Allgemeine Kontrolle meines PC's

DJ-Axx · 27.05.2013, 09:40

Hallo zusammen,

habe gestern durch Kaspersky Windowsunlocker einen Bundestrojaner gelöscht.

Der Virusscan zeigte mir 24 Trojaner auf dem PC, welche abern icht alle gelöscht wurden.

Kann mir jemand sagen`, welche Auswertungen von welchen Programmen ihr braucht, um mal drüber gucken zu können.

Wäre sehr lieb.

vielen Dank.

EDIT:

Habe es gefunden.

Werde demnächst die Files erstellen

Da isses

Betriebssystemname Microsoft Windows 7 Home Premium
Version 6.1.7601 Service Pack 1 Build 7601
Zusätzliche Betriebssystembeschreibung Nicht verfügbar
Betriebssystemhersteller Microsoft Corporation
Systemhersteller To Be Filled By O.E.M.
Systemmodell To Be Filled By O.E.M.
Systemtyp x64-basierter PC
Prozessor AMD Athlon(tm) II X3 440 Processor, 2993 MHz, 3 Kern(e), 3 logische(r) Prozessor(en)
BIOS-Version/-Datum American Megatrends Inc. P1.40, 26.11.2009
SMBIOS-Version 2.5
Windows-Verzeichnis C:\Windows
Systemverzeichnis C:\Windows\system32
Startgerät \Device\HarddiskVolume1
Gebietsschema Deutschland
Hardwareabstraktionsebene Version = "6.1.7601.17514"
Zeitzone Mitteleuropäische Sommerzeit
Installierter physikalischer Speicher (RAM) Nicht verfügbar
Gesamter realer Speicher 4,00 GB
Verfügbarer realer Speicher 2,20 GB
Gesamter virtueller Speicher 7,99 GB
Verfügbarer virtueller Speicher 6,05 GB
Größe der Auslagerungsdatei 4,00 GB
Auslagerungsdatei C:\pagefile.sys

Defugger hat keine Probleme angezeigt

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:51 on 27/05/2013 (Max Mustermann)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

OTL TXTOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.05.2013 10:55:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\...\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,49% Memory free
7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 237,55 Gb Free Space | 51,00% Space Free | Partition Type: NTFS
 
Computer Name: ...PC | User Name: ...| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.27 10:46:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
PRC - [2013.04.12 01:24:12 | 027,156,136 | ---- | M] (Dropbox, Inc.) -- C:\Users\...\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.11.13 15:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 15:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.08.18 19:57:40 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.09 06:29:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.06.09 14:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\...\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\...\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.11.13 15:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 15:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 15:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 15:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 15:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.09.19 04:17:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.26 20:09:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.09 06:29:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 06:29:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.06 08:42:08 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd)
DRV:64bit: - [2012.09.19 11:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.09.19 11:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.05.09 06:29:34 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 06:29:34 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.10.20 18:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009.09.19 06:32:36 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.09.17 13:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.08.23 16:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.30 13:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.04 18:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.28 03:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.04.28 03:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2008.05.21 14:30:58 | 000,583,168 | ---- | M] (                                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC530.sys -- (SPC530)
DRV:64bit: - [2008.05.21 14:30:58 | 000,008,192 | ---- | M] (                                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC530m.sys -- (SPC530m)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 FD E7 74 C1 28 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{12E785F4-1132-4171-8950-AE192B55808A}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{696CA4B9-130F-4C48-AE7F-57CBFBF633DA}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{BF125486-37D0-49EC-889D-BCDF751B36DA}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{C55359D2-FA3D-4AB8-A217-C8AAEBEF9DBF}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\...\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.16 20:45:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles/39tdm9so.default\extensions\specialsavings@superfish.com [2012.03.11 13:25:46 | 000,000,000 | ---D | M]
 
