01:32:45 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\2013-03-14-Martin Stolz [2013.04.06 01:32:38 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\2013-03-21-Julian Schneider [2013.04.06 01:32:33 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\2013-03-14-Jörg Stemmler [2013.04.06 01:15:15 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7BB1D03C-8846-4EBF-9A28-9CCE15D50A17} [2013.04.05 13:14:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{8452B57B-FB1E-4692-B40F-1923A7AE74EA} [2013.04.05 11:54:51 | 000,000,000 | ---D | C] -- C:\_OTL [2013.04.05 01:14:26 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{6C3D89DA-D513-49EB-8ED3-9EC8AE058B62} [2013.04.04 21:27:43 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\Zwillinge [2013.04.04 16:25:40 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\mbar-1.01.0.1022 [2013.04.04 13:14:02 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C4A81773-FBF7-4FFD-B704-21B3C01BA672} [2013.04.04 01:36:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe [2013.04.04 01:13:38 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{74806B54-4F2D-4A18-BF2F-981125A0C19D} [2013.04.02 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{225CE963-1A6A-414F-85D8-E933F0BE6E67} [2013.04.02 00:03:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{152C2AEA-AD24-4358-B29B-1046B0964BB3} [2013.03.29 01:06:06 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{D4CE5FDA-54DC-46D1-A8E2-6C9318D1BAEF} [2013.03.28 13:05:54 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7E953E6E-FC3F-4A26-AB03-F18BF88080C3} [2013.03.28 11:42:46 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.03.28 11:42:46 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.03.28 11:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2013.03.28 11:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared [2013.03.28 11:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark [2013.03.28 11:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark [2013.03.28 11:31:32 | 612,962,040 | ---- | C] (Acresso Software Inc.) -- C:\Users\Sebastian\Desktop\3DMark06_v120_1901_universal.exe [2013.03.27 22:53:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C0AD6F26-328F-4257-8207-F3B5BED65E42} [2013.03.27 21:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.27 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{961EC8CE-7DDC-480D-87AE-3873F62468F5} [2013.03.26 15:35:56 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{77AF463D-4FE7-4CFC-BD13-59DFBCDFA4C4} [2013.03.25 17:52:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{6AE66F82-48E3-48BE-96EA-2030C92BF27C} [2013.03.23 14:53:52 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C486F88E-E77E-47B0-B4E6-748D2211D215} [2013.03.23 13:28:37 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E348CBF0-BC2B-476E-8390-482A5957E07C} [2013.03.23 01:28:12 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{74A91CBF-F9F5-4131-A6A1-600C09043B49} [2013.03.22 12:53:17 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{5DF5730B-280F-4A7C-B62C-86F19BECDD33} [2013.03.22 00:23:19 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{B5EA6352-C492-49A5-B36E-6A1247953325} [2013.03.21 12:22:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7ADE6515-0DEB-4E65-BC73-71FBC100F230} [2013.03.20 23:25:02 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{2401641C-4D65-4526-9BA7-B65E4B8D2F4F} [2013.03.20 11:24:50 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7523BDF3-8AC0-4C25-9F7F-1F356B0BF73A} [2013.03.19 23:24:26 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{F58FCB79-203B-4578-AC78-02023CF9A7CE} [2013.03.19 11:24:14 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{28DCF6B7-E804-46DC-B70E-5EAC7AC2126E} [2013.03.18 22:30:05 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{3D4A36B3-7DE3-43B8-8A95-1D08E35E0463} [2013.03.18 10:29:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E59CB382-4C69-4A3A-944D-55F5F100DC3F} [2013.03.17 22:07:41 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{985DF1AE-F56C-4226-86F6-AC0ADE5777AA} [2013.03.16 12:17:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{BEB30B96-848D-4C77-BDC5-8C03EC48C373} [2013.03.15 10:10:09 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{FCADF748-2BC3-4748-B328-E2B6680CFD76} [2013.03.14 10:51:00 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0C340A67-8473-4B93-AA7B-3A757F5DD586} [2013.03.13 11:55:39 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{1D6DF0C0-51E4-4BCB-A4C0-B2A3BDB9DB33} [2013.03.13 02:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.13 02:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.13 02:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.12 23:55:15 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0F1F4F7E-6D48-4F56-952E-56C5F4479E56} [2013.03.12 11:55:03 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{A818974B-6537-4B0D-9A59-88040111D22C} [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Sebastian\Desktop\*.tmp files -> C:\Users\Sebastian\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.06 13:27:21 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 