Comodo IS Free findet Virus in rss.exe - jetzt Windows Fehlermeldung nach Boot

Hogwash · 08.04.2013, 20:32

Hallo,

mein Comodo Internet Securitiy Premium (Freeware) hat in
C:\Users\****\AppData\Roaming\Adobe\Flash Player\File Cache\rss.exe
einen Schädling gefunden. Dieser befindet sich mit der Kennung/dem Namen
Malware@#2uxa1qkqla728
in der Quarantäne.

Ein Scan mit Comodo IS hat keinen weiteren Schädling gefunden. Auch ein Scan mit der Kaspersky Rescue Boot-CD hat keinen Fund gebracht.

Jetzt könnte man ja davon ausgehen, daß mein Rechner sauber ist...
Allerdings bekomme ich nach jedem Windows-Boot folgende Fehlermeldung:
C:\Users\****\AppData\Roaming\Adobe\Flash Player\File Cache\rss.exe konnte nicht gefunden werden. Stellen Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang.
Es befindet sich wohl noch irgendwo ein Programm, das die rss.exe ausführen will, nur wo ?

Ich habe unter der Comodo IS Virenkennung keine Funde bei Google landen können, weiß also nicht einmal, was das für ein Schädling ist, geschweige denn wie ich ihn los werde.
Auch eine allgemeine Suche nach rss.exe hat keine eindeutigen Treffer gebracht.

Meine Logfiles habe ich gezippt angehängt.
Ich hoffe, das ist richtig so - die Anleitung (Für alle Hilfesuchenden...) sagt ja nur nach Aufforderung. Allerdings hat mich euer Board bei der Thread-Erstellung dazu aufgefordert - das ist wohl in etwa dasselbe, oder...?

Bin für jede Hilfe dankbar. So ganz sicher fühle ich mich trotz Virenprogramm doch nicht...

N'Abend,
Karsten

aharonov · 09.04.2013, 02:33

Hallo Karsten,

Zitat:

Es befindet sich wohl noch irgendwo ein Programm, das die rss.exe ausführen will, nur wo ?

Hier:

Code:

ATTFilter

O4 - HKCU..\Run: [RSS] C:\Users\***\AppData\Roaming\Adobe\Flash Player\File Cache\file.vbs ()

(Die Logfiles bitte nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].)

Schritt 1

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.

WICHTIG: Speichere Combofix auf deinen Desktop.
Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 2

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Combofix
Log von OTL

Hogwash · 09.04.2013, 10:18

Hallo Leo,

erstmal danke für die schnelle Beantwortung.

Leider bekomme ich verschiedene Fehler, wenn ich Combofix starte (mit oder ohne "als Admin").
Los geht's mit:

Oben auf der Fensterleiste steht "ERU for Windows NT"

Zitat:

Unable to create file:
C:Windows\erdnt\Hiv-backup\ERDNT.INF
Registry backup will continue, but no restore information for the ERDNT programm will be saved. This means that later restoration of the registry can only be done manually, by using another OS to copy back the files.

Das kann ich nur mit "OK" wegklicken - was ich getan habe.

Ab hier steht jeweils nur "Warning" auf der Fensterleiste.

Zitat:

Error saving file
C:\Winodws\erdnt\Hiv-backup\BCD !
Continue with the next file ?

Habe ich bejat.

Dann folgen noch diese Files, die alle nicht gebackupt wurden, alle im selben Ordner:
SYSTEM
SOFTWARE
DEFAULT
SECURITY
SAM

Dann kommt noch:

Zitat:

Error saving file
C:\Winodws\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT !
Continue with the next file ?

Habe ich wieder bejat.

Zitat:

Error saving file
C:\Winodws\erdnt\Hiv-backup\Users\00000002\NTUSER.DAT !
Continue with the next file ?

Habe ich wieder bejat.

Zitat:

Error saving file
C:\Winodws\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT !
Continue with the next file ?

Habe ich wieder bejat.

Zitat:

Error saving file
C:\Winodws\erdnt\Hiv-backup\Users\00000004\NTUSER.DAT !
Continue with the next file ?

Habe ich wieder bejat.

Dann rödelt zwar die Festplatte eine Weile, während dessen ich brav abgewartet habe - aber dann ist irgendwann ruhig.
Keine weitere Bestätigung, Eingabefenster, o.ä.
Ein Logile gab es auch nicht...

Auch nach einem Neustart ist alles wie vorher auch.

Was mache ich jetzt ?

LG,
Karsten

aharonov · 09.04.2013, 14:19

Hallo Karsten,

mach bitte mal mit Schritt 2 weiter.

Hogwash · 09.04.2013, 20:14

Entschuldige, ich dachte nicht, daß Du das ohne die Combofix-Aktion auch brauchen kannst...

Bidde:

Code:

ATTFilter

OTL logfile created on: 09.04.2013 21:01:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karsten Gandor\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,88 Gb Total Physical Memory | 9,63 Gb Available Physical Memory | 60,62% Memory free
15,88 Gb Paging File | 9,57 Gb Available in Paging File | 60,23% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,90 Gb Total Space | 11,31 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 10,23 Gb Free Space | 68,18% Space Free | Partition Type: NTFS
Drive E: | 370,00 Gb Total Space | 118,42 Gb Free Space | 32,01% Space Free | Partition Type: NTFS
Drive F: | 100,00 Gb Total Space | 78,31 Gb Free Space | 78,31% Space Free | Partition Type: NTFS
Drive G: | 143,62 Gb Total Space | 47,36 Gb Free Space | 32,97% Space Free | Partition Type: NTFS
Drive H: | 59,24 Gb Total Space | 53,20 Gb Free Space | 89,81% Space Free | Partition Type: NTFS
Drive I: | 70,00 Gb Total Space | 61,80 Gb Free Space | 88,29% Space Free | Partition Type: NTFS
Drive Y: | 3,99 Gb Total Space | 3,99 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: PSYCHOWIN | User Name: Karsten Gandor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.04.08 19:36:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karsten Gandor\Desktop\OTL.exe
PRC - [2013.03.13 02:12:10 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.24 17:12:22 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.10.08 22:48:08 | 001,637,888 | ---- | M] () -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2011.07.25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011.02.08 01:41:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2011.01.23 19:47:46 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2011.01.23 19:47:44 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.08.13 17:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2010.06.18 20:29:24 | 000,548,864 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) -- C:\Programme\Behringer\BCD3000\Drivers\bcd3kcpan.exe
PRC - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.11 11:56:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2011.07.25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2011.01.23 19:47:46 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2011.01.23 19:47:44 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010.04.05 05:56:22 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
MOD - [2010.04.05 05:56:20 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2010.04.05 05:56:18 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll
MOD - [2010.04.05 05:56:08 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL
MOD - [2010.04.05 05:55:16 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2010.04.05 05:55:06 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL
MOD - [2010.04.05 05:55:00 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL
MOD - [2010.04.05 05:54:54 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL
MOD - [2010.04.01 12:24:30 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll
MOD - [2010.04.01 12:23:28 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009.05.27 07:16:52 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
MOD - [2009.04.07 14:25:28 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009.03.10 00:43:50 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009.03.02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009.02.20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXECsmr.dll
MOD - [2009.02.20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXECsm.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.05.11 11:56:00 | 000,825,152 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysNative\nvwmi64.exe -- (NVWMI)
SRV:64bit: - [2010.04.14 15:08:32 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010.04.14 15:08:24 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV:64bit: - [2010.02.10 17:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.04 21:24:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.13 02:12:10 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.24 17:12:22 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.08.23 17:05:12 | 003,342,640 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.08.23 17:04:28 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.08.23 17:04:00 | 000,629,040 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.08.23 17:03:14 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.08.23 14:39:38 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012.07.18 01:52:16 | 000,659,472 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.03.11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012.01.17 07:45:16 | 000,218,504 | ---- | M] () [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe -- (EmbassyService)
SRV - [2012.01.16 15:29:58 | 000,198,144 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe -- (WvPCR)
SRV - [2012.01.05 15:02:14 | 001,679,872 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV - [2011.12.08 10:45:42 | 004,146,032 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2011.11.11 14:42:14 | 002,167,176 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2011.10.08 22:48:08 | 001,637,888 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2011.07.28 14:50:16 | 000,519,536 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2011.05.13 10:10:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2011.05.13 10:10:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2011.02.08 01:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.01.25 01:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.04.14 15:08:24 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010.04.14 15:08:14 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeccoms.exe -- (lxec_device)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2008.11.25 12:45:40 | 000,153,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.13 02:12:14 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2013.03.13 02:12:14 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.30 12:24:08 | 011,523,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012.09.20 06:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.20 06:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.08.30 12:52:44 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2012.08.30 12:52:44 | 000,074,120 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2012.08.29 10:39:34 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2012.08.29 00:27:48 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2012.08.29 00:27:48 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.08.29 00:27:48 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.08.29 00:27:48 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.08.29 00:27:48 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.10 23:44:18 | 000,482,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012.07.18 01:49:00 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.07.18 01:49:00 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012.04.29 07:27:00 | 000,073,000 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2012.03.11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 18:15:58 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.11.10 12:14:14 | 000,311,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcSec.sys -- (ArcSec)
DRV:64bit: - [2011.10.10 08:18:32 | 000,021,048 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rspLLL64.sys -- (rspLLL)
DRV:64bit: - [2011.07.22 12:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011.07.15 21:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011.05.26 10:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.05.10 14:05:48 | 000,038,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011.03.23 13:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.25 01:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.01.03 14:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.19 10:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 10:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.08.05 18:52:12 | 000,054,888 | ---- | M] (Behringer) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcd3000_x64.sys -- (bcd3000)
DRV:64bit: - [2010.08.05 18:52:12 | 000,032,872 | ---- | M] (Behringer) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcd3000wdm_x64.sys -- (bcd3000wdm)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.12.07 20:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-55140348-4283757400-3586990977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\S-1-5-21-55140348-4283757400-3586990977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
IE - HKU\S-1-5-21-55140348-4283757400-3586990977-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-55140348-4283757400-3586990977-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-55140348-4283757400-3586990977-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 21:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.18 23:00:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.18 23:00:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.18 23:00:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 21:24:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.18 23:00:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.29 09:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karsten Gandor\AppData\Roaming\mozilla\Extensions
[2013.04.04 21:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.04 21:24:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [My Movies Tray] C:\Program Files (x86)\Binnerup Consult\My Movies Collection Management\My Movies Tray.exe (Binnerup Consult)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-21-55140348-4283757400-3586990977-1000..\Run: [DesktopOK] D:\Arbeit\tools\Desktop Symbole\DesktopOK_x64.exe (Nenad Hrg SoftwareOK)
O4 - HKU\S-1-5-21-55140348-4283757400-3586990977-1000..\Run: [RSS] C:\Users\Karsten Gandor\AppData\Roaming\Adobe\Flash Player\File Cache\file.vbs ()
O4 - HKU\S-1-5-21-55140348-4283757400-3586990977-1000..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O4 - HKU\S-1-5-21-55140348-4283757400-3586990977-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-55140348-4283757400-3586990977-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Karsten Gandor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Karsten Gandor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-55140348-4283757400-3586990977-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F5919A6-992D-4C8E-9C15-34F8F48E3137}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AB07E9A-B733-4D8C-B941-7C90523EBFAB}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B720F82-0939-4571-8D29-C5190972A2FF}: DhcpNameServer = 192.168.115.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDA842D8-B5BE-4395-99F6-469A10CAD191}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5b44de90-7e8e-11e2-8f34-3859f9d90734}\Shell - "" = AutoRun
O33 - MountPoints2\{5b44de90-7e8e-11e2-8f34-3859f9d90734}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{7a979a68-7e99-11e2-ba9f-24770306ef24}\Shell - "" = AutoRun
O33 - MountPoints2\{7a979a68-7e99-11e2-ba9f-24770306ef24}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{b11e8409-7e98-11e2-8d84-24770306ef24}\Shell - "" = AutoRun
O33 - MountPoints2\{b11e8409-7e98-11e2-8d84-24770306ef24}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{b11e840d-7e98-11e2-8d84-24770306ef24}\Shell - "" = AutoRun
O33 - MountPoints2\{b11e840d-7e98-11e2-8d84-24770306ef24}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.09 14:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brotherhood Software
[2013.04.09 10:54:05 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2013.04.09 10:40:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.09 10:39:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.09 10:39:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.09 10:39:00 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013.04.09 10:31:49 | 005,049,517 | R--- | C] (Swearware) -- C:\Users\Karsten Gandor\Desktop\ComboFix.exe
[2013.04.08 22:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.04.08 22:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.08 21:02:29 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.04.08 21:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.04.08 21:02:28 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\AppData\Roaming\Notepad++
[2013.04.08 21:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2013.04.08 19:51:11 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\Desktop\RK_Quarantine
[2013.04.08 19:44:47 | 009,741,664 | ---- | C] (SurfRight B.V.) -- C:\Users\Karsten Gandor\Desktop\hitmanpro_x64.exe
[2013.04.08 19:44:46 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\Desktop\HitmanPro_3.7.3.193
[2013.04.08 19:36:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Karsten Gandor\Desktop\OTL.exe
[2013.04.08 18:57:13 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.04.08 18:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.08 18:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.05 09:54:34 | 000,022,128 | ---- | C] (ST Microelectronics) -- C:\Windows\SysNative\drivers\stdcfltn.sys
[2013.04.05 09:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\STMicroelectronics
[2013.04.05 09:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STMicroelectronics
[2013.04.04 22:25:41 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\AppData\Roaming\Malwarebytes
[2013.04.04 22:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.04 22:25:32 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.04 22:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.04 22:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.04 22:25:20 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\AppData\Local\Programs
[2013.04.04 21:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.03 11:54:02 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\Documents\Native Instruments
[2013.04.03 11:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2013.04.03 11:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2013.03.28 22:25:39 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\AppData\Local\Diagnostics
[2013.03.28 14:04:55 | 000,054,888 | ---- | C] (Behringer) -- C:\Windows\SysNative\drivers\bcd3000_x64.sys
[2013.03.28 14:04:55 | 000,032,872 | ---- | C] (Behringer) -- C:\Windows\SysNative\drivers\bcd3000wdm_x64.sys
[2013.03.28 14:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Behringer
[2013.03.28 13:58:36 | 000,021,048 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\SysNative\drivers\rspLLL64.sys
[2013.03.28 13:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
[2013.03.28 13:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\LatencyMon
[2013.03.18 23:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.03.18 22:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0
[2013.03.18 22:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4.0
[2013.03.18 22:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Movies
[2013.03.18 22:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Binnerup Consult
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.09 21:03:09 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013.04.09 21:00:26 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 21:00:26 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 20:57:41 | 001,632,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.09 20:57:41 | 000,701,738 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.09 20:57:41 | 000,663,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.09 20:57:41 | 000,148,392 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.09 20:57:41 | 000,124,774 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.09 20:53:27 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.09 20:53:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.09 20:53:11 | 4202,262,526 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.09 15:16:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.09 15:01:14 | 000,001,273 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\CaptchaNotifier.exe - Verknüpfung.lnk
[2013.04.09 12:13:39 | 000,292,402 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\Grundriss Mannes 12.jpg
[2013.04.09 10:40:12 | 000,000,331 | ---- | M] () -- C:\Start_.cmd
[2013.04.09 10:31:50 | 005,049,517 | R--- | M] (Swearware) -- C:\Users\Karsten Gandor\Desktop\ComboFix.exe
[2013.04.08 23:06:20 | 007,039,892 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\DSC_0029.JPG
[2013.04.08 23:06:09 | 009,043,188 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\DSC_0036.JPG
[2013.04.08 23:05:52 | 007,454,203 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\DSC_0054.JPG
[2013.04.08 23:05:06 | 000,193,290 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\Produktionsauftrag Hoerfunk_NDR.rtf
[2013.04.08 23:04:45 | 001,418,452 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\11.04.13, Job 13-0335, NDR, Packzettel.pdf
[2013.04.08 22:14:26 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.08 21:25:43 | 000,066,020 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\Logfiles.zip
[2013.04.08 20:03:58 | 000,816,128 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\RogueKiller.exe
[2013.04.08 19:50:42 | 000,000,000 | ---- | M] () -- C:\Users\Karsten Gandor\defogger_reenable
[2013.04.08 19:42:30 | 000,791,040 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\RogueKillerX64.exe
[2013.04.08 19:36:43 | 000,377,856 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\gmer_2.1.19163.exe
[2013.04.08 19:36:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karsten Gandor\Desktop\OTL.exe
[2013.04.08 19:36:02 | 000,050,477 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\Defogger.exe
[2013.04.08 18:57:13 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.04.05 09:08:05 | 009,741,664 | ---- | M] (SurfRight B.V.) -- C:\Users\Karsten Gandor\Desktop\hitmanpro_x64.exe
[2013.04.01 20:40:05 | 000,001,059 | ---- | M] () -- C:\Users\Karsten Gandor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.01 20:39:59 | 000,001,045 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\Dropbox.lnk
[2013.03.28 14:04:55 | 000,001,086 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BCD3000 Control Panel.lnk
[2013.03.21 23:57:09 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.21 23:57:05 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.20 12:36:45 | 000,001,464 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\MSCS(v4.1).exe - Verknüpfung.lnk
[2013.03.18 23:34:18 | 000,585,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.13 02:12:12 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
 