[2011.10.24 21:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions
[2013.04.18 19:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\39tdm9so.default\extensions
[2012.03.11 13:25:46 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\39tdm9so.default\extensions\specialsavings@superfish.com
[2012.12.15 15:49:39 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\39tdm9so.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.09 11:43:16 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\39tdm9so.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.13 17:19:44 | 000,000,855 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\39tdm9so.default\searchplugins\1und1-suche.xml
[2011.10.10 15:27:30 | 000,001,281 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\39tdm9so.default\searchplugins\amazondotcom-de.xml
[2013.04.18 18:28:58 | 000,001,294 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\39tdm9so.default\searchplugins\delta.xml
[2011.10.10 14:59:22 | 000,002,364 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\39tdm9so.default\searchplugins\eBay-de.xml
[2011.10.13 17:01:56 | 000,010,507 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\39tdm9so.default\searchplugins\gmx-suche.xml
[2011.10.10 15:12:38 | 000,002,385 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\39tdm9so.default\searchplugins\lastminute.xml
[2011.10.13 17:34:10 | 000,002,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\39tdm9so.default\searchplugins\mailcom-search.xml
[2012.03.29 19:57:23 | 000,001,210 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\39tdm9so.default\searchplugins\search.xml
[2011.10.13 15:07:08 | 000,005,490 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\39tdm9so.default\searchplugins\webde-suche.xml
[2013.05.26 20:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.26 20:09:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.23 21:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions
[2013.05.23 21:18:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.12.18 18:32:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2013.04.18 18:28:48 | 000,006,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\...\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.74.18 62.109.123.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E632D70B-F65D-4468-A070-431D0AFF442D}: DhcpNameServer = 213.191.74.18 62.109.123.196
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5f7d9a6f-fe6c-11e0-bc22-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5f7d9a6f-fe6c-11e0-bc22-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\{dafdb589-fe6f-11e0-b9bd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dafdb589-fe6f-11e0-b9bd-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.27 10:46:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\..\Desktop\OTL.exe
[2013.05.26 16:38:06 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.05.22 20:10:45 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\F&I
[2013.05.22 20:04:56 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\Rechnungen für Investitionen und Finanzierungen
[2013.05.02 19:32:07 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\Vhannibal E1 Dual Feeds 25 apr
[2013.05.02 19:30:47 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT
[2013.05.02 19:30:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dreamboxEDIT
[2013.05.02 18:23:46 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\TeamViewer
[2013.05.01 16:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.05.01 16:10:10 | 000,000,000 | ---D | C] -- C:\Users\...\Documents\FUSSBALL MANAGER 10
[2013.05.01 15:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA SPORTS
[1 C:\Users\...\AppData\Roaming\*.tmp files -> C:\Users\...\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.27 10:50:33 | 000,000,000 | ---- | M] () -- C:\Users\...\defogger_reenable
[2013.05.27 10:46:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2013.05.27 10:45:31 | 000,050,477 | ---- | M] () -- C:\Users\...\Desktop\Defogger.exe
[2013.05.27 10:36:12 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.27 10:36:12 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.27 10:35:47 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.27 10:35:47 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.27 10:35:47 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.27 10:35:47 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.27 10:35:47 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.27 10:28:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.27 10:28:27 | 3219,890,176 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.05 00:54:32 | 000,103,463 | ---- | M] () -- C:\Users\...\Desktop\Unbenannt.PNG
[2013.05.02 21:28:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1906196563-1151653495-1530203156-1001UA.job
[2013.05.02 19:30:47 | 000,001,953 | ---- | M] () -- C:\Users\...\Desktop\dreamboxEDIT.lnk
[2013.05.01 15:55:07 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[1 C:\Users\...\AppData\Roaming\*.tmp files -> C:\Users\...\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.27 10:50:33 | 000,000,000 | ---- | C] () -- C:\Users\...\defogger_reenable
[2013.05.27 10:45:00 | 000,050,477 | ---- | C] () -- C:\Users\...\Desktop\Defogger.exe
[2013.05.05 00:54:32 | 000,103,463 | ---- | C] () -- C:\Users\...\Desktop\Unbenannt.PNG
[2013.05.02 19:30:47 | 000,001,953 | ---- | C] () -- C:\Users\...\Desktop\dreamboxEDIT.lnk
[2013.05.01 15:55:07 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk
[2013.05.01 15:55:07 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2013.04.18 18:28:26 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2012.09.22 15:49:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.09.10 20:43:21 | 000,003,584 | ---- | C] () -- C:\Users\...\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.02 21:32:03 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.08.24 22:28:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.04.15 00:48:03 | 000,000,016 | ---- | C] () -- C:\Users\...\AppData\Roaming\blckdom.res
[2012.03.11 13:30:32 | 006,904,040 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011.11.25 13:27:32 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2011.10.24 21:02:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.12.26 13:20:12 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\1&1 Mail & Media GmbH
[2012.04.16 07:17:30 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\11013
[2013.04.18 18:28:37 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Babylon
[2012.03.11 13:31:23 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\dBpoweramp
[2013.05.27 10:30:24 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Dropbox
[2011.11.25 16:47:02 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoft
[2011.11.25 16:46:43 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.03.05 20:57:02 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\elsterformular
[2011.12.06 19:45:17 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Engelmann Media
[2012.04.16 07:02:25 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\gizza
[2012.04.15 00:47:52 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\kock
[2012.02.06 22:05:26 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\OpenOffice.org
[2012.09.10 20:43:21 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Solveig Multimedia
[2013.05.02 18:23:46 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TeamViewer
[2012.04.15 19:56:59 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\UAs
[2012.09.20 19:54:44 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\WindSolutions
[2012.04.15 19:57:37 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