13:27:21 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 13:27:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.06 13:20:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.06 13:19:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.06 13:19:49 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys [2013.04.06 13:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.06 01:45:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.06 01:45:05 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.05 11:59:41 | 000,613,083 | ---- | M] () -- C:\Users\Sebastian\Desktop\adwcleaner.exe [2013.04.05 02:54:26 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT [2013.04.04 16:21:35 | 012,894,739 | ---- | M] () -- C:\Users\Sebastian\Desktop\mbar-1.01.0.1022.zip [2013.04.04 01:36:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe [2013.04.04 01:27:28 | 000,377,856 | ---- | M] () -- C:\Users\Sebastian\Desktop\gmer_2.1.19155.exe [2013.04.04 01:25:20 | 000,000,000 | ---- | M] () -- C:\Users\Sebastian\defogger_reenable [2013.04.04 01:24:31 | 000,050,477 | ---- | M] () -- C:\Users\Sebastian\Desktop\Defogger.exe [2013.04.02 03:17:26 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT [2013.03.28 16:07:29 | 000,001,456 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2013.03.28 11:42:46 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.03.28 11:42:46 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.03.28 11:38:50 | 612,962,040 | ---- | M] (Acresso Software Inc.) -- C:\Users\Sebastian\Desktop\3DMark06_v120_1901_universal.exe [2013.03.28 11:32:22 | 000,007,652 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg [2013.03.27 21:56:55 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.21 11:34:55 | 000,000,132 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Adobe GIF Format CS5 Prefs [2013.03.18 20:54:51 | 000,000,132 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Adobe PNG Format CS5 Prefs [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Sebastian\Desktop\*.tmp files -> C:\Users\Sebastian\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.06 01:45:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.06 01:45:05 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.05 11:59:37 | 000,613,083 | ---- | C] () -- C:\Users\Sebastian\Desktop\adwcleaner.exe [2013.04.04 16:21:15 | 012,894,739 | ---- | C] () -- C:\Users\Sebastian\Desktop\mbar-1.01.0.1022.zip [2013.04.04 01:27:28 | 000,377,856 | ---- | C] () -- C:\Users\Sebastian\Desktop\gmer_2.1.19155.exe [2013.04.04 01:25:20 | 000,000,000 | ---- | C] () -- C:\Users\Sebastian\defogger_reenable [2013.04.04 01:24:31 | 000,050,477 | ---- | C] () -- C:\Users\Sebastian\Desktop\Defogger.exe [2013.03.27 21:56:55 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.01.30 05:10:25 | 000,007,652 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg [2012.10.10 16:38:22 | 000,479,200 | -H-- | C] () -- C:\Users\Sebastian\.BridgeCacheT [2012.10.10 16:38:22 | 000,025,858 | -H-- | C] () -- C:\Users\Sebastian\.BridgeCache [2012.08.15 22:50:23 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012.08.12 11:11:54 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe AIFF Format CS5 Prefs [2012.07.12 00:43:36 | 000,986,523 | ---- | C] () -- C:\Users\Sebastian\_DSC7309.jpg [2012.02.02 18:48:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2012.01.15 01:09:08 | 000,000,244 | ---- | C] () -- C:\Windows\mobjects.ini [2012.01.02 22:04:37 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2012.01.02 22:04:37 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011.08.22 21:55:07 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.07.05 11:04:21 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Multipressor [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Metadata Importer [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Master [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Mallets [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Mail [2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.06.26 15:09:27 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.05.12 13:19:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\StartupItems [2011.05.12 13:19:39 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bass Reduction [2011.05.12 01:47:06 | 000,001,456 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.05.11 17:36:03 | 001,371,098 | ---- | C] () -- C:\Users\Sebastian\grypus_Helgoland_291210-007.jpg [2011.05.11 12:09:41 | 000,000,508 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.10 20:39:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard Tool [2011.05.10 20:39:40 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Specifications [2011.05.10 20:39:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT [2011.05.10 20:39:40 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bass [2011.05.10 20:39:33 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Speech Enhancer [2011.05.10 20:33:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2011.05.07 02:36:33 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.06 18:09:38 