========== Files Created - No Company Name ==========
 
[2013.04.09 15:01:14 | 000,001,273 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\CaptchaNotifier.exe - Verknüpfung.lnk
[2013.04.09 11:33:31 | 000,292,402 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\Grundriss Mannes 12.jpg
[2013.04.09 10:40:12 | 000,000,331 | ---- | C] () -- C:\Start_.cmd
[2013.04.08 23:06:18 | 007,039,892 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\DSC_0029.JPG
[2013.04.08 23:06:06 | 009,043,188 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\DSC_0036.JPG
[2013.04.08 23:05:51 | 007,454,203 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\DSC_0054.JPG
[2013.04.08 23:05:05 | 000,193,290 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\Produktionsauftrag Hoerfunk_NDR.rtf
[2013.04.08 23:04:44 | 001,418,452 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\11.04.13, Job 13-0335, NDR, Packzettel.pdf
[2013.04.08 22:14:26 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.08 21:25:43 | 000,066,020 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\Logfiles.zip
[2013.04.08 20:03:57 | 000,816,128 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\RogueKiller.exe
[2013.04.08 19:50:42 | 000,000,000 | ---- | C] () -- C:\Users\Karsten Gandor\defogger_reenable
[2013.04.08 19:42:29 | 000,791,040 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\RogueKillerX64.exe
[2013.04.08 19:36:43 | 000,377,856 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\gmer_2.1.19163.exe
[2013.04.08 19:36:01 | 000,050,477 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\Defogger.exe
[2013.03.28 14:04:55 | 000,001,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BCD3000 Control Panel.lnk
[2013.03.21 23:57:09 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.21 23:57:05 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.20 12:36:45 | 000,001,464 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\MSCS(v4.1).exe - Verknüpfung.lnk
[2013.02.27 13:16:51 | 000,028,623 | ---- | C] () -- C:\Users\Karsten Gandor\AppData\Local\recently-used.xbel
[2013.02.10 00:24:46 | 000,010,455 | ---- | C] () -- C:\Users\Karsten Gandor\Hogwash_elster_2048.pfx
[2013.01.16 23:34:38 | 001,527,500 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.11.14 13:19:20 | 000,049,152 | ---- | C] () -- C:\Windows\md5.exe
[2012.10.29 13:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.10.29 13:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.10.29 13:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.10.29 13:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.10.29 13:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.10.22 18:40:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.22 18:40:00 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.10.22 10:17:19 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2012.09.04 22:53:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.09.04 22:53:25 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.09.04 22:53:24 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.08.29 13:00:00 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2012.08.29 13:00:00 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2012.08.29 12:59:59 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2012.08.29 12:59:59 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2012.08.29 12:59:59 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2012.08.29 12:59:59 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2012.08.29 12:59:59 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2012.08.29 12:59:59 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2012.08.29 12:59:59 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2012.08.29 12:59:59 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2012.08.29 12:59:59 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2012.08.29 12:59:59 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2012.08.29 12:59:59 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2012.08.29 12:59:59 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2012.08.29 12:59:59 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2012.08.29 12:59:58 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2012.08.29 12:59:58 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2012.08.29 12:59:58 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2012.08.29 12:59:58 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2012.08.29 12:59:58 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2012.08.29 12:59:58 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2012.08.29 12:59:43 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2012.08.29 12:59:43 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2012.08.29 11:23:44 | 000,000,955 | ---- | C] () -- C:\Users\Karsten Gandor\AppData\Local\MathJournalCommonConstants.xml
[2012.08.29 10:39:50 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2012.08.29 00:12:24 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2012.08.29 00:12:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.11.14 10:29:30 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-HK.dll
[2011.11.14 10:29:28 | 000,088,064 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_th.dll
[2011.11.14 10:29:26 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sl.dll
[2011.11.14 10:29:24 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_hr.dll
[2011.11.14 10:29:24 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sk.dll
[2011.11.14 10:29:20 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_tr.dll
[2011.11.14 10:29:18 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ro.dll
[2011.11.14 10:29:16 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pt-BR.dll
[2011.11.14 10:29:14 | 000,092,160 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_hu.dll
[2011.11.14 10:29:12 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_fi.dll
[2011.11.14 10:29:12 | 000,084,992 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_he.dll
[2011.11.14 10:29:10 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_el.dll
[2011.11.14 10:29:08 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_cs.dll
[2011.11.14 10:29:08 | 000,087,040 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ar.dll
[2011.11.14 10:29:06 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-CHT.dll
[2011.11.14 10:29:04 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-CHS.dll
[2011.11.14 10:29:02 | 000,091,648 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sv.dll
[2011.11.14 10:29:00 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ru.dll
[2011.11.14 10:28:58 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pt.dll
[2011.11.14 10:28:58 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pl.dll
[2011.11.14 10:28:56 | 000,089,600 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_no.dll
[2011.11.14 10:28:54 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_nl.dll
[2011.11.14 10:28:54 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ko.dll
[2011.11.14 10:28:52 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ja.dll
[2011.11.14 10:28:50 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_it.dll
[2011.11.14 10:28:48 | 000,095,232 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_fr.dll
[2011.11.14 10:28:46 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_es.dll
[2011.11.14 10:28:44 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_de.dll
[2011.11.14 10:28:42 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_da.dll
[2011.04.21 18:56:28 | 001,008,640 | ---- | C] () -- C:\Windows\SysWow64\DemoLicense.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.04 19:18:37 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Audacity
[2012.08.29 10:52:01 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\BatteryBar
[2013.04.09 20:54:17 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Dropbox
[2012.08.29 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\EAC
[2012.11.05 13:39:22 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\elsterformular
[2013.04.08 19:33:19 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\foobar2000
[2012.09.07 13:33:07 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Foxit Software
[2012.09.07 14:11:26 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\FreeFileSync
[2012.10.10 21:57:24 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\HTC
[2012.10.10 21:58:06 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.12.06 00:31:33 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\IrfanView
[2013.03.18 23:00:36 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\LibreOffice
[2012.11.10 00:02:21 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Mobipocket
[2013.02.06 00:22:13 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Mp3tag
[2013.02.28 00:25:27 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\MyPhoneExplorer
[2013.04.08 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Notepad++
[2013.01.16 11:51:26 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\PhraseExpress
[2012.08.30 10:52:19 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Publish Providers
[2012.08.30 10:52:17 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Sony
[2012.08.29 09:06:15 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Thunderbird
[2012.11.15 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\uTorrent
[2012.08.29 11:00:10 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Wave Systems Corp
 
========== Purity Check ==========
 
 

< End of report >

Danke !

aharonov · 09.04.2013, 20:48

Hi,

doch, das war gut, dass das du nachgefragt hast. Manchmal kann man den nächsten Schritt ohne den vorhergehenden tatsächlich nicht brauchen.
Wie läuft der Rechner nach diesen Schritten hier?

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:OTL
O4 - HKU\S-1-5-21-55140348-4283757400-3586990977-1000..\Run: [RSS] C:\Users\Karsten Gandor\AppData\Roaming\Adobe\Flash Player\File Cache\file.vbs ()

:files
dir /a/s/b "C:\Users\Karsten Gandor\AppData\Roaming\Adobe" /c

:commands
[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.

Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
(Danach nicht vergessen, sie wieder einzuschalten.)
Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
Warte bis die Komponenten heruntergeladen sind.
Setze den Haken bei Scan archives.
Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
Drücke dann auf Start.
Die Signaturen werden heruntergeladen und der Scan startet automatisch.
Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
Falls nach Beendigung des Scans Funde angezeigt werden, dann:
- Drücke auf List of found threats.
- Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
- Drücke danach auf << Back.
Schliesse nun den Scanner mit einem Klick auf Finish.

Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.

Schritt 4

Downloade dir bitte SecurityCheck (Link 2).

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 5

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck
Log von OTL

Hogwash · 10.04.2013, 13:18

Hallo Leo,

also -
Fixlog von OTL

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-55140348-4283757400-3586990977-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RSS not found.
File C:\Users\***\AppData\Roaming\Adobe\Flash Player\File Cache\file.vbs not found.
========== FILES ==========
< dir /a/s/b "C:\Users\***\AppData\Roaming\Adobe" /c >
C:\Users\***\AppData\Roaming\Adobe\Acrobat
C:\Users\***\AppData\Roaming\Adobe\AIR
C:\Users\***\AppData\Roaming\Adobe\Flash Player
C:\Users\***\AppData\Roaming\Adobe\Headlights
C:\Users\***\AppData\Roaming\Adobe\Linguistics
C:\Users\***\AppData\Roaming\Adobe\LogTransport2
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\Collab
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\Forms
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\JSCache
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\Security
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\TMDocs.sav
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\TMGrpPrm.sav
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\JSCache\GlobData
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\JSCache\GlobSettings
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\Security\addressbook.acrodata
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\Security\CRLCache
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\Security\directories.acrodata
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\Security\services_rdr.dat
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\Security\services_rdri.dat
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\Security\services_rdrk.dat
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\Security\CRLCache\0A1178B9C296E3C2394DAD33C6E057B1A52A09A8.crl
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl
C:\Users\***\AppData\Roaming\Adobe\Acrobat\11.0\Security\CRLCache\B7F20844EA430A174287EE65FE7AB63296B06C84.crl
C:\Users\***\AppData\Roaming\Adobe\AIR\eulaAccepted
C:\Users\***\AppData\Roaming\Adobe\AIR\updateDisabled
C:\Users\***\AppData\Roaming\Adobe\AIR\Updater
C:\Users\***\AppData\Roaming\Adobe\Flash Player\AFCache
C:\Users\***\AppData\Roaming\Adobe\Flash Player\APSPrivateData2
C:\Users\***\AppData\Roaming\Adobe\Flash Player\AssetCache
C:\Users\***\AppData\Roaming\Adobe\Flash Player\File Cache
C:\Users\***\AppData\Roaming\Adobe\Flash Player\Icon Cache
C:\Users\***\AppData\Roaming\Adobe\Flash Player\NativeCache
C:\Users\***\AppData\Roaming\Adobe\Flash Player\AssetCache\P646V4CJ
C:\Users\***\AppData\Roaming\Adobe\Flash Player\AssetCache\P646V4CJ\1C04C61346A1FA3139A37D860ED92632AA13DECF.heu
C:\Users\***\AppData\Roaming\Adobe\Flash Player\AssetCache\P646V4CJ\1C04C61346A1FA3139A37D860ED92632AA13DECF.swz
C:\Users\***\AppData\Roaming\Adobe\Flash Player\AssetCache\P646V4CJ\8165D3AF89956F505BBF7B18667E0B2CCB9EC367.heu
C:\Users\***\AppData\Roaming\Adobe\Flash Player\AssetCache\P646V4CJ\8165D3AF89956F505BBF7B18667E0B2CCB9EC367.swz
C:\Users\***\AppData\Roaming\Adobe\Flash Player\AssetCache\P646V4CJ\8F903698240FE799F61EEDA8595181137B996156.heu
C:\Users\***\AppData\Roaming\Adobe\Flash Player\AssetCache\P646V4CJ\8F903698240FE799F61EEDA8595181137B996156.swz
C:\Users\***\AppData\Roaming\Adobe\Flash Player\AssetCache\P646V4CJ\AF07B46903A6C5D87A24725CB7D50DE352A0383C.heu
C:\Users\***\AppData\Roaming\Adobe\Flash Player\AssetCache\P646V4CJ\AF07B46903A6C5D87A24725CB7D50DE352A0383C.swz
C:\Users\***\AppData\Roaming\Adobe\Flash Player\AssetCache\P646V4CJ\cacheSize.txt
C:\Users\***\AppData\Roaming\Adobe\Flash Player\File Cache\libcurl.dll
C:\Users\***\AppData\Roaming\Adobe\Flash Player\File Cache\pthreadGC2.dll
C:\Users\***\AppData\Roaming\Adobe\Flash Player\File Cache\rss.bat
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04102013_095930

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

MBAM

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.10.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
*** :: PSYCHOWIN [Administrator]

Schutz: Deaktiviert

10.04.2013 10:04:39
mbam-log-2013-04-10 (10-04-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 242354
Laufzeit: 3 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET hat nichts gefunden.

SECURITY CHECK - hat am Anfang einen Fehler rausgeworfen:
Fenstertext: AutoIt Error
Fehlertext:
Line -1:
Error: Variable must be of type "object".

LOG:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 17  
 Adobe Flash Player 11.6.602.171  
 Adobe Reader XI  
 Mozilla Firefox (20.0) 
 Mozilla Thunderbird (17.0.4) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

OTL

Code:

ATTFilter

OTL logfile created on: 10.04.2013 13:45:56 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karsten Gandor\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,88 Gb Total Physical Memory | 8,67 Gb Available Physical Memory | 54,55% Memory free
15,88 Gb Paging File | 8,76 Gb Available in Paging File | 55,17% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,90 Gb Total Space | 11,81 Gb Free Space | 19,71% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 10,22 Gb Free Space | 68,17% Space Free | Partition Type: NTFS
Drive E: | 370,00 Gb Total Space | 118,42 Gb Free Space | 32,01% Space Free | Partition Type: NTFS
Drive F: | 100,00 Gb Total Space | 78,31 Gb Free Space | 78,31% Space Free | Partition Type: NTFS
Drive G: | 143,62 Gb Total Space | 47,36 Gb Free Space | 32,97% Space Free | Partition Type: NTFS
Drive H: | 59,24 Gb Total Space | 53,20 Gb Free Space | 89,81% Space Free | Partition Type: NTFS
Drive I: | 70,00 Gb Total Space | 61,80 Gb Free Space | 88,29% Space Free | Partition Type: NTFS
Drive J: | 14,91 Gb Total Space | 13,71 Gb Free Space | 91,99% Space Free | Partition Type: FAT32
Drive K: | 1000,00 Gb Total Space | 731,88 Gb Free Space | 73,19% Space Free | Partition Type: NTFS
Drive M: | 862,98 Gb Total Space | 787,13 Gb Free Space | 91,21% Space Free | Partition Type: NTFS
Drive Y: | 3,99 Gb Total Space | 3,99 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: PSYCHOWIN | User Name: Karsten Gandor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.04.08 19:36:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karsten Gandor\Desktop\OTL.exe
PRC - [2013.04.04 21:24:34 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.13 02:12:10 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Karsten Gandor\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.02.23 17:27:46 | 000,496,672 | ---- | M] (Binnerup Consult) -- C:\Program Files (x86)\Binnerup Consult\My Movies Collection Management\My Movies Tray.exe
PRC - [2013.01.24 17:12:22 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.01.09 18:36:34 | 014,026,448 | ---- | M] () -- C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.10.08 22:48:08 | 001,637,888 | ---- | M] () -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2011.07.25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011.02.08 01:41:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2011.01.23 19:47:46 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2011.01.23 19:47:44 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010.12.20 17:46:58 | 000,519,744 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\Digital Theatre\TotalMedia Server\TM Server.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.08.13 17:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2010.06.18 20:29:24 | 000,548,864 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) -- C:\Programme\Behringer\BCD3000\Drivers\bcd3kcpan.exe
PRC - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.04 21:24:34 | 003,143,576 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.18 22:56:45 | 003,208,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MyMoviesCommon\4.0.5.104__4f079cf7f10a3651\MyMoviesCommon.dll
MOD - [2013.03.18 22:56:45 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MyMoviesBonjourInterop\1.0.0.0__d46a0f70086f4c31\MyMoviesBonjourInterop.dll
MOD - [2013.02.24 16:37:59 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013.02.21 12:27:30 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013.02.21 12:27:24 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 22:00:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 22:00:05 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013.01.10 22:00:05 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.01.10 22:00:04 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.09 21:31:55 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 21:31:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 21:31:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 21:31:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 21:31:35 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.09 18:36:34 | 014,026,448 | ---- | M] () -- C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
MOD - [2013.01.09 18:36:28 | 000,437,456 | ---- | M] () -- C:\Program Files (x86)\PhraseExpress\pexlang.dll
MOD - [2012.05.11 11:56:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2011.07.25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2011.01.23 19:47:46 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2011.01.23 19:47:44 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010.11.21 05:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:52 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.04.05 05:56:22 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
MOD - [2010.04.05 05:56:20 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2010.04.05 05:56:18 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll
MOD - [2010.04.05 05:56:08 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL
MOD - [2010.04.05 05:55:16 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2010.04.05 05:55:06 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL
MOD - [2010.04.05 05:55:00 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL
MOD - [2010.04.05 05:54:54 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL
MOD - [2010.04.01 12:24:30 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll
MOD - [2010.04.01 12:23:28 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.05.27 07:16:52 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
MOD - [2009.04.07 14:25:28 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009.03.10 00:43:50 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009.03.02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009.02.20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXECsmr.dll
MOD - [2009.02.20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXECsm.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.05.11 11:56:00 | 000,825,152 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysNative\nvwmi64.exe -- (NVWMI)
SRV:64bit: - [2010.04.14 15:08:32 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010.04.14 15:08:24 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV:64bit: - [2010.02.10 17:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.04 21:24:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.13 02:12:10 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.24 17:12:22 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.08.23 17:05:12 | 003,342,640 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.08.23 17:04:28 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.08.23 17:04:00 | 000,629,040 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.08.23 17:03:14 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.08.23 14:39:38 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012.07.18 01:52:16 | 000,659,472 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.03.11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012.01.17 07:45:16 | 000,218,504 | ---- | M] () [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe -- (EmbassyService)
SRV - [2012.01.16 15:29:58 | 000,198,144 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe -- (WvPCR)
SRV - [2012.01.05 15:02:14 | 001,679,872 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV - [2011.12.08 10:45:42 | 004,146,032 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2011.11.11 14:42:14 | 002,167,176 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2011.10.08 22:48:08 | 001,637,888 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2011.07.28 14:50:16 | 000,519,536 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2011.05.13 10:10:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2011.05.13 10:10:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2011.02.08 01:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.01.25 01:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.04.14 15:08:24 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010.04.14 15:08:14 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeccoms.exe -- (lxec_device)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2008.11.25 12:45:40 | 000,153,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.13 02:12:14 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2013.03.13 02:12:14 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.12.14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.30 12:24:08 | 011,523,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012.09.20 06:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.20 06:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.08.30 12:52:44 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2012.08.30 12:52:44 | 000,074,120 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2012.08.29 10:39:34 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2012.08.29 00:27:48 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2012.08.29 00:27:48 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.08.29 00:27:48 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.08.29 00:27:48 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.08.29 00:27:48 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.10 23:44:18 | 000,482,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012.07.18 01:49:00 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.07.18 01:49:00 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012.04.29 07:27:00 | 000,073,000 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2012.03.11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 18:15:58 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.11.10 12:14:14 | 000,311,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcSec.sys -- (ArcSec)
DRV:64bit: - [2011.10.10 08:18:32 | 000,021,048 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rspLLL64.sys -- (rspLLL)
DRV:64bit: - [2011.07.22 12:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011.07.15 21:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011.05.26 10:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.05.10 14:05:48 | 000,038,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011.03.23 13:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.25 01:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.01.03 14:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.19 10:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 10:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.08.05 18:52:12 | 000,054,888 | ---- | M] (Behringer) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcd3000_x64.sys -- (bcd3000)
DRV:64bit: - [2010.08.05 18:52:12 | 000,032,872 | ---- | M] (Behringer) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcd3000wdm_x64.sys -- (bcd3000wdm)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.12.07 20:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-55140348-4283757400-3586990977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\S-1-5-21-55140348-4283757400-3586990977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
IE - HKU\S-1-5-21-55140348-4283757400-3586990977-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-55140348-4283757400-3586990977-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-55140348-4283757400-3586990977-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 21:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.18 23:00:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.18 23:00:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.18 23:00:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 21:24:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.18 23:00:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.29 09:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karsten Gandor\AppData\Roaming\mozilla\Extensions
[2013.04.04 21:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.04 21:24:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [My Movies Tray] C:\Program Files (x86)\Binnerup Consult\My Movies Collection Management\My Movies Tray.exe (Binnerup Consult)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-21-55140348-4283757400-3586990977-1000..\Run: [DesktopOK] D:\Arbeit\tools\Desktop Symbole\DesktopOK_x64.exe (Nenad Hrg SoftwareOK)
O4 - HKU\S-1-5-21-55140348-4283757400-3586990977-1000..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O4 - HKU\S-1-5-21-55140348-4283757400-3586990977-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-55140348-4283757400-3586990977-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Karsten Gandor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Karsten Gandor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-55140348-4283757400-3586990977-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F5919A6-992D-4C8E-9C15-34F8F48E3137}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AB07E9A-B733-4D8C-B941-7C90523EBFAB}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B720F82-0939-4571-8D29-C5190972A2FF}: DhcpNameServer = 192.168.115.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDA842D8-B5BE-4395-99F6-469A10CAD191}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5b44de90-7e8e-11e2-8f34-3859f9d90734}\Shell - "" = AutoRun
O33 - MountPoints2\{5b44de90-7e8e-11e2-8f34-3859f9d90734}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{7a979a68-7e99-11e2-ba9f-24770306ef24}\Shell - "" = AutoRun
O33 - MountPoints2\{7a979a68-7e99-11e2-ba9f-24770306ef24}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{b11e8409-7e98-11e2-8d84-24770306ef24}\Shell - "" = AutoRun
O33 - MountPoints2\{b11e8409-7e98-11e2-8d84-24770306ef24}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{b11e840d-7e98-11e2-8d84-24770306ef24}\Shell - "" = AutoRun
O33 - MountPoints2\{b11e840d-7e98-11e2-8d84-24770306ef24}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.10 10:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.04.10 10:09:01 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Karsten Gandor\Desktop\esetsmartinstaller_enu.exe
[2013.04.10 09:52:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.09 14:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brotherhood Software
[2013.04.09 10:54:05 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2013.04.09 10:40:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.09 10:39:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.09 10:39:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.09 10:39:00 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013.04.09 10:31:49 | 005,049,517 | R--- | C] (Swearware) -- C:\Users\Karsten Gandor\Desktop\ComboFix.exe
[2013.04.08 22:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.04.08 22:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.08 21:02:29 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.04.08 21:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.04.08 21:02:28 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\AppData\Roaming\Notepad++
[2013.04.08 21:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2013.04.08 19:51:11 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\Desktop\RK_Quarantine
[2013.04.08 19:44:47 | 009,741,664 | ---- | C] (SurfRight B.V.) -- C:\Users\Karsten Gandor\Desktop\hitmanpro_x64.exe
[2013.04.08 19:44:46 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\Desktop\HitmanPro_3.7.3.193
[2013.04.08 19:36:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Karsten Gandor\Desktop\OTL.exe
[2013.04.08 18:57:13 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.04.08 18:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.08 18:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.05 09:54:34 | 000,022,128 | ---- | C] (ST Microelectronics) -- C:\Windows\SysNative\drivers\stdcfltn.sys
[2013.04.05 09:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\STMicroelectronics
[2013.04.05 09:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STMicroelectronics
[2013.04.04 22:25:41 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\AppData\Roaming\Malwarebytes
[2013.04.04 22:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.04 22:25:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.04 22:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.04 22:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.04 22:25:20 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\AppData\Local\Programs
[2013.04.04 21:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.03 11:54:02 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\Documents\Native Instruments
[2013.04.03 11:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2013.04.03 11:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2013.03.28 22:25:39 | 000,000,000 | ---D | C] -- C:\Users\Karsten Gandor\AppData\Local\Diagnostics
[2013.03.28 14:04:55 | 000,054,888 | ---- | C] (Behringer) -- C:\Windows\SysNative\drivers\bcd3000_x64.sys
[2013.03.28 14:04:55 | 000,032,872 | ---- | C] (Behringer) -- C:\Windows\SysNative\drivers\bcd3000wdm_x64.sys
[2013.03.28 14:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Behringer
[2013.03.28 13:58:36 | 000,021,048 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\SysNative\drivers\rspLLL64.sys
[2013.03.28 13:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
[2013.03.28 13:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\LatencyMon
[2013.03.18 23:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.03.18 22:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0
[2013.03.18 22:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4.0
[2013.03.18 22:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Movies
[2013.03.18 22:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Binnerup Consult
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.10 13:40:11 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013.04.10 13:27:43 | 000,890,815 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\SecurityCheck.exe
[2013.04.10 13:16:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.10 10:11:14 | 001,632,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.10 10:11:14 | 000,701,738 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.10 10:11:14 | 000,663,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.10 10:11:14 | 000,148,392 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.10 10:11:14 | 000,124,774 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.10 10:09:02 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Karsten Gandor\Desktop\esetsmartinstaller_enu.exe
[2013.04.10 10:07:27 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.10 10:07:27 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.10 10:03:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 10:00:23 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.10 10:00:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.10 10:00:12 | 4202,262,526 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.09 15:01:14 | 000,001,273 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\CaptchaNotifier.exe - Verknüpfung.lnk
[2013.04.09 12:13:39 | 000,292,402 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\Grundriss Mannes 12.jpg
[2013.04.09 10:40:12 | 000,000,331 | ---- | M] () -- C:\Start_.cmd
[2013.04.09 10:31:50 | 005,049,517 | R--- | M] (Swearware) -- C:\Users\Karsten Gandor\Desktop\ComboFix.exe
[2013.04.08 23:06:20 | 007,039,892 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\DSC_0029.JPG
[2013.04.08 23:06:09 | 009,043,188 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\DSC_0036.JPG
[2013.04.08 23:05:52 | 007,454,203 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\DSC_0054.JPG
[2013.04.08 23:05:06 | 000,193,290 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\Produktionsauftrag Hoerfunk_NDR.rtf
[2013.04.08 23:04:45 | 001,418,452 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\11.04.13, Job 13-0335, NDR, Packzettel.pdf
[2013.04.08 22:14:26 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.08 21:25:43 | 000,066,020 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\Logfiles.zip
[2013.04.08 20:03:58 | 000,816,128 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\RogueKiller.exe
[2013.04.08 19:50:42 | 000,000,000 | ---- | M] () -- C:\Users\Karsten Gandor\defogger_reenable
[2013.04.08 19:42:30 | 000,791,040 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\RogueKillerX64.exe
[2013.04.08 19:36:43 | 000,377,856 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\gmer_2.1.19163.exe
[2013.04.08 19:36:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karsten Gandor\Desktop\OTL.exe
[2013.04.08 19:36:02 | 000,050,477 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\Defogger.exe
[2013.04.08 18:57:13 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.04.05 09:08:05 | 009,741,664 | ---- | M] (SurfRight B.V.) -- C:\Users\Karsten Gandor\Desktop\hitmanpro_x64.exe
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.01 20:40:05 | 000,001,059 | ---- | M] () -- C:\Users\Karsten Gandor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.01 20:39:59 | 000,001,045 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\Dropbox.lnk
[2013.03.28 14:04:55 | 000,001,086 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BCD3000 Control Panel.lnk
[2013.03.21 23:57:09 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.21 23:57:05 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.20 12:36:45 | 000,001,464 | ---- | M] () -- C:\Users\Karsten Gandor\Desktop\MSCS(v4.1).exe - Verknüpfung.lnk
[2013.03.18 23:34:18 | 000,585,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.13 02:12:12 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
 