EXTRA TXT

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 27.05.2013 10:55:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\...\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,49% Memory free
7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 237,55 Gb Free Space | 51,00% Space Free | Partition Type: NTFS
 
Computer Name: ...-PC | User Name: ...| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B12A1B-E9A3-44D4-AE45-363157F3FF3E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{066E72E2-4442-4087-A36E-6A6A37F3A34E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{10115868-B8E1-4FE2-84D6-163823BC9F8F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{33F2C736-AA0E-41E6-A84A-F51278A64535}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{390D7E2B-CBCD-49B5-9D1F-BBE1BD0A0D7E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3BD3D120-2CC2-401F-9A6D-8E5A0991598F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{513FDC85-D06C-4C97-ADE2-7C3A3FE45910}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5326B715-6C14-42A0-98EC-080EF8FC7095}" = lport=138 | protocol=17 | dir=in | app=system | 
"{563843DD-45CC-4EF5-B8E2-4D2AD3533023}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{579E7280-316D-4592-BDE9-F95C0109C53B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{65CB68BD-5835-4EFE-A646-4ECF9DE97765}" = lport=445 | protocol=6 | dir=in | app=system | 
"{72521D06-0A49-429F-83BA-4EB977AE27B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{809DFD66-7B85-4DFA-8D35-072F8FF37181}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9A8DE2EC-2D4A-4713-A418-4241A7DA3DFB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A0D8EAED-B941-4266-BFE0-971FBE19978E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A952043E-3147-435B-BF4D-FBE6DE1665DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AAD8CBDF-A9EA-4E98-A9E8-338ED3471F2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AF1D087A-8952-4AE2-A6FD-6F331C0626CA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C4102030-16F0-4B56-B700-975A71E340BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DDD957E8-4232-49E5-8418-DCAE8719D04E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E01B1F5B-B6A8-4D29-B4FA-16D7BB1FFDF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E5CFD396-6C8A-43AC-B28F-09D345A4A4F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{EF26A214-6017-4E29-9CFD-76927BE5682E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EF5C2993-B3E2-435C-8D3D-B4455BF7C477}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{176A8B15-3F14-4C91-A9DB-ACDB318F2763}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{26937C04-F607-4A10-8F11-74F0EFBF32A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2B2F4AF7-678E-401E-84FA-BCC524360D35}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3A776B90-5EED-4990-9B64-D2CDB6F7E915}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D1AA35A-F904-47BE-904D-28538974C0C6}" = protocol=6 | dir=in | app=c:\users\...\appdata\roaming\dropbox\bin\dropbox.exe | 
"{51D90732-C7EE-4AC1-8819-D3119EC9AFA6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{52CDF28B-7D37-4A38-93D8-9977F491CBCA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{58629296-F0C8-45BB-8359-02A2273D63E4}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{6053A891-6EDB-4B02-97A7-EE9248CE18AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{668AF7F5-496A-4003-AB6E-56E899AE8EF3}" = protocol=6 | dir=out | app=system | 