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2011.05.06 18:09:38 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2011.05.06 18:09:38 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2011.05.06 18:09:37 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.05.06 18:09:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.05.06 17:54:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.08.22 22:09:39 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.09.12 04:32:55 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\com.adobe.DC3Module.AdobeADC [2011.05.10 20:28:04 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.09.05 18:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Command and Conquer 4 [2011.12.25 20:53:30 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\EPSON [2013.03.21 17:32:18 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\FileZilla [2012.08.15 13:02:21 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\IrfanView [2011.05.11 16:25:06 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\NeatImage PS 64 [2012.08.13 11:10:48 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Nikon [2013.01.02 18:49:47 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Notepad++ [2012.01.18 00:29:33 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Opera [2012.11.15 20:53:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Origin [2013.03.18 00:46:42 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\SoftGrid Client [2011.05.11 00:34:07 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.05.10 20:49:12 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TP [2011.05.11 13:57:27 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > |
07.04.2013, 19:16 | #13 |
/// Malwareteam | Rechner verhält sich komisch - Virus, Trojaner,...? Hallo, die Grafikkarte könnt ihr natürlich einbauen, sollte keine Probleme machen... Hast du sonst noch irgendwelche Probleme mit dem Rechner? Wenn ja teile es mir bitte mit. Sollte alles passen mit dem Rechner arbeite die folgenden Schritt ab: Schritt 1 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 2 ESET Online Scanner
Schritt 3 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. |
07.04.2013, 22:05 | #14 |
| Rechner verhält sich komisch - Virus, Trojaner,...? Bis auf die laute Grafikkarte (was wohl eher an der Karte liegt?!) arbeitet es sich gut mit dem Rechner. Malwareybytes Anti-Malware (kein Fund): Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.07.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 Sebastian :: SEBASTIAN-PC [Administrator] 07.04.2013 20:21:38 mbam-log-2013-04-07 (20-21-38).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 218114 Laufzeit: 3 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=a1be9db7170b7f468508cb17ef3820ea # engine=13569 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-04-07 08:39:42 # local_time=2013-04-07 10:39:42 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 20513795 116997032 0 0 # scanned=409738 # found=0 # cleaned=0 # scan_time=7779 OTL.txt: Code:
ATTFilter OTL logfile created on: 07.04.2013 22:44:56 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,96 Gb Available Physical Memory | 74,61% Memory free 15,96 Gb Paging File | 13,59 Gb Available in Paging File | 85,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1384,85 Gb Total Space | 750,61 Gb Free Space | 54,20% Space Free | Partition Type: NTFS Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) PRC - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu () MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RBScript.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\XML.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CGamma.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RegEx.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Appearance Pak.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CSensor.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Shell.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll () ========== Services (SafeList) ========== SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Macromedia Licensing Service) -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (Spyder3) -- C:\Windows\SysNative\drivers\Spyder3.sys () DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: oce%40imperia.de:0.9.5.18 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.13 17:37:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.08.13 11:10:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 12:14:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 12:26:14 | 000,000,000 | ---D | M] [2011.05.10 20:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions [2013.02.23 20:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\hor1jz9o.default-1353108936275\extensions [2013.02.23 20:15:01 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\hor1jz9o.default-1353108936275\extensions\firebug@software.joehewitt.com.xpi [2012.11.20 00:23:50 | 000,088,602 | ---- | M] () (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\hor1jz9o.default-1353108936275\extensions\oce@imperia.de.xpi [2012.03.17 04:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.12 12:14:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll O1 HOSTS File: ([2011.05.12 13:09:56 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 sams.nikonimaging.com O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120701140422.