========== Files Created - No Company Name ==========
 
[2013.04.10 13:27:42 | 000,890,815 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\SecurityCheck.exe
[2013.04.10 10:03:11 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.09 15:01:14 | 000,001,273 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\CaptchaNotifier.exe - Verknüpfung.lnk
[2013.04.09 11:33:31 | 000,292,402 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\Grundriss Mannes 12.jpg
[2013.04.09 10:40:12 | 000,000,331 | ---- | C] () -- C:\Start_.cmd
[2013.04.08 23:06:18 | 007,039,892 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\DSC_0029.JPG
[2013.04.08 23:06:06 | 009,043,188 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\DSC_0036.JPG
[2013.04.08 23:05:51 | 007,454,203 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\DSC_0054.JPG
[2013.04.08 23:05:05 | 000,193,290 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\Produktionsauftrag Hoerfunk_NDR.rtf
[2013.04.08 23:04:44 | 001,418,452 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\11.04.13, Job 13-0335, NDR, Packzettel.pdf
[2013.04.08 22:14:26 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.08 21:25:43 | 000,066,020 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\Logfiles.zip
[2013.04.08 20:03:57 | 000,816,128 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\RogueKiller.exe
[2013.04.08 19:50:42 | 000,000,000 | ---- | C] () -- C:\Users\Karsten Gandor\defogger_reenable
[2013.04.08 19:42:29 | 000,791,040 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\RogueKillerX64.exe
[2013.04.08 19:36:43 | 000,377,856 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\gmer_2.1.19163.exe
[2013.04.08 19:36:01 | 000,050,477 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\Defogger.exe
[2013.03.28 14:04:55 | 000,001,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BCD3000 Control Panel.lnk
[2013.03.21 23:57:09 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.21 23:57:05 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.20 12:36:45 | 000,001,464 | ---- | C] () -- C:\Users\Karsten Gandor\Desktop\MSCS(v4.1).exe - Verknüpfung.lnk
[2013.02.27 13:16:51 | 000,028,623 | ---- | C] () -- C:\Users\Karsten Gandor\AppData\Local\recently-used.xbel
[2013.02.10 00:24:46 | 000,010,455 | ---- | C] () -- C:\Users\Karsten Gandor\Hogwash_elster_2048.pfx
[2013.01.16 23:34:38 | 001,527,500 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.11.14 13:19:20 | 000,049,152 | ---- | C] () -- C:\Windows\md5.exe
[2012.10.29 13:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.10.29 13:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.10.29 13:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.10.29 13:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.10.29 13:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.10.22 18:40:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.22 18:40:00 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.10.22 10:17:19 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2012.09.04 22:53:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.09.04 22:53:25 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.09.04 22:53:24 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.08.29 13:00:00 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2012.08.29 13:00:00 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2012.08.29 12:59:59 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2012.08.29 12:59:59 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2012.08.29 12:59:59 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2012.08.29 12:59:59 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2012.08.29 12:59:59 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2012.08.29 12:59:59 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2012.08.29 12:59:59 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2012.08.29 12:59:59 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2012.08.29 12:59:59 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2012.08.29 12:59:59 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2012.08.29 12:59:59 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2012.08.29 12:59:59 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2012.08.29 12:59:59 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2012.08.29 12:59:58 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2012.08.29 12:59:58 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2012.08.29 12:59:58 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2012.08.29 12:59:58 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2012.08.29 12:59:58 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2012.08.29 12:59:58 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2012.08.29 12:59:43 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2012.08.29 12:59:43 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2012.08.29 11:23:44 | 000,000,955 | ---- | C] () -- C:\Users\Karsten Gandor\AppData\Local\MathJournalCommonConstants.xml
[2012.08.29 10:39:50 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2012.08.29 00:12:24 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2012.08.29 00:12:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.11.14 10:29:30 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-HK.dll
[2011.11.14 10:29:28 | 000,088,064 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_th.dll
[2011.11.14 10:29:26 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sl.dll
[2011.11.14 10:29:24 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_hr.dll
[2011.11.14 10:29:24 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sk.dll
[2011.11.14 10:29:20 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_tr.dll
[2011.11.14 10:29:18 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ro.dll
[2011.11.14 10:29:16 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pt-BR.dll
[2011.11.14 10:29:14 | 000,092,160 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_hu.dll
[2011.11.14 10:29:12 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_fi.dll
[2011.11.14 10:29:12 | 000,084,992 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_he.dll
[2011.11.14 10:29:10 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_el.dll
[2011.11.14 10:29:08 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_cs.dll
[2011.11.14 10:29:08 | 000,087,040 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ar.dll
[2011.11.14 10:29:06 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-CHT.dll
[2011.11.14 10:29:04 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-CHS.dll
[2011.11.14 10:29:02 | 000,091,648 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sv.dll
[2011.11.14 10:29:00 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ru.dll
[2011.11.14 10:28:58 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pt.dll
[2011.11.14 10:28:58 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pl.dll
[2011.11.14 10:28:56 | 000,089,600 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_no.dll
[2011.11.14 10:28:54 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_nl.dll
[2011.11.14 10:28:54 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ko.dll
[2011.11.14 10:28:52 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ja.dll
[2011.11.14 10:28:50 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_it.dll
[2011.11.14 10:28:48 | 000,095,232 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_fr.dll
[2011.11.14 10:28:46 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_es.dll
[2011.11.14 10:28:44 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_de.dll
[2011.11.14 10:28:42 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_da.dll
[2011.04.21 18:56:28 | 001,008,640 | ---- | C] () -- C:\Windows\SysWow64\DemoLicense.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.04 19:18:37 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Audacity
[2012.08.29 10:52:01 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\BatteryBar
[2013.04.10 10:01:08 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Dropbox
[2012.08.29 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\EAC
[2012.11.05 13:39:22 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\elsterformular
[2013.04.08 19:33:19 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\foobar2000
[2012.09.07 13:33:07 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Foxit Software
[2012.09.07 14:11:26 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\FreeFileSync
[2012.10.10 21:57:24 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\HTC
[2012.10.10 21:58:06 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.12.06 00:31:33 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\IrfanView
[2013.03.18 23:00:36 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\LibreOffice
[2012.11.10 00:02:21 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Mobipocket
[2013.02.06 00:22:13 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Mp3tag
[2013.02.28 00:25:27 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\MyPhoneExplorer
[2013.04.08 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Notepad++
[2013.01.16 11:51:26 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\PhraseExpress
[2012.08.30 10:52:19 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Publish Providers
[2012.08.30 10:52:17 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Sony
[2012.08.29 09:06:15 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Thunderbird
[2012.11.15 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\uTorrent
[2012.08.29 11:00:10 | 000,000,000 | ---D | M] -- C:\Users\Karsten Gandor\AppData\Roaming\Wave Systems Corp
 
========== Purity Check ==========
 
 

< End of report >

Die Fehlermeldung beim Boot ist übrigens weg.
Allerdings hat sich meine W-LAN-Karte, sowie Bluetooth, HD-Audio und Smartcard-Reader nach dem Reboot deaktiviert....

