PC fährt von alleine hoch - aktualisiert (OTL und GMER files)

Technikdummie · 17.05.2013, 17:35

Hallo!

Ich habe ein Problem und bin für Hilfe sehr dankbar:

Mein PC ist in den letzten Tagen zwei oder drei Mal von alleine hochgefahren. Beim letzten Mal kam zudem die Meldung, dass das Windows Passwort zur Anmeldung falsch eingegeben wurde.

Ich befürchte, dass irgendjemand versucht hat, auf meinen PC zuzugreifen. Ein Scan mit Malwarebytes hat keine Funde bösartiger Objekte geliefert.

Nun bin ich verunsichert. Was soll ich tun?

Vielen Dank schon Mal im voraus.

Hier sind die erforderlichen files von OTL und GMER:

OTL logfile created on: 17.05.2013 18:13:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dreikatz\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,75 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 62,89% Memory free
7,50 Gb Paging File | 5,95 Gb Available in Paging File | 79,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 125,38 Gb Free Space | 64,23% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 270,35 Gb Free Space | 99,96% Space Free | Partition Type: NTFS

Computer Name: DREIKATZ-PC | User Name: Dreikatz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.17 18:05:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dreikatz\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.12 15:05:40 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.01 09:58:32 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:56:53 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.08 18:56:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 18:56:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.04 21:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.04.15 13:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

========== Modules (No Company Name) ==========

MOD - [2013.04.12 15:05:40 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010.02.10 16:05:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.12 15:05:40 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 18:56:53 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.08 18:56:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 18:56:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.15 13:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012.05.08 18:56:53 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 18:56:53 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.21 15:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.02.10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.23 12:33:00 | 000,300,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.02.10 16:24:06 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.02.10 15:11:14 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.01.10 03:34:57 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS -- (DgiVecp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 1F AB 47 52 42 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {7EAE67A1-BB13-4E47-9C5A-C8175D158DC2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7EAE67A1-BB13-4E47-9C5A-C8175D158DC2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-IDW&o=APN10023&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=LL&apn_dtid=YYYYYYYYDE&apn_uid=8e7ca9ad-6fe8-4bea-a755-deca5a2dd676&apn_sauid=74DEBEF2-D100-4FEC-BD0F-AAD5FD46FAF9
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.4
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dreikatz\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dreikatz\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 15:05:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 15:05:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.01.27 17:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dreikatz\AppData\Roaming\mozilla\Extensions
[2013.05.09 01:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dreikatz\AppData\Roaming\mozilla\Firefox\Profiles\7m7yf61y.default\extensions
[2013.04.17 00:39:10 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Dreikatz\AppData\Roaming\mozilla\Firefox\Profiles\7m7yf61y.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013.04.19 10:57:53 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Dreikatz\AppData\Roaming\mozilla\Firefox\Profiles\7m7yf61y.default\extensions\firefox@ghostery.com
[2013.05.07 10:48:02 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Dreikatz\AppData\Roaming\mozilla\firefox\profiles\7m7yf61y.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.09 01:59:02 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Dreikatz\AppData\Roaming\mozilla\firefox\profiles\7m7yf61y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 15:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 15:05:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:02:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.17 15:18:28 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.28 16:02:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.28 16:02:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.28 16:02:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.28 16:02:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dreikatz\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dreikatz\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dreikatz\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dreikatz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Dreikatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Dreikatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Dreikatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\Dreikatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Dreikatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Mail = C:\Users\Dreikatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.6.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62BADD9B-568B-4536-8B88-19ECB49F783D}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.17 18:05:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dreikatz\Desktop\OTL.exe
[2013.05.17 16:13:25 | 000,000,000 | ---D | C] -- C:\Users\Dreikatz\AppData\Local\Programs
[2013.05.08 11:35:37 | 000,000,000 | ---D | C] -- C:\Users\Dreikatz\Desktop\Poetry
[2013.04.26 20:45:52 | 000,000,000 | ---D | C] -- C:\Users\Dreikatz\Desktop\Gelbsucht