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120701140422.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C65ED75B-DF41-43D3-9164-8B07E2084D59}: DhcpNameServer = 192.168.100.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4BB49B4-1A18-4980-B879-47C5F1F05D47}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.07 22:19:50 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\physik [2013.04.07 20:25:28 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Sebastian\Desktop\esetsmartinstaller_enu.exe [2013.04.07 20:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.07 20:19:42 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.07 20:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.07 20:19:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\Programs [2013.04.07 20:18:23 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sebastian\Desktop\mbam-setup-1.70.0.1100.exe [2013.04.07 14:22:43 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{F693E36C-2B24-4092-A2BA-D19E53CECB57} [2013.04.07 01:43:37 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0B795852-E135-485D-B966-C3C9ADC3BEA7} [2013.04.06 13:43:26 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{9E0C549A-6B8A-400C-AAE1-87A5C5EE2FF3} [2013.04.06 01:15:15 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7BB1D03C-8846-4EBF-9A28-9CCE15D50A17} [2013.04.05 13:14:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{8452B57B-FB1E-4692-B40F-1923A7AE74EA} [2013.04.05 11:54:51 | 000,000,000 | ---D | C] -- C:\_OTL [2013.04.05 01:14:26 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{6C3D89DA-D513-49EB-8ED3-9EC8AE058B62} [2013.04.04 21:27:43 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\Zwillinge [2013.04.04 16:25:40 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\mbar-1.01.0.1022 [2013.04.04 13:14:02 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C4A81773-FBF7-4FFD-B704-21B3C01BA672} [2013.04.04 01:36:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe [2013.04.04 01:13:38 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{74806B54-4F2D-4A18-BF2F-981125A0C19D} [2013.04.02 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{225CE963-1A6A-414F-85D8-E933F0BE6E67} [2013.04.02 00:03:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{152C2AEA-AD24-4358-B29B-1046B0964BB3} [2013.03.29 01:06:06 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{D4CE5FDA-54DC-46D1-A8E2-6C9318D1BAEF} [2013.03.28 13:05:54 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7E953E6E-FC3F-4A26-AB03-F18BF88080C3} [2013.03.28 11:42:46 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.03.28 11:42:46 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.03.28 11:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2013.03.28 11:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared [2013.03.28 11:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark [2013.03.28 11:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark [2013.03.28 11:31:32 | 612,962,040 | ---- | C] (Acresso Software Inc.) -- C:\Users\Sebastian\Desktop\3DMark06_v120_1901_universal.exe [2013.03.27 22:53:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C0AD6F26-328F-4257-8207-F3B5BED65E42} [2013.03.27 21:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.27 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{961EC8CE-7DDC-480D-87AE-3873F62468F5} [2013.03.26 15:35:56 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{77AF463D-4FE7-4CFC-BD13-59DFBCDFA4C4} [2013.03.25 17:52:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{6AE66F82-48E3-48BE-96EA-2030C92BF27C} [2013.03.23 14:53:52 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C486F88E-E77E-47B0-B4E6-748D2211D215} [2013.03.23 13:28:37 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E348CBF0-BC2B-476E-8390-482A5957E07C} [2013.03.23 01:28:12 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{74A91CBF-F9F5-4131-A6A1-600C09043B49} [2013.03.22 12:53:17 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{5DF5730B-280F-4A7C-B62C-86F19BECDD33} [2013.03.22 00:23:19 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{B5EA6352-C492-49A5-B36E-6A1247953325} [2013.03.21 12:22:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7ADE6515-0DEB-4E65-BC73-71FBC100F230} [2013.03.20 23:25:02 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{2401641C-4D65-4526-9BA7-B65E4B8D2F4F} [2013.03.20 11:24:50 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7523BDF3-8AC0-4C25-9F7F-1F356B0BF73A} [2013.03.19 23:24:26 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{F58FCB79-203B-4578-AC78-02023CF9A7CE} [2013.03.19 11:24:14 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{28DCF6B7-E804-46DC-B70E-5EAC7AC2126E} [2013.03.18 22:30:05 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{3D4A36B3-7DE3-43B8-8A95-1D08E35E0463} [2013.03.18 10:29:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E59CB382-4C69-4A3A-944D-55F5F100DC3F} [2013.03.17 