WLAN-Verbindung war beim anmelden da und hat sich dann nach einer Minute oder so deaktiviert (ist im Gerätemanager zu sehen).
Habe es händisch wieder aktiviert und jetzt läuft es wieder.
Kann das zusammen hängen ?

Noch eine Forumstechnische Frage:
Habe inzwischen gemerkt, daß ich in meinem Combofix-Log vergessen habe meinen Namem auszuradieren... editieren kann ich ja nun nicht mehr - kann man das noch ändern ?

Danke schonmal,
Karsten

aharonov · 10.04.2013, 13:56

Hallo Karsten,

das sieht gut aus.
Zu den anderen Problemen, die du erwähnst: Wenn das nur eine einmalige Sache war, dann ist das ok. Wenn es wiederholt auftritt, wäre es dann angebracht, mal genauer hinzusehen.

Zitat:

Habe inzwischen gemerkt, daß ich in meinem Combofix-Log vergessen habe meinen Namem auszuradieren... editieren kann ich ja nun nicht mehr - kann man das noch ändern ?

Ja, die gibt es. Siehe hier unter Punkt 1: http://www.trojaner-board.de/108423-...-anfragen.html

Da auch all deine Software schon vorbildlich auf dem neusten Stand ist, müssen wir hier nur noch aufräumen.

Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.

Falls zu Beginn defogger verwendet wurde, dann starte defogger und drücke den Button Re-enable.
Falls Combofix eingesetzt wurde, dann deaktiviere jetzt temporär das Antivirenprogramm, benenne bei der auf dem Desktop vorhandenen Combofix.exe das "Combofix" im Dateinamen um in Uninstall und führe sie mit Doppelklick aus.
Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
- Schliesse alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.

>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus.

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.

Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:

Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.

Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.

Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:

NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.

Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:

Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Hogwash · 10.04.2013, 21:10

Tausend Dank Leo !

Das scheint es wirklich gewesen zu sein.
Das finde ich echt klasse, was ihr hier (prinzipiell) unentgeltlich macht. Ich werde auch ungehend eine Spende losjagen !

Trotzdem noch eine Frage:

Ich habe ein zweites System (mein Desktop-Rechner), das - oh, Wunder - mit demselben Parasiten befallen ist. (Ich synce die Rechner gelegentlich, da ist das wohl passiert....?)
Kann ich den Rechner mit denselben Tools und dem custom Fix

Code:

ATTFilter

:OTL
O4 - HKU\S-1-5-21-55140348-4283757400-3586990977-1000..\Run: [RSS] C:\Users\***\AppData\Roaming\Adobe\Flash Player\File Cache\file.vbs ()

:files
dir /a/s/b "C:\Users\***\AppData\Roaming\Adobe" /c

:commands
[emptytemp]

bereinigen ?
Der Rechner ist an derselben Stellen befallen - und vor allem: ich habe dort Windows7 und WindowsXP als Dual Boot aufgesetzt und obwohl ich XP nur sehr selten für Audio-Geschichten benutze, ist XP auch befallen ! Scheinbar sucht das Programm sich die Systempartitionen raus. Fast schon spannend... :-D

Würde das klappen ?
Wenn ich die Ordnerpfade und Namen ändere, versteht sich...

Karsten

aharonov · 11.04.2013, 02:31

Hallo Karsten,

kannst du diese Datei rss.exe bitte mal zu Virustotal hochladen und den Link zur Analyse hier posten?

Hogwash · 11.04.2013, 11:06

Hier der Link:
https://www.virustotal.com/de/file/5b7ca4fd50880c566e06c549fd3430baaf72f3093951c162f28809260376361d/analysis/1365667127/
Der Virus war auch schon bekannt, habe aber nochmal scannen lassen.
Bei der Suche, bzw. Wiederherstellung der "rss.exe" habe ich festgestellt, daß in dem Ordner sich auch noch eine "rss.bat" befindet - sollte mich das beunruhigen ?
Comodo hat ja aber keinen Virus darin gefunden...

Zu meinem Desktop-Rechner:
Da hatte ich aus Ratlosigkeit den \File Cache- Ordner einfach mal gelöscht und bekommen nun immer die Meldung, daß die "file.vbs" nicht gefunden werden kann.
Könnte ich die Bereinigung vom Laptop auch auf den Desktop anwenden, oder habe ich die Chance durch das Löschen des Ordners schon vertan ?

Besten Dank wiedermal,
Karsten

p.s.: in der Post-Vorschau bekomme ich den Link nackt, also nicht blau hinterlegt angezeigt...falls das in fertigen Post immer noch so ist, dann verzeih bitte. Mehr als "Link einfügen" klicken und den Link da einfügen kann ich nicht machen. Sorry.

aharonov · 11.04.2013, 11:52

Hallo Karsten,

die rss.bat kannst du ebenfalls löschen.

Zitat:

Könnte ich die Bereinigung vom Laptop auch auf den Desktop anwenden

Nein, das sollte man nie machen! (und wird auch nicht ohne weiteres klappen)
Mach doch auf diesem Desktop-Rechner noch schnell einen OTL-Scan, dann kann ich drüberschauen, ob sonst noch was drauf ist und die Resten entfernen, welche noch stehengeblieben sind und die Meldung verursachen.

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

Hogwash · 11.04.2013, 20:53

Hallo Leo,

hier die Scans von OTL.
Da ich ja, wie gesagt, die zweite Boot-Partition mit XP habe und ich diese zumindest mit meinem Wissen und meinen Augen nicht im Log finden konnte, habe ich von XP aus auch nochmal einn OTL-Scan gemacht. Benannt mit OTL-XP und Extras-XP.
Hoffe, das ist OK.

Hier also die Hauptpartition - Windows7
OTL

Code:

ATTFilter

OTL logfile created on: 11.04.2013 20:46:56 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\HeimHoschi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 3,96 Gb Available Physical Memory | 49,53% Memory free
8,00 Gb Paging File | 3,89 Gb Available in Paging File | 48,60% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 45,90 Gb Total Space | 17,51 Gb Free Space | 38,14% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 15,28 Gb Free Space | 76,38% Space Free | Partition Type: NTFS
Drive E: | 430,76 Gb Total Space | 12,76 Gb Free Space | 2,96% Space Free | Partition Type: NTFS
Drive F: | 23,00 Gb Total Space | 12,82 Gb Free Space | 55,72% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 184,09 Gb Free Space | 19,76% Space Free | Partition Type: NTFS
Drive H: | 206,44 Gb Total Space | 156,08 Gb Free Space | 75,60% Space Free | Partition Type: NTFS
Drive I: | 298,09 Gb Total Space | 124,57 Gb Free Space | 41,79% Space Free | Partition Type: NTFS
Drive J: | 705,07 Gb Total Space | 338,00 Gb Free Space | 47,94% Space Free | Partition Type: NTFS
Drive L: | 9,99 Gb Total Space | 0,97 Gb Free Space | 9,74% Space Free | Partition Type: NTFS
Drive N: | 1000,00 Gb Total Space | 749,60 Gb Free Space | 74,96% Space Free | Partition Type: NTFS
Drive O: | 862,98 Gb Total Space | 771,18 Gb Free Space | 89,36% Space Free | Partition Type: NTFS
Drive Y: | 2,00 Gb Total Space | 1,95 Gb Free Space | 97,80% Space Free | Partition Type: FAT32
Drive Z: | 12,00 Gb Total Space | 11,91 Gb Free Space | 99,24% Space Free | Partition Type: NTFS
 
Computer Name: HEIMHOSCHI | User Name: HeimHoschi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.11 19:16:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HeimHoschi\Desktop\OTL.exe
PRC - [2013.03.29 16:22:21 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\HeimHoschi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.03.09 14:38:53 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.01.09 18:36:34 | 014,026,448 | ---- | M] () -- C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.06 21:56:28 | 000,331,776 | ---- | M] (VIA Technologies, Inc.) -- C:\VIA_XHCI\usb3Monitor.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2010.06.18 20:29:24 | 000,548,864 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) -- C:\Programme\Behringer\BCD3000\Drivers\bcd3kcpan.exe
PRC - [2000.01.01 02:00:00 | 000,052,888 | ---- | M] () -- C:\Program Files (x86)\VIA\RAID\vialogsv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.29 16:22:20 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.03.09 14:38:53 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.06 21:32:05 | 003,982,848 | ---- | M] () -- C:\Program Files (x86)\JustCloud\MPCBIconOverlays.dll
MOD - [2013.02.24 06:57:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.16 11:24:16 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013.01.16 11:24:16 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.01.16 11:24:15 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.16 11:23:50 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.16 11:23:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.16 11:23:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.16 11:23:30 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.16 11:23:26 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.09 18:36:34 | 014,026,448 | ---- | M] () -- C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
MOD - [2013.01.09 18:36:28 | 000,437,456 | ---- | M] () -- C:\Program Files (x86)\PhraseExpress\pexlang.dll
MOD - [2010.11.21 05:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.04.18 15:58:58 | 000,904,704 | ---- | M] () -- C:\Program Files (x86)\JustCloud\x86\System.Data.SQLite.dll
MOD - [2009.06.10 23:41:46 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.resources.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 17:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.04.14 15:08:32 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010.04.14 15:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.03 03:16:06 | 001,149,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.03.09 14:38:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.06 21:31:21 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\JustCloud\BackupStack.exe -- (BackupStack)
SRV - [2013.02.07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.08 01:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.04.14 15:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010.04.14 15:08:14 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeccoms.exe -- (lxec_device)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.25 11:45:40 | 000,153,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2000.01.01 02:00:00 | 000,052,888 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VIA\RAID\vialogsv.exe -- (VRAID Log Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.03 13:50:54 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2013.03.15 17:00:06 | 000,633,680 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2013.03.15 17:00:06 | 000,390,352 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2013.03.15 17:00:06 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2013.03.15 17:00:06 | 000,039,248 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2013.03.04 09:35:08 | 000,838,216 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013.02.07 20:37:48 | 000,023,968 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rspLLL64.sys -- (rspLLL)
DRV:64bit: - [2012.12.19 07:41:54 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.11.08 01:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012.11.06 21:56:28 | 000,254,464 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2012.11.06 21:56:28 | 000,205,312 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2012.11.05 23:03:25 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012.08.28 14:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.12.24 08:45:30 | 000,071,464 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2011.11.17 19:34:04 | 000,017,008 | ---- | M] (VIA Labs, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vl810filter.sys -- (vl810filter)
DRV:64bit: - [2011.11.10 12:14:14 | 000,311,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcSec.sys -- (ArcSec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.17 02:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.08.05 18:52:12 | 000,054,888 | ---- | M] (Behringer) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcd3000_x64.sys -- (bcd3000)
DRV:64bit: - [2010.08.05 18:52:12 | 000,032,872 | ---- | M] (Behringer) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcd3000wdm_x64.sys -- (bcd3000wdm)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:40 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avcstrm.sys -- (AVCSTRM)
DRV:64bit: - [2009.07.14 02:06:39 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstape.sys -- (MSTAPE)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2000.01.01 02:00:00 | 000,157,336 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64)
DRV:64bit: - [2000.01.01 02:00:00 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2000.01.01 02:00:00 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2000.01.01 02:00:00 | 000,016,552 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV - [2012.04.09 11:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2011.06.02 12:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3606968630-3181919447-2247673128-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\S-1-5-21-3606968630-3181919447-2247673128-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
IE - HKU\S-1-5-21-3606968630-3181919447-2247673128-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3606968630-3181919447-2247673128-1000\..\SearchScopes\{7090929B-E6E4-4178-9FB3-D998898F688D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=F02BAD22-5499-4BA5-83EF-B140C6ADC131&apn_sauid=47AF1994-9B3C-4DA9-8BB5-AEBC27845DD6
IE - HKU\S-1-5-21-3606968630-3181919447-2247673128-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3606968630-3181919447-2247673128-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 14:38:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.10 23:06:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 14:38:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.10 23:06:37 | 000,000,000 | ---D | M]
 