========== Files - Modified Within 30 Days ==========

[2013.05.17 18:12:49 | 000,024,487 | ---- | M] () -- C:\Users\Dreikatz\Desktop\PC fährt von alleine hoch.odt
[2013.05.17 18:09:53 | 000,000,000 | ---- | M] () -- C:\Users\Dreikatz\defogger_reenable
[2013.05.17 18:08:28 | 000,050,477 | ---- | M] () -- C:\Users\Dreikatz\Desktop\Defogger.exe
[2013.05.17 18:06:32 | 000,377,856 | ---- | M] () -- C:\Users\Dreikatz\Desktop\gmer_2.1.19163.exe
[2013.05.17 18:05:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dreikatz\Desktop\OTL.exe
[2013.05.17 17:56:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2627140016-16430578-2762783174-1000UA.job
[2013.05.17 17:56:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2627140016-16430578-2762783174-1000Core.job
[2013.05.17 16:17:49 | 000,015,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 16:17:49 | 000,015,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 16:14:14 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.17 16:14:14 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.17 16:14:14 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.17 16:14:14 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.17 16:14:14 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.17 16:13:45 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.17 16:09:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.17 16:09:52 | 3019,251,712 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.17 05:06:23 | 290,966,434 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.15 20:04:30 | 000,293,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.13 03:42:10 | 000,133,829 | ---- | M] () -- C:\Users\Dreikatz\Desktop\Abi_Protokoll_Fremdsprachen_ohne_Uebersetzung___edv.pdf
[2013.05.10 13:07:20 | 000,013,192 | ---- | M] () -- C:\Users\Dreikatz\Desktop\Fools.odt
[2013.05.09 19:45:42 | 000,080,475 | ---- | M] () -- C:\Users\Dreikatz\Desktop\Abi_Protokoll_Fremdsprachen_mit_Uebersetzung___edv.pdf
[2013.05.09 14:31:26 | 000,016,347 | ---- | M] () -- C:\Users\Dreikatz\Desktop\frauen fußball.odt
[2013.05.08 13:19:01 | 000,306,263 | ---- | M] () -- C:\Users\Dreikatz\Desktop\Are we having fun yet - Kopie.JPG
[2013.05.07 11:02:42 | 000,018,066 | ---- | M] () -- C:\Users\Dreikatz\Desktop\Operation MA.odt
[2013.05.05 12:39:08 | 000,023,778 | ---- | M] () -- C:\Users\Dreikatz\Desktop\2 Artikel Industrialisierung Soziale Frage Herkunft Pisa.odt
[2013.05.05 12:38:06 | 000,154,782 | ---- | M] () -- C:\Users\Dreikatz\Desktop\2 AB1 Industrialisierung Sprechblasen Soziale Frage.odt
[2013.05.01 18:30:42 | 000,008,708 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{4E143E90-9B58-4ADE-9A61-912A453D7F26}_Large.jpg
[2013.05.01 18:30:41 | 000,002,550 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{4E143E90-9B58-4ADE-9A61-912A453D7F26}_Small.jpg
[2013.05.01 18:27:36 | 000,010,345 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\Folder.jpg
[2013.05.01 18:27:36 | 000,010,345 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{F0800A37-2ED8-439F-8328-48CC2A0BB718}_Large.jpg
[2013.05.01 18:27:35 | 000,002,799 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArtSmall.jpg
[2013.05.01 18:27:35 | 000,002,799 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{F0800A37-2ED8-439F-8328-48CC2A0BB718}_Small.jpg
[2013.05.01 17:53:22 | 000,009,849 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{560F0E2B-C344-4CC2-AFF4-5A3B61A5D6C7}_Large.jpg