22:07:41 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{985DF1AE-F56C-4226-86F6-AC0ADE5777AA} [2013.03.16 12:17:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{BEB30B96-848D-4C77-BDC5-8C03EC48C373} [2013.03.15 10:10:09 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{FCADF748-2BC3-4748-B328-E2B6680CFD76} [2013.03.14 10:51:00 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0C340A67-8473-4B93-AA7B-3A757F5DD586} [2013.03.13 11:55:39 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{1D6DF0C0-51E4-4BCB-A4C0-B2A3BDB9DB33} [2013.03.13 02:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.13 02:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.13 02:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.12 23:55:15 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0F1F4F7E-6D48-4F56-952E-56C5F4479E56} [2013.03.12 11:55:03 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{A818974B-6537-4B0D-9A59-88040111D22C} [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Sebastian\Desktop\*.tmp files -> C:\Users\Sebastian\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.07 22:31:57 | 002,371,965 | ---- | M] () -- C:\Users\Sebastian\Desktop\Sammelmappe1.pdf [2013.04.07 22:27:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.07 22:19:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.07 20:25:30 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Sebastian\Desktop\esetsmartinstaller_enu.exe [2013.04.07 20:19:47 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.07 20:18:46 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sebastian\Desktop\mbam-setup-1.70.0.1100.exe [2013.04.07 19:27:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.07 14:22:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.07 11:11:38 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.07 11:11:38 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.07 11:04:15 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys [2013.04.07 01:31:26 | 000,173,518 | ---- | M] () -- C:\Users\Sebastian\Desktop\060412-009.jpg [2013.04.06 01:45:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.06 01:45:05 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.05 11:59:41 | 000,613,083 | ---- | M] () -- C:\Users\Sebastian\Desktop\adwcleaner.exe [2013.04.05 02:54:26 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT [2013.04.04 16:21:35 | 012,894,739 | ---- | M] () -- C:\Users\Sebastian\Desktop\mbar-1.01.0.1022.zip [2013.04.04 01:36:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe [2013.04.04 01:27:28 | 000,377,856 | ---- | M] () -- C:\Users\Sebastian\Desktop\gmer_2.1.19155.exe [2013.04.04 01:25:20 | 000,000,000 | ---- | M] () -- C:\Users\Sebastian\defogger_reenable [2013.04.04 01:24:31 | 000,050,477 | ---- | M] () -- C:\Users\Sebastian\Desktop\Defogger.exe [2013.04.02 03:17:26 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT [2013.03.28 16:07:29 | 000,001,456 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2013.03.28 11:42:46 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.03.28 11:42:46 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.03.28 11:38:50 | 612,962,040 | ---- | M] (Acresso Software Inc.) -- C:\Users\Sebastian\Desktop\3DMark06_v120_1901_universal.exe [2013.03.28 11:32:22 | 000,007,652 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg [2013.03.27 21:56:55 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.21 11:34:55 | 000,000,132 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Adobe GIF Format CS5 Prefs [2013.03.18 20:54:51 | 000,000,132 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Adobe PNG Format CS5 Prefs [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Sebastian\Desktop\*.tmp files -> C:\Users\Sebastian\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.07 22:31:57 | 002,371,965 | ---- | C] () -- C:\Users\Sebastian\Desktop\Sammelmappe1.pdf [2013.04.07 20:19:47 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.07 01:31:21 | 000,173,518 | ---- | C] () -- C:\Users\Sebastian\Desktop\060412-009.jpg [2013.04.06 01:45:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.06 01:45:05 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.05 11:59:37 | 000,613,083 | ---- | C] () -- C:\Users\Sebastian\Desktop\adwcleaner.exe [2013.04.04 16:21:15 | 012,894,739 | ---- | C] () -- C:\Users\Sebastian\Desktop\mbar-1.01.0.1022.zip [2013.04.04 01:27:28 | 000,377,856 | ---- | C] () -- C:\Users\Sebastian\Desktop\gmer_2.1.19155.exe [2013.04.04 01:25:20 | 000,000,000 | ---- | C] () -- C:\Users\Sebastian\defogger_reenable [2013.04.04 01:24:31 | 000,050,477 | ---- | C] () -- C:\Users\Sebastian\Desktop\Defogger.exe [2013.03.27 21:56:55 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.01.30 05:10:25 | 000,007,652 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg [2012.10.10 16:38:22 | 000,479,200 | -H-- | C] () -- C:\Users\Sebastian\.BridgeCacheT [2012.10.10 16:38:22 | 000,025,858 | -H-- | C] () -- C:\Users\Sebastian\.BridgeCache [2012.08.15 22:50:23 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012.08.12 11:11:54 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe AIFF Format CS5 Prefs [2012.07.12 00:43:36 | 000,986,523 | ---- | C] () -- C:\Users\Sebastian\_DSC7309.jpg [2012.02.02 18:48:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2012.01.15 01:09:08 | 000,000,244 | ---- | C] () -- C:\Windows\mobjects.ini [2012.01.02 22:04:37 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2012.01.02 22:04:37 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011.08.22 21:55:07 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.07.05 11:04:21 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Multipressor [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Metadata Importer [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Master [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Mallets [2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Mail [2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.06.26 15:09:27 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.05.12 13:19:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\StartupItems [2011.05.12 13:19:39 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bass Reduction [2011.05.12 01:47:06 | 000,001,456 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.05.11 17:36:03 | 001,371,098 | ---- | C] () -- C:\Users\Sebastian\grypus_Helgoland_291210-007.jpg [2011.05.11 12:09:41 | 000,000,508 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.10 20:39:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard Tool [2011.05.10 20:39:40 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Specifications [2011.05.10 20:39:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT [2011.05.10 20:39:40 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bass [2011.05.10 20:39:33 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Speech Enhancer [2011.05.10 20:33:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2011.05.07 02:36:33 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.06 18:09:38 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2011.05.06 18:09:38 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2011.05.06 18:09:38 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2011.05.06 18:09:37 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.05.06 18:09:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.05.06 17:54:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.08.22 22:09:39 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.09.12 04:32:55 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\com.adobe.DC3Module.AdobeADC [2011.05.10 20:28:04 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.09.05 18:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Command and Conquer 4 [2011.12.25 20:53:30 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\EPSON [2013.03.21 17:32:18 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\FileZilla [2012.08.15 13:02:21 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\IrfanView [2011.05.11 16:25:06 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\NeatImage PS 64 [2012.08.13 11:10:48 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Nikon [2013.01.02 18:49:47 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Notepad++ [2012.01.18 00:29:33 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Opera [2012.11.15 20:53:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Origin [2013.04.07 03:00:02 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\SoftGrid Client [2011.05.11 00:34:07 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.05.10 20:49:12 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TP [2011.05.11 13:57:27 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > |
08.04.2013, 12:19 | #15 |
/// Malwareteam | Rechner verhält sich komisch - Virus, Trojaner,...? Hallo.. dann haben wir es ja geschafft Wunderbar dein System ist soweit ich das sehen kann sauber. Hier noch ein paar Tipps zur Absicherung deines Systems. Benutzerkonto Einstellungen: Wir sehen immer wieder User mit Administratorrechten. Hier kann jeder Nutzer eines Windowsrechners schon die erste Türe schließen. Arbeite mit einem eingeschränkten Benutzerkonto anstelle eines Kontos mit Administratorrechten. Diese sind für das tägliche Arbeiten nicht nötig, und solltest du einmal Software installieren wollen wirst du im normalfall nach deinem Passwort gefragt. Solltest du Hilfe bei der Erstellung eines "eingeschränkten Kontos" benötigen helfe ich dir gern weiter. Systemupdates: Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Besonders Java erfährt zur Zeit regelmäßig sicherheitsrelevante Updates Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Antivirensoftware Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen alternatives Browsen Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. Wenn du möchtest, kannst du das Trojaner Board Forum mit einer kleinen Spende unterstützen. |
Themen zu Rechner verhält sich komisch - Virus, Trojaner,...? |
belastet, benutzer, dinge, doppel, doppelte, durchgeführt, eingefangen, einiger, firefox, gefangen, grafikkarte, komisch, langsamer, laufen, manager, prozesse, rechner, sorge, svchost.exe, task manager, troja, trojaner, virus, überprüfen, Änderungen |