[2012.04.03 11:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HeimHoschi\AppData\Roaming\mozilla\Extensions
[2013.03.29 14:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.09 14:38:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.17 14:22:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 14:10:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.17 14:22:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 14:22:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 14:22:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 14:22:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3606968630-3181919447-2247673128-1000..\Run: [RSS] wscript "C:\Users\HeimHoschi\AppData\Roaming\Adobe\Flash Player\File Cache\file.vbs" "C:\Users\HeimHoschi\AppData\Roaming\Adobe\Flash Player\File Cache\rss.bat" File not found
O4 - HKU\S-1-5-21-3606968630-3181919447-2247673128-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\HeimHoschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HeimHoschi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\HeimHoschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JustCloud.lnk = C:\Program Files (x86)\JustCloud\JustCloud.exe (JustCloud.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03C1FF34-0728-499B-9D43-58D64C9BDD4D}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.03 10:42:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.01.08 15:04:50 | 000,000,000 | ---D | M] - F:\Auto Gordian Knot -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.11 19:16:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HeimHoschi\Desktop\OTL.exe
[2013.04.04 10:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2013.04.03 21:46:24 | 000,000,000 | ---D | C] -- C:\Users\HeimHoschi\AppData\Roaming\Malwarebytes
[2013.04.03 21:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.03 21:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.03 21:46:09 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.03 21:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.03 14:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.04.03 14:01:33 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.04.03 13:50:54 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.04.03 13:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013.04.03 13:50:54 | 000,000,000 | ---D | C] -- C:\Users\HeimHoschi\AppData\Roaming\Spyware Terminator
[2013.04.03 13:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013.04.03 13:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2013.04.03 01:32:29 | 000,000,000 | ---D | C] -- C:\Users\HeimHoschi\AppData\Local\NeoSmart_Technologies
[2013.04.03 01:31:24 | 000,000,000 | ---D | C] -- C:\NST
[2013.04.03 01:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
[2013.04.03 01:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
[2013.03.30 15:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2013.03.30 15:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2013.03.30 15:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2013.03.30 15:28:54 | 000,039,248 | ---- | C] (Paragon Software Group) -- C:\Windows\SysNative\drivers\hotcore3.sys
[2013.03.30 15:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2013 Free
[2013.03.30 14:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paragon Software
[2013.03.30 00:47:59 | 000,838,216 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.03.30 00:47:59 | 000,078,920 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2013.03.30 00:39:26 | 000,058,536 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys
[2013.03.30 00:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.03.30 00:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.03.30 00:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2013.03.30 00:23:04 | 000,000,000 | ---D | C] -- C:\Users\HeimHoschi\AppData\Local\PC_Drivers_Headquarters
[2013.03.30 00:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2013.03.30 00:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
[2013.03.30 00:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2013.03.29 23:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.29 23:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.03.29 23:21:42 | 000,000,000 | ---D | C] -- C:\Users\HeimHoschi\AppData\Local\Programs
[2013.03.29 16:25:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.03.29 16:22:21 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.29 16:22:21 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.29 16:22:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.03.29 16:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.03.29 16:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.03.29 14:19:37 | 000,000,000 | ---D | C] -- C:\AMD
[2013.03.29 14:14:31 | 000,000,000 | ---D | C] -- C:\Users\HeimHoschi\AppData\Local\AMD
[2013.03.29 14:14:27 | 000,000,000 | ---D | C] -- C:\Users\HeimHoschi\AppData\Roaming\ATI
[2013.03.29 14:14:27 | 000,000,000 | ---D | C] -- C:\Users\HeimHoschi\AppData\Local\ATI
[2013.03.29 14:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.03.29 14:00:23 | 000,194,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.03.29 14:00:23 | 000,031,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.03.29 14:00:22 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.29 14:00:22 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.29 14:00:22 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.29 14:00:22 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.03.29 14:00:22 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.29 14:00:22 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.03.29 14:00:22 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.29 14:00:22 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.03.29 14:00:22 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.29 14:00:22 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.29 14:00:22 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.03.29 14:00:22 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.03.29 14:00:22 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.29 14:00:22 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.29 14:00:22 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.29 14:00:22 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.29 14:00:22 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.03.29 14:00:22 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.03.29 14:00:22 | 000,968,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.03.29 14:00:22 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.03.29 14:00:22 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.03.28 21:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.03.28 21:02:59 | 000,000,000 | ---D | C] -- C:\Users\HeimHoschi\AppData\Roaming\HD Tune Pro
[2013.03.28 21:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
[2013.03.28 21:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune Pro
[2013.03.28 14:40:44 | 000,190,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.03.28 09:22:01 | 000,023,968 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\SysNative\drivers\rspLLL64.sys
[2013.03.28 09:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
[2013.03.28 09:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\LatencyMon
[2013.03.27 15:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0
[2013.03.27 15:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4.0
[2013.03.24 21:56:55 | 000,000,000 | ---D | C] -- C:\Users\HeimHoschi\AppData\Roaming\MPEG Streamclip
[2013.03.24 21:41:14 | 000,000,000 | ---D | C] -- C:\Users\HeimHoschi\AppData\Roaming\mkvtoolnix
[2013.03.22 09:49:30 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.18 20:58:52 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.18 20:58:47 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.18 20:58:47 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.18 20:58:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.03.18 20:58:44 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.18 20:58:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.18 20:58:44 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.18 20:58:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.18 20:58:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.18 20:58:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.18 20:58:41 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.18 20:58:41 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.18 20:58:40 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.18 20:58:39 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.18 20:58:39 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.18 20:58:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.18 20:58:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.18 20:58:38 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.18 20:58:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.18 20:58:37 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.18 20:58:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.18 20:58:36 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.18 20:58:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.18 20:58:35 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.18 20:58:35 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.18 20:58:34 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.18 20:58:34 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.18 20:58:33 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.18 20:58:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.18 20:58:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.18 20:58:33 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.18 20:58:27 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.18 20:58:27 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.18 20:58:27 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.18 20:58:27 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.18 20:58:27 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.18 20:58:27 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.18 20:58:27 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.18 20:58:27 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.18 20:58:27 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.18 20:58:27 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.18 20:58:27 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.18 20:58:27 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.18 20:58:27 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.18 20:58:27 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.18 20:58:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.18 20:58:27 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.18 20:58:27 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.18 20:58:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.18 20:58:27 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.18 20:58:27 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.18 20:58:27 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.18 20:58:27 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.18 20:58:27 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.18 20:58:27 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.18 20:58:27 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.18 20:58:27 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.03.18 20:58:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.18 20:58:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.18 20:58:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.03.18 20:58:27 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.18 20:58:27 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.18 20:58:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.18 20:58:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.18 20:58:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.03.18 20:58:27 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.18 20:58:27 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.18 20:58:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.18 20:57:27 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.18 20:57:27 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.18 20:57:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.18 20:57:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.18 20:57:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.18 20:57:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.18 20:57:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.18 20:57:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.18 20:57:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.18 20:57:26 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.03.18 20:57:26 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.18 20:57:26 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.18 20:57:26 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.18 20:57:26 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.18 20:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.18 20:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.18 20:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.18 20:57:26 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.18 20:57:26 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.18 20:57:25 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.03.18 20:57:25 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.03.18 20:57:25 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.03.18 20:57:25 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.03.18 20:57:25 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.03.18 20:57:25 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.03.18 20:57:25 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.03.18 20:57:25 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.03.18 20:57:25 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.03.18 20:57:25 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.03.18 20:57:24 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.03.18 20:57:24 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.03.18 20:57:23 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.03.18 20:57:23 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.03.18 20:57:23 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.03.18 20:57:23 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.03.18 20:57:23 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.03.18 20:57:23 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.03.18 20:57:23 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.03.18 20:57:23 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.03.18 20:57:22 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.03.18 20:57:22 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.03.18 20:56:19 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.15 17:00:08 | 000,251,728 | ---- | C] (Paragon Software Group) -- C:\Windows\SysWow64\prgiso.dll
[2013.03.15 17:00:06 | 000,633,680 | ---- | C] (Paragon) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys
[2013.03.15 17:00:06 | 000,472,016 | ---- | C] (Paragon) -- C:\Windows\SysNative\drivers\UimFIO.sys
[2013.03.15 17:00:06 | 000,390,352 | ---- | C] (Paragon) -- C:\Windows\SysNative\drivers\uim_vimx64.sys
[2013.03.15 17:00:06 | 000,090,960 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\Windows\SysNative\drivers\uimx64.sys
[2013.03.14 23:07:52 | 000,559,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.03.14 13:54:31 | 000,054,888 | ---- | C] (Behringer) -- C:\Windows\SysNative\drivers\bcd3000_x64.sys
[2013.03.14 13:54:31 | 000,032,872 | ---- | C] (Behringer) -- C:\Windows\SysNative\drivers\bcd3000wdm_x64.sys
[2013.03.14 13:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Behringer
[2013.02.19 20:01:36 | 142,224,152 | ---- | C] (Native Instruments                                                                                                                                                                                                                                                                                          ) -- C:\Users\HeimHoschi\AppData\Roaming\Traktor 2 2.6.1 Setup PC.exe
[2012.07.12 10:28:44 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.11 20:41:25 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013.04.11 19:41:33 | 001,629,916 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.11 19:41:33 | 000,700,858 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.11 19:41:33 | 000,662,740 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.11 19:41:33 | 000,147,544 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.11 19:41:33 | 000,123,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.11 19:16:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HeimHoschi\Desktop\OTL.exe
[2013.04.11 09:39:54 | 000,025,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 09:39:54 | 000,025,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 09:31:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.05 13:32:25 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2013.04.04 10:34:14 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2013.04.03 21:46:13 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.03 14:01:42 | 000,002,195 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.03 13:50:54 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.04.03 13:50:54 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013.04.03 11:07:38 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013.04.03 10:42:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013.04.03 10:42:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013.04.03 10:42:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2013.04.03 10:42:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013.04.03 10:24:01 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2013.04.03 01:31:08 | 000,024,576 | ---- | M] () -- C:\Users\HeimHoschi\Documents\EasyBCD Backup (2013-04-03).bcd
[2013.04.03 01:30:59 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\EasyBCD 2.2.lnk
[2013.03.30 15:28:54 | 000,002,441 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2013 Free.lnk
[2013.03.30 01:06:32 | 000,001,056 | ---- | M] () -- C:\Users\HeimHoschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.30 01:06:26 | 000,001,034 | ---- | M] () -- C:\Users\HeimHoschi\Desktop\Dropbox.lnk
[2013.03.30 00:22:44 | 000,002,541 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2013.03.29 23:11:58 | 000,007,601 | ---- | M] () -- C:\Users\HeimHoschi\AppData\Local\resmon.resmoncfg
[2013.03.29 16:22:21 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.29 16:22:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.29 14:59:03 | 000,001,249 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2013.03.28 12:38:14 | 000,001,594 | ---- | M] () -- C:\Users\HeimHoschi\AppData\Local\recently-used.xbel
[2013.03.28 10:01:42 | 000,001,274 | ---- | M] () -- C:\Users\HeimHoschi\Desktop\LatMon.exe.lnk
[2013.03.28 08:39:35 | 000,511,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.22 09:49:27 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.03.22 09:49:27 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.22 09:49:27 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.22 09:49:27 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.22 09:49:27 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.22 09:49:27 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.18 20:58:52 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.18 20:58:47 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.18 20:58:47 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.18 20:58:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.03.18 20:58:44 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.18 20:58:44 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.18 20:58:44 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.18 20:58:44 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.18 20:58:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.18 20:58:43 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.18 20:58:41 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.18 20:58:41 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.18 20:58:40 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.18 20:58:39 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.18 20:58:39 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.18 20:58:39 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.18 20:58:39 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.18 20:58:38 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.18 20:58:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.18 20:58:37 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.18 20:58:37 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.18 20:58:36 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.18 20:58:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.18 20:58:35 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.18 20:58:35 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.18 20:58:34 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.18 20:58:34 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.18 20:58:33 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.18 20:58:33 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.18 20:58:33 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.18 20:58:33 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.18 20:58:33 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.18 20:58:27 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.18 20:58:27 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.18 20:58:27 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.18 20:58:27 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.18 20:58:27 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.18 20:58:27 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.18 20:58:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.18 20:58:27 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.18 20:58:27 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.18 20:58:27 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.18 20:58:27 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.18 20:58:27 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.18 20:58:27 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.18 20:58:27 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.18 20:58:27 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.18 20:58:27 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.18 20:58:27 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.18 20:58:27 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.18 20:58:27 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.18 20:58:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.18 20:58:27 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.18 20:58:27 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.18 20:58:27 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.18 20:58:27 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.18 20:58:27 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.18 20:58:27 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.03.18 20:58:27 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.18 20:58:27 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.18 20:58:27 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.03.18 20:58:27 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.18 20:58:27 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.18 20:58:27 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.18 20:58:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.18 20:58:27 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.03.18 20:58:27 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.18 20:58:27 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.18 20:58:27 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.18 20:58:27 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.18 20:57:27 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.18 20:57:27 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.18 20:57:27 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.18 20:57:27 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.18 20:57:27 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.18 20:57:27 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.18 20:57:27 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.18 20:57:27 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.18 20:57:27 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.18 20:57:26 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.03.18 20:57:26 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.18 20:57:26 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.18 20:57:26 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.18 20:57:26 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.18 20:57:26 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.18 20:57:26 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.18 20:57:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.18 20:57:26 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.18 20:57:26 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.18 20:57:25 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.03.18 20:57:25 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.03.18 20:57:25 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.03.18 20:57:25 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.03.18 20:57:25 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.03.18 20:57:25 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.03.18 20:57:25 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.03.18 20:57:25 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.03.18 20:57:25 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.03.18 20:57:25 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.03.18 20:57:24 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.03.18 20:57:24 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.03.18 20:57:23 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.03.18 20:57:23 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.03.18 20:57:23 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.03.18 20:57:23 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.03.18 20:57:23 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.03.18 20:57:23 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.03.18 20:57:23 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.03.18 20:57:23 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.03.18 20:57:22 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.03.18 20:57:22 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.03.15 17:00:08 | 000,251,728 | ---- | M] (Paragon Software Group) -- C:\Windows\SysWow64\prgiso.dll
[2013.03.15 17:00:06 | 000,633,680 | ---- | M] (Paragon) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys
[2013.03.15 17:00:06 | 000,472,016 | ---- | M] (Paragon) -- C:\Windows\SysNative\drivers\UimFIO.sys
[2013.03.15 17:00:06 | 000,390,352 | ---- | M] (Paragon) -- C:\Windows\SysNative\drivers\uim_vimx64.sys
[2013.03.15 17:00:06 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\SysNative\drivers\uimx64.sys
[2013.03.15 17:00:06 | 000,039,248 | ---- | M] (Paragon Software Group) -- C:\Windows\SysNative\drivers\hotcore3.sys
[2013.03.15 07:53:06 | 026,956,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.15 07:53:06 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.15 07:53:06 | 020,542,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.15 07:53:06 | 017,990,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.03.15 07:53:06 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.15 07:53:06 | 015,508,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.03.15 07:53:06 | 015,042,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.15 07:53:06 | 013,088,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.03.15 07:53:06 | 009,414,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.15 07:53:06 | 007,959,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.15 07:53:06 | 007,573,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.03.15 07:53:06 | 006,271,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.03.15 07:53:06 | 002,913,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.15 07:53:06 | 002,864,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.03.15 07:53:06 | 002,728,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.15 07:53:06 | 002,539,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.03.15 07:53:06 | 002,355,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.15 07:53:06 | 001,995,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.15 07:53:06 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.03.15 07:53:06 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.03.15 07:53:06 | 001,118,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.03.15 07:53:06 | 000,968,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.03.15 07:53:06 | 000,250,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.03.15 07:53:06 | 000,205,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.03.15 07:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.03.15 06:16:18 | 003,477,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.03.15 06:16:17 | 006,398,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.03.15 06:16:10 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.03.15 06:16:10 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.03.15 06:16:10 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.03.14 23:07:52 | 000,559,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.03.14 14:44:20 | 000,544,205 | ---- | M] () -- C:\Users\HeimHoschi\Desktop\FLIP_OM_EN.pdf
[2013.03.14 13:54:32 | 000,001,086 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BCD3000 Control Panel.lnk
[2013.03.13 18:24:01 | 003,065,455 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
 