[2013.05.01 17:53:22 | 000,002,751 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{560F0E2B-C344-4CC2-AFF4-5A3B61A5D6C7}_Small.jpg
[2013.05.01 17:44:29 | 000,011,097 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{CE03EBD5-8AE0-4958-8DC3-C797105D2E52}_Large.jpg
[2013.05.01 17:44:29 | 000,002,846 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{CE03EBD5-8AE0-4958-8DC3-C797105D2E52}_Small.jpg
[2013.05.01 17:32:59 | 000,005,608 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{C93B8994-B47A-467E-9C71-F571F142B480}_Large.jpg
[2013.05.01 17:32:59 | 000,001,744 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{C93B8994-B47A-467E-9C71-F571F142B480}_Small.jpg
[2013.05.01 17:25:48 | 000,011,991 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{F06151AB-B746-4199-A45C-8994CEAA42E8}_Large.jpg
[2013.05.01 17:25:48 | 000,002,850 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{F06151AB-B746-4199-A45C-8994CEAA42E8}_Small.jpg
[2013.04.27 20:32:36 | 000,008,873 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{BDE9F1FD-873C-47A0-ABCE-2B6A24E11FFA}_Large.jpg
[2013.04.27 20:32:36 | 000,002,316 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{BDE9F1FD-873C-47A0-ABCE-2B6A24E11FFA}_Small.jpg
[2013.04.27 20:12:16 | 000,010,439 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{47D0525B-3E25-46DF-870A-4E78B1AA86EA}_Large.jpg
[2013.04.27 20:12:15 | 000,002,666 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{47D0525B-3E25-46DF-870A-4E78B1AA86EA}_Small.jpg
[2013.04.27 19:32:11 | 000,011,153 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{84E839BE-E1CC-4B85-8FB4-20DC05A06670}_Large.jpg
[2013.04.27 19:32:11 | 000,002,969 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{84E839BE-E1CC-4B85-8FB4-20DC05A06670}_Small.jpg
[2013.04.27 19:28:31 | 000,011,818 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{A77B7891-1B29-428F-9FA2-4527D7ADB208}_Large.jpg
[2013.04.27 19:28:30 | 000,003,166 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{A77B7891-1B29-428F-9FA2-4527D7ADB208}_Small.jpg
[2013.04.27 19:16:57 | 000,009,438 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{41C14DC8-98DA-4951-88AE-E366C7B801C8}_Large.jpg
[2013.04.27 19:16:57 | 000,002,148 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{41C14DC8-98DA-4951-88AE-E366C7B801C8}_Small.jpg
[2013.04.27 18:59:22 | 000,010,475 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{C60DD5BD-9D23-4CE5-9F87-CAA53A46E777}_Large.jpg
[2013.04.27 18:59:22 | 000,002,729 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{C60DD5BD-9D23-4CE5-9F87-CAA53A46E777}_Small.jpg
[2013.04.27 18:53:04 | 000,007,399 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{B01C726D-9282-45AC-8C51-0611F19F2084}_Large.jpg
[2013.04.27 18:53:04 | 000,001,942 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{B01C726D-9282-45AC-8C51-0611F19F2084}_Small.jpg
[2013.04.27 18:49:41 | 000,009,573 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{E99BA843-3417-4C54-9F79-9D5DC4A5BAC5}_Large.jpg
[2013.04.27 18:49:40 | 000,002,614 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{E99BA843-3417-4C54-9F79-9D5DC4A5BAC5}_Small.jpg
[2013.04.26 17:39:04 | 000,009,957 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{76BA24E9-E76F-4819-A909-AC201596B6FF}_Large.jpg
[2013.04.26 17:39:04 | 000,002,575 | -HS- | M] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{76BA24E9-E76F-4819-A909-AC201596B6FF}_Small.jpg