========== Files Created - No Company Name ==========
 
[2013.04.03 21:46:13 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.03 14:01:42 | 000,002,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.04.03 14:01:42 | 000,002,195 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.03 13:50:54 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013.04.03 10:42:50 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013.04.03 10:42:50 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013.04.03 10:42:50 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2013.04.03 10:42:50 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2013.04.03 01:31:25 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2013.04.03 01:31:07 | 000,024,576 | ---- | C] () -- C:\Users\HeimHoschi\Documents\EasyBCD Backup (2013-04-03).bcd
[2013.04.03 01:30:59 | 000,001,229 | ---- | C] () -- C:\Users\Public\Desktop\EasyBCD 2.2.lnk
[2013.03.30 15:28:54 | 000,002,441 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2013 Free.lnk
[2013.03.30 00:22:44 | 000,002,541 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2013.03.29 16:22:11 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.03.29 14:59:03 | 000,001,249 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2013.03.28 14:52:38 | 000,001,274 | ---- | C] () -- C:\Users\HeimHoschi\Desktop\LatMon.exe.lnk
[2013.03.28 12:38:14 | 000,001,594 | ---- | C] () -- C:\Users\HeimHoschi\AppData\Local\recently-used.xbel
[2013.03.18 20:58:33 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.18 20:58:27 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.14 14:44:20 | 000,544,205 | ---- | C] () -- C:\Users\HeimHoschi\Desktop\FLIP_OM_EN.pdf
[2013.03.14 13:54:32 | 000,001,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BCD3000 Control Panel.lnk
[2012.11.06 22:03:06 | 000,007,601 | ---- | C] () -- C:\Users\HeimHoschi\AppData\Local\resmon.resmoncfg
[2012.07.09 10:08:10 | 000,007,680 | ---- | C] () -- C:\Users\HeimHoschi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.10 21:52:31 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.05 10:49:23 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2012.04.05 10:49:23 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2012.04.05 10:49:23 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2012.04.05 10:49:23 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2012.04.05 10:49:23 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2012.04.05 10:49:23 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2012.04.05 10:49:23 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2012.04.05 10:49:23 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2012.04.05 10:49:22 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2012.04.05 10:49:22 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2012.04.05 10:49:22 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2012.04.05 10:49:22 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2012.04.05 10:49:22 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2012.04.05 10:49:22 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2012.04.05 10:49:22 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2012.04.05 10:49:22 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2012.04.05 10:49:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2012.04.05 10:49:22 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2012.04.05 10:49:21 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2012.04.05 10:49:21 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2012.04.05 10:49:21 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2012.04.05 10:49:02 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2012.04.05 10:49:02 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

EXTRAS

Code:

ATTFilter

OTL Extras logfile created on: 11.04.2013 20:46:56 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\HeimHoschi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 3,96 Gb Available Physical Memory | 49,53% Memory free
8,00 Gb Paging File | 3,89 Gb Available in Paging File | 48,60% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 45,90 Gb Total Space | 17,51 Gb Free Space | 38,14% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 15,28 Gb Free Space | 76,38% Space Free | Partition Type: NTFS
Drive E: | 430,76 Gb Total Space | 12,76 Gb Free Space | 2,96% Space Free | Partition Type: NTFS
Drive F: | 23,00 Gb Total Space | 12,82 Gb Free Space | 55,72% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 184,09 Gb Free Space | 19,76% Space Free | Partition Type: NTFS
Drive H: | 206,44 Gb Total Space | 156,08 Gb Free Space | 75,60% Space Free | Partition Type: NTFS
Drive I: | 298,09 Gb Total Space | 124,57 Gb Free Space | 41,79% Space Free | Partition Type: NTFS
Drive J: | 705,07 Gb Total Space | 338,00 Gb Free Space | 47,94% Space Free | Partition Type: NTFS
Drive L: | 9,99 Gb Total Space | 0,97 Gb Free Space | 9,74% Space Free | Partition Type: NTFS
Drive N: | 1000,00 Gb Total Space | 749,60 Gb Free Space | 74,96% Space Free | Partition Type: NTFS
Drive O: | 862,98 Gb Total Space | 771,18 Gb Free Space | 89,36% Space Free | Partition Type: NTFS
Drive Y: | 2,00 Gb Total Space | 1,95 Gb Free Space | 97,80% Space Free | Partition Type: FAT32
Drive Z: | 12,00 Gb Total Space | 11,91 Gb Free Space | 99,24% Space Free | Partition Type: NTFS
 