========== Files Created - No Company Name ==========

[2013.05.17 18:09:53 | 000,000,000 | ---- | C] () -- C:\Users\Dreikatz\defogger_reenable
[2013.05.17 18:08:28 | 000,050,477 | ---- | C] () -- C:\Users\Dreikatz\Desktop\Defogger.exe
[2013.05.17 18:06:30 | 000,377,856 | ---- | C] () -- C:\Users\Dreikatz\Desktop\gmer_2.1.19163.exe
[2013.05.17 16:36:21 | 000,024,487 | ---- | C] () -- C:\Users\Dreikatz\Desktop\PC fährt von alleine hoch.odt
[2013.05.17 05:06:23 | 290,966,434 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.05.10 12:24:37 | 000,013,192 | ---- | C] () -- C:\Users\Dreikatz\Desktop\Fools.odt
[2013.05.09 18:47:10 | 000,080,475 | ---- | C] () -- C:\Users\Dreikatz\Desktop\Abi_Protokoll_Fremdsprachen_mit_Uebersetzung___edv.pdf
[2013.05.09 18:46:44 | 000,133,829 | ---- | C] () -- C:\Users\Dreikatz\Desktop\Abi_Protokoll_Fremdsprachen_ohne_Uebersetzung___edv.pdf
[2013.05.09 14:31:24 | 000,016,347 | ---- | C] () -- C:\Users\Dreikatz\Desktop\frauen fußball.odt
[2013.05.08 11:33:42 | 000,306,263 | ---- | C] () -- C:\Users\Dreikatz\Desktop\Are we having fun yet - Kopie.JPG
[2013.05.05 12:39:06 | 000,023,778 | ---- | C] () -- C:\Users\Dreikatz\Desktop\2 Artikel Industrialisierung Soziale Frage Herkunft Pisa.odt
[2013.05.05 12:38:04 | 000,154,782 | ---- | C] () -- C:\Users\Dreikatz\Desktop\2 AB1 Industrialisierung Sprechblasen Soziale Frage.odt
[2013.05.01 18:42:11 | 000,010,345 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{F0800A37-2ED8-439F-8328-48CC2A0BB718}_Large.jpg
[2013.05.01 18:42:11 | 000,002,799 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{F0800A37-2ED8-439F-8328-48CC2A0BB718}_Small.jpg
[2013.05.01 18:41:50 | 000,008,708 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{4E143E90-9B58-4ADE-9A61-912A453D7F26}_Large.jpg
[2013.05.01 18:41:50 | 000,002,550 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{4E143E90-9B58-4ADE-9A61-912A453D7F26}_Small.jpg
[2013.05.01 17:59:07 | 000,009,849 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{560F0E2B-C344-4CC2-AFF4-5A3B61A5D6C7}_Large.jpg
[2013.05.01 17:59:07 | 000,002,751 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{560F0E2B-C344-4CC2-AFF4-5A3B61A5D6C7}_Small.jpg
[2013.05.01 17:44:29 | 000,011,097 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{CE03EBD5-8AE0-4958-8DC3-C797105D2E52}_Large.jpg
[2013.05.01 17:44:29 | 000,002,846 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{CE03EBD5-8AE0-4958-8DC3-C797105D2E52}_Small.jpg
[2013.05.01 17:32:59 | 000,005,608 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{C93B8994-B47A-467E-9C71-F571F142B480}_Large.jpg
[2013.05.01 17:32:59 | 000,001,744 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{C93B8994-B47A-467E-9C71-F571F142B480}_Small.jpg
[2013.05.01 17:32:10 | 000,011,991 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{F06151AB-B746-4199-A45C-8994CEAA42E8}_Large.jpg
[2013.05.01 17:32:10 | 000,002,850 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{F06151AB-B746-4199-A45C-8994CEAA42E8}_Small.jpg
[2013.04.27 21:58:09 | 000,008,873 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{BDE9F1FD-873C-47A0-ABCE-2B6A24E11FFA}_Large.jpg
[2013.04.27 21:58:09 | 000,002,316 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{BDE9F1FD-873C-47A0-ABCE-2B6A24E11FFA}_Small.jpg
[2013.04.27 21:53:56 | 000,010,439 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{47D0525B-3E25-46DF-870A-4E78B1AA86EA}_Large.jpg
[2013.04.27 21:53:56 | 000,002,666 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{47D0525B-3E25-46DF-870A-4E78B1AA86EA}_Small.jpg
[2013.04.27 19:58:29 | 000,011,153 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{84E839BE-E1CC-4B85-8FB4-20DC05A06670}_Large.jpg
[2013.04.27 19:58:29 | 000,002,969 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{84E839BE-E1CC-4B85-8FB4-20DC05A06670}_Small.jpg
[2013.04.27 19:28:31 | 000,011,818 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{A77B7891-1B29-428F-9FA2-4527D7ADB208}_Large.jpg
[2013.04.27 19:28:31 | 000,003,166 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{A77B7891-1B29-428F-9FA2-4527D7ADB208}_Small.jpg
[2013.04.27 19:28:12 | 000,009,438 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{41C14DC8-98DA-4951-88AE-E366C7B801C8}_Large.jpg
[2013.04.27 19:28:12 | 000,002,148 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{41C14DC8-98DA-4951-88AE-E366C7B801C8}_Small.jpg
[2013.04.27 19:14:29 | 000,010,475 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{C60DD5BD-9D23-4CE5-9F87-CAA53A46E777}_Large.jpg
[2013.04.27 19:14:29 | 000,002,729 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{C60DD5BD-9D23-4CE5-9F87-CAA53A46E777}_Small.jpg
[2013.04.27 18:53:04 | 000,007,399 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{B01C726D-9282-45AC-8C51-0611F19F2084}_Large.jpg
[2013.04.27 18:53:04 | 000,001,942 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{B01C726D-9282-45AC-8C51-0611F19F2084}_Small.jpg
[2013.04.27 18:49:41 | 000,009,573 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{E99BA843-3417-4C54-9F79-9D5DC4A5BAC5}_Large.jpg
[2013.04.27 18:49:41 | 000,002,614 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{E99BA843-3417-4C54-9F79-9D5DC4A5BAC5}_Small.jpg
[2013.04.26 17:39:04 | 000,009,957 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{76BA24E9-E76F-4819-A909-AC201596B6FF}_Large.jpg
[2013.04.26 17:39:04 | 000,002,575 | -HS- | C] () -- C:\Users\Dreikatz\Desktop\AlbumArt_{76BA24E9-E76F-4819-A909-AC201596B6FF}_Small.jpg
[2012.04.07 14:35:12 | 000,008,704 | ---- | C] () -- C:\Users\Dreikatz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.05 17:38:17 | 000,000,360 | ---- | C] () -- C:\Users\Dreikatz\AppData\Roaming\burnaware.ini
[2012.01.28 13:43:30 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.01.16 17:28:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.09 17:05:19 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.03.10 13:14:40 | 000,000,000 | ---D | M] -- C:\Users\Dreikatz\AppData\Roaming\Amazon
[2012.03.19 03:06:03 | 000,000,000 | ---D | M] -- C:\Users\Dreikatz\AppData\Roaming\Cornelsen
[2012.02.05 18:31:14 | 000,000,000 | ---D | M] -- C:\Users\Dreikatz\AppData\Roaming\DeepBurner
[2012.08.27 09:47:07 | 000,000,000 | ---D | M] -- C:\Users\Dreikatz\AppData\Roaming\elsterformular
[2013.05.05 11:44:16 | 000,000,000 | ---D | M] -- C:\Users\Dreikatz\AppData\Roaming\foobar2000
[2012.02.05 17:10:18 | 000,000,000 | ---D | M] -- C:\Users\Dreikatz\AppData\Roaming\OpenOffice.org

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 17.05.2013 18:13:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dreikatz\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,75 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 62,89% Memory free
7,50 Gb Paging File | 5,95 Gb Available in Paging File | 79,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 125,38 Gb Free Space | 64,23% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 270,35 Gb Free Space | 99,96% Space Free | Partition Type: NTFS

Computer Name: DREIKATZ-PC | User Name: Dreikatz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-17 18:25:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC44 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Dreikatz\AppData\Local\Temp\uwroqkod.sys

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2196:3080] 000007fefbd12a7c
Thread C:\Windows\System32\svchost.exe [3736:4032] 000007feee8f9688

---- EOF - GMER 2.1 ----

PC fährt von alleine hoch - aktualisiert (OTL und GMER files)

Plagegeister aller Art und deren Bekämpfung: PC fährt von alleine hoch - aktualisiert (OTL und GMER files)

PC fährt von alleine hoch - aktualisiert (OTL und GMER files)

Ähnliche Themen: PC fährt von alleine hoch - aktualisiert (OTL und GMER files)