Computer Name: HEIMHOSCHI | User Name: HeimHoschi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3606968630-3181919447-2247673128-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0002A838-FD9A-4A1C-9A24-01C421B19EEF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{007D3B35-5CFB-43F9-AC56-7A1537CF085E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{06402BF7-15F8-41D7-97EB-555E5C4A8FA0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0960BC12-641A-42B3-A503-8CEAE855FF95}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1D417078-708B-4D78-AEE5-8EAFB5A213F9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{20427C5B-6826-44F7-9219-790DDAF82D6F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{41AE162D-1153-416E-8735-9AAB237F1FF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4B737978-3C07-430F-B1B9-028EE4770D4D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D6DC9EB-F1C8-411A-9BEF-D046EE1D4538}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5925D15F-2DFF-4714-88A9-289F9073C45A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{65713B67-A3D1-4897-B097-084E96AF9474}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6CEE7A2E-F12A-4C9A-A2C0-D2CFBEE9965E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7A5BDDDF-8AFC-4CDF-A25F-E41D5A7176D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7EACC137-75AE-463E-A661-94AD6CB32D4C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8E934DE8-BA7D-4EB5-A1C2-B2CEA137F34C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8ED53FB1-CBE4-43EA-B9CB-B625F438AEC4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8FAC1F77-C7E6-4ED4-A92F-2099B1B7D73C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{98A670DA-4079-42F4-A4D3-96B3EE6A910D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A76C931F-1CAF-4CDD-92A3-BD0AB3190149}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B89CDD6B-0D88-4899-8CD8-9F3D36553BCD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C336B742-6FD8-460A-9719-DB8762639D46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CE17194B-5C32-48E4-A418-901499F06DCB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DD6BB641-D273-4806-AD03-894ADEE5F589}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019E87D0-8A62-4E09-ABE0-C8D2DBE75B43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{089E6D25-7870-4A7E-9A28-BBC8BA644B68}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{12D43B38-BF5A-4C9A-8C8C-A841088AA12F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{245F59C4-946F-4DE1-B1E9-290AEE362F27}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{36FFBA9E-5F92-4AEA-92FE-E5E3B318634A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3883BDFF-B5C6-43D0-85C7-CBBDB6B9DE22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3CA478C0-6154-4A42-BD5A-1C3D7433D621}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4C7CD381-F866-42A7-91C5-3D3C910E9F79}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{4DFFF971-80C9-481F-897A-B15945B4CC1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5564298C-E41E-4F32-8898-2AF8ADAAE2AE}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{55B95CBB-E224-4E9D-84DF-1F395BD26170}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6338E0D0-B03C-4072-AA54-DEF4C6D25B8B}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{6704F573-E93C-4B1F-9D3C-049D3C9DD575}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6BBF6C3C-35FE-4318-9198-BBAA69B398E3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{73C2EB64-8D56-47DA-B75F-3CF4461AC919}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe | 
"{78860661-A67B-418A-9BFD-054C9D298D99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D3B17B7-D577-49F1-B6D1-A83D5EB7DAC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7F909E55-0A3D-47D9-A468-5575814ACB79}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{88F1198D-8497-42E3-B846-979531467517}" = protocol=17 | dir=in | app=c:\users\heimhoschi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9A36336A-74C4-4E48-AC92-6B9BF7389858}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0EC0A82-578D-48F7-9FD7-AFF83BF55058}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{A1CA2E4E-BBC5-43C0-B35A-AC9730A48281}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AFCDBEF6-3326-4EF3-B61A-9DBC8014313F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B186F8D2-13B9-4B7A-8035-9B8083B45C6B}" = protocol=6 | dir=out | app=system | 
"{C7953CDB-501F-4738-B301-0706C3B483A0}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe | 
"{C7C530E4-259E-4748-A2AB-8DB3BA245678}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{CD91F3BF-3434-4FF8-9796-E5227FEEE78A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DB702FE3-0C00-4AF0-B9E8-FE161EAA27CE}" = protocol=6 | dir=in | app=c:\users\heimhoschi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DD5A60C4-E6E7-4903-BFAB-A39599C9BA94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EE2C28BD-7ECE-4C6B-AD72-A4BB2DEB3D74}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{FD7563FD-4AB3-4629-925B-E5169D2DB638}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{44A79F1E-8DF7-11E1-80E3-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{49F6DFDE-8DF7-11E1-9E5F-F04DA23A5C58}" = MSVCRT Redists
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B457D49F-00E2-0FF2-4234-C20FC0702E2E}" = AMD Fuel
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DFEFBFBF-02CF-3316-B694-B3C44C9C02B9}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.0
"JustCloud" = JustCloud 
"LatencyMon_is1" = LatencyMon 5.00
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"MediaInfo" = MediaInfo 0.7.57
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01D5FF1F-BB19-4387-8EF1-C6319037EC12}" = RAMDisk
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{10621ADB-04B8-94B5-0520-E799FBCFE366}" = CCC Help German
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15E63A3E-5FEC-FC64-C09D-757F2753DA10}" = CCC Help Italian
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16F3A269-C49C-3EA8-76B6-3006007CE201}" = CCC Help Portuguese
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A44135B-3127-9AEE-5686-F64DA4F262CA}" = Catalyst Control Center Graphics Previews Common
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29EF24BB-EF96-0D83-4142-2488827609B1}" = CCC Help Dutch
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MYMOVIES)
"{2E627CB1-3B50-417D-AD5E-0BD6634F2272}" = ArcSoft TotalMedia Extreme
"{2F56F921-7281-17D7-C628-EDC320DB1AF3}" = CCC Help French
"{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}" = Catalyst Control Center
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{5070FEB6-D861-648C-95EA-D08B15139677}" = CCC Help Turkish
"{507A4C55-8DAF-1607-0B3B-36F975039B2D}" = CCC Help Korean
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}" = CCC Help Norwegian
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DE28421-7661-5A77-F667-5FDC46170AD8}" = CCC Help Swedish
"{5EA47F98-C7D2-2C53-0316-CF59E197116D}" = CCC Help Finnish
"{604B2A5C-B1CE-45B2-ADCC-6B7C721AC3AC}" = LibreOffice 4.0.1.2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}" = CCC Help Thai
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71CB4200-858B-11E1-B14B-F04DA23A5C58}" = MSVCRT Redists
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A8A86CF-71B4-4517-919F-43E493547346}" = CCC Help Danish
"{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}" = CCC Help Japanese
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E77E37C-1806-ADFD-C98B-5F1465781D8F}" = CCC Help Chinese Traditional
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A0B485A-639F-751F-7CA9-744F15BC54F8}" = CCC Help Czech
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}" = CCC Help Hungarian
"{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}" = CCC Help Russian
"{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}" = Catalyst Control Center Localization All
"{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}" = CCC Help Polish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}" = CCC Help Greek
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B56BA529-977E-4276-0325-A94BF57E1B65}" = CCC Help Spanish
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2013 Free
"{CCD438F0-5D72-4945-9E72-6560C7E5E0D0}" = Captcha Brotherhood
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E04810F9-4BAC-C803-82F1-241041A44897}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}" = CCC Help Chinese Standard
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0
"AviSynth" = AviSynth 2.5
"Behringer BCD3000 Driver v1.3.4" = Behringer BCD3000 Driver v1.3.4
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EasyBCD" = EasyBCD 2.2
"ElsterFormular 13.1.1.8531u" = ElsterFormular
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Filzip 3.0.6.93_is1" = Filzip 3.06
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.1.11
"FreeFileSync" = FreeFileSync 5.13
"HD Tune Pro_is1" = HD Tune Pro 5.00
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.7.2
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.54
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhraseExpress_is1" = PhraseExpress v9.0.157
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.66
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3606968630-3181919447-2247673128-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.04.2013 13:39:40 | Computer Name = HeimHoschi | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.04.2013 14:39:03 | Computer Name = HeimHoschi | Source = System Restore | ID = 8193
Description = 
 
Error - 05.04.2013 18:00:00 | Computer Name = HeimHoschi | Source = System Restore | ID = 8193
Description = 
 
Error - 07.04.2013 05:19:17 | Computer Name = HeimHoschi | Source = System Restore | ID = 8193
Description = 
 
Error - 08.04.2013 03:23:39 | Computer Name = HeimHoschi | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.04.2013 04:16:46 | Computer Name = HeimHoschi | Source = System Restore | ID = 8193
Description = 
 
Error - 08.04.2013 23:20:51 | Computer Name = HeimHoschi | Source = System Restore | ID = 8193
Description = 
 
Error - 09.04.2013 13:34:29 | Computer Name = HeimHoschi | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.04.2013 14:12:04 | Computer Name = HeimHoschi | Source = System Restore | ID = 8193
Description = 
 
Error - 09.04.2013 18:00:00 | Computer Name = HeimHoschi | Source = System Restore | ID = 8193
Description = 
 
Error - 11.04.2013 03:31:36 | Computer Name = HeimHoschi | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2013 04:17:31 | Computer Name = HeimHoschi | Source = System Restore | ID = 8193
Description = 
 
[ Spybot - Search and Destroy Events ]
Error - 29.03.2013 17:47:13 | Computer Name = HeimHoschi | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 03.04.2013 13:30:01 | Computer Name = HeimHoschi | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 08.04.2013 03:23:37 | Computer Name = HeimHoschi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 08.04.2013 03:23:52 | Computer Name = HeimHoschi | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 09.04.2013 13:34:15 | Computer Name = HeimHoschi | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 09.04.2013 13:34:26 | Computer Name = HeimHoschi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxecCATSCustConnectService erreicht.
 
Error - 09.04.2013 13:34:26 | Computer Name = HeimHoschi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 09.04.2013 13:34:39 | Computer Name = HeimHoschi | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 11.04.2013 03:31:24 | Computer Name = HeimHoschi | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 11.04.2013 03:31:35 | Computer Name = HeimHoschi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxecCATSCustConnectService erreicht.
 
Error - 11.04.2013 03:31:35 | Computer Name = HeimHoschi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 11.04.2013 03:31:48 | Computer Name = HeimHoschi | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
 
< End of report >

Ok, der Text war zu lang für einen Post.
Die Logs von WindowsXP also im nächsten...

Hogwash · 11.04.2013, 21:01

Logs von der WindowsXp Partition:

Mann !!!
Wieso ist meinLog für die Mini-XP-Partition länger als für den Haupt-teil ?
Passt nicht in ein Post, nicht mal das OTL-Log alleine....

Hier also
EXTRAS-XP

Code:

ATTFilter

OTL Extras logfile created on: 11.04.2013 21:39:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Dokumente und Einstellungen\Walter Gibson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 3,19 Gb Available Physical Memory | 91,10% Memory free
5,34 Gb Paging File | 5,18 Gb Available in Paging File | 97,11% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 45,90 Gb Total Space | 17,52 Gb Free Space | 38,18% Space Free | Partition Type: NTFS
Drive D: | 9,99 Gb Total Space | 0,97 Gb Free Space | 9,73% Space Free | Partition Type: NTFS
Drive E: | 705,07 Gb Total Space | 338,01 Gb Free Space | 47,94% Space Free | Partition Type: NTFS
Drive F: | 20,00 Gb Total Space | 15,28 Gb Free Space | 76,40% Space Free | Partition Type: NTFS
Drive G: | 206,44 Gb Total Space | 156,08 Gb Free Space | 75,61% Space Free | Partition Type: NTFS
Drive L: | 298,09 Gb Total Space | 124,57 Gb Free Space | 41,79% Space Free | Partition Type: NTFS
 
Computer Name: VOLLTREFFER | User Name: Walter Gibson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = D:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Behringer BCD3000 Driver v1.3.4" = Behringer BCD3000 Driver v1.3.4
"foobar2000" = foobar2000 v1.1.11
"MediaInfo" = MediaInfo 0.7.35
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mp3tag" = Mp3tag v2.54
"Native Instruments Traktor" = Native Instruments Traktor
"VLC media player" = VLC media player 2.0.5
"Windows XP Service Pack" = Windows XP Service Pack 3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.04.2013 05:29:25 | Computer Name = VOLLTREFFER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul mshtml.dll, Version 6.0.2900.2873, Fehleradresse 0x00071fb6.
 
Error - 03.04.2013 05:29:37 | Computer Name = VOLLTREFFER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul mshtml.dll, Version 6.0.2900.2873, Fehleradresse 0x000ab8c8.
 
Error - 03.04.2013 05:29:51 | Computer Name = VOLLTREFFER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul mshtml.dll, Version 6.0.2900.2873, Fehleradresse 0x001f9ca8.
 
Error - 03.04.2013 05:35:02 | Computer Name = VOLLTREFFER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 03.04.2013 05:35:02 | Computer Name = VOLLTREFFER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
 Vorgang nicht ausführen.  .
 
Error - 03.04.2013 05:35:02 | Computer Name = VOLLTREFFER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
 Vorgang nicht ausführen.  .
 
Error - 03.04.2013 05:35:02 | Computer Name = VOLLTREFFER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
 Vorgang nicht ausführen.  .
 
Error - 03.04.2013 05:35:02 | Computer Name = VOLLTREFFER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
 Vorgang nicht ausführen.  .
 
Error - 03.04.2013 05:35:02 | Computer Name = VOLLTREFFER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
 Vorgang nicht ausführen.  .
 
Error - 05.04.2013 07:10:03 | Computer Name = VOLLTREFFER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul mshtml.dll, Version 6.0.2900.2873, Fehleradresse 0x001f9ce1.
 
[ System Events ]
Error - 03.04.2013 05:20:20 | Computer Name = VOLLTREFFER | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC80.CRT" konnte nicht gefunden
 werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
 installiert.  
 
Error - 03.04.2013 05:20:20 | Computer Name = VOLLTREFFER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC80.CRT fehlgeschlagen.
Referenzfehlermeldung:
 Die referenzierte Assemblierung ist nicht auf dem Computer installiert.  .
 
Error - 03.04.2013 05:20:20 | Computer Name = VOLLTREFFER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für D:\Dokumente und Einstellungen\Walter
 Gibson\Lokale Einstellungen\Temp\{43801800-cfee-11d2-a41b-006097b55ad3}\RegPermWriter.exe
 fehlgeschlagen.  Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet.  .
 
 
< End of report >

Hogwash · 11.04.2013, 21:04

Und hier

OTL-XP - als Anhang.
Sorry, anders geht es nicht...

Boah - die txt war dann auch zu groß - dann also gezippt - nochmals sorry für's auspacken müssen...

Grüsse,
Karsten

09.04.2013, 14:19	#4
aharonov /// TB-Ausbilder	Comodo IS Free findet Virus in rss.exe - jetzt Windows Fehlermeldung nach Boot Hallo Karsten, mach bitte mal mit Schritt 2 weiter. __________________ cheers, Leo

11.04.2013, 02:31	#10
aharonov /// TB-Ausbilder	Comodo IS Free findet Virus in rss.exe - jetzt Windows Fehlermeldung nach Boot Hallo Karsten, kannst du diese Datei rss.exe bitte mal zu Virustotal hochladen und den Link zur Analyse hier posten? __________________ cheers, Leo

Comodo IS Free findet Virus in rss.exe - jetzt Windows Fehlermeldung nach Boot

Plagegeister aller Art und deren Bekämpfung: Comodo IS Free findet Virus in rss.exe - jetzt Windows Fehlermeldung nach Boot