"{6C9AEC4D-BC7C-4784-92AC-FB55B5ECE86E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6CC1BC3B-FA65-43A0-AA6E-3BADD4946173}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{823B7A41-9B0F-44F2-BA1C-937AE1067F74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{855BF7A7-7D50-4BC2-8972-B5D5973C0541}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9608166D-3A87-48D8-963A-F63B70DA1F1F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A0F9B2F2-DC6E-42D9-974F-4DF8F7DD861A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A9FD9EF8-41E5-4EB0-8F4A-93392691F5F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B7E14F41-8C8E-4116-96B0-01543FF64AA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B9326A72-49A6-412C-BDCA-918DF82E714B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C07E557B-F527-4228-A40E-155A0B52D69D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C224FAAE-7063-4F80-B434-A12329FA3E01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C4A28341-F5A7-43EC-95F2-3D4C54BB809A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CBBEAD36-6746-42BB-BE30-B0ACD8E26424}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D15A1FE6-C4A6-4307-9264-BDAC2F483F66}" = protocol=17 | dir=in | app=c:\users\...\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D3E26C0C-3C4C-4665-96F8-838FD20C227A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6D8F935-AB3A-492C-9924-699362E27213}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D8A5468B-2EA6-4C35-82BF-9B20A6F9A5E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFA3431E-C069-42C1-8FFE-96589775645C}" = dir=in | app=c:\users\...\appdata\local\microsoft\skydrive\skydrive.exe | 
"{F272928B-19D4-438E-8910-9C270CDE0A29}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F9C58A04-BD81-4B40-9DEE-813E5768B42B}" = dir=in | app=c:\users\...\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{0DD02908-669C-4CD9-BE19-E81C974C33F3}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{B38308FD-8EC9-4038-B06D-908FFFE27FAB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{DF3D6A2F-6130-4070-B52D-3480D0569421}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{0971E77D-E422-4336-9A5D-E8B9BC6205BE}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{78ED4CF2-966D-4718-AEBD-9633E37A96B8}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{95883683-4C44-41B8-9659-A185EAA0AA1D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5800B5A7-176D-C773-7BA0-AABB25C57591}" = ATI Problem Report Wizard
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{62803CAB-203F-6307-BCCE-27B5E5A01419}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{911C72E0-D841-BC96-C433-BE0DE64BFE35}" = ATI Catalyst Install Manager
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CB5340E7-7745-7B18-1413-C14508C2AC2B}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B989A5-70D0-3DDB-B88A-629F31D98814}" = CCC Help Korean
"{06036CDA-6B67-1338-5886-9B7DEB2491C6}" = Catalyst Control Center Graphics Full New
"{1A46E1D3-0E8A-B75C-28A3-2DD05838A21B}" = CCC Help Italian
"{1EF419E0-E1FC-2990-C86B-BBB15D51F057}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{23F612EA-0F86-472F-2DCE-5C82DDBCC148}" = CCC Help Greek
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2DB5CB5C-5EA0-D22D-5223-0B57A3A57525}" = CCC Help Czech
"{3124232A-A9AB-2FAD-6462-454921EDDCDE}" = CCC Help Norwegian
"{3D98AE11-B5A5-1EDB-F815-B1C2DA7BE1DB}" = Catalyst Control Center InstallProxy
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4363FE00-52E3-E8B5-58EE-1CB396D68000}" = CCC Help Russian
"{46059418-BB80-F9D4-8DBC-813C28883022}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1BD47B-51CF-0C0E-21AB-027B331EDFD5}" = CCC Help English
"{4B6E9F7F-7DEE-8570-0FEB-305E000BB462}" = ccc-core-static
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{52FB9C98-2704-DAF1-8999-11EC1C14EB3C}" = Catalyst Control Center Localization All
"{553D7A1E-D263-FBF7-68E0-EA10865BC478}" = CCC Help Dutch
"{58DBB693-BE6E-DA0F-42DE-3944FA9229F9}" = Catalyst Control Center HydraVision Full
"{58F3E8F1-E7CE-B5E8-AF18-C1F1B7C6FB03}" = Catalyst Control Center Graphics Previews Vista
"{6582B077-4BC5-3383-4F6D-1F0BC0279120}" = CCC Help Hungarian
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669B7CF5-FC58-AE3C-EDB1-3950A5E45920}" = Catalyst Control Center Graphics Previews Common
"{6E0D0ABC-22CF-8CBB-F3E9-14776A25AA82}" = CCC Help Japanese
"{74CCE403-68F5-7CC9-967B-976229BF5180}" = CCC Help Chinese Traditional
"{7CC15B5F-DDA9-43D6-E53F-EE0CCBC8DB1A}" = CCC Help Danish
"{80AA9FA1-CA39-FC76-D4CE-A5E6C659F4C7}" = CCC Help Portuguese
"{82FB3E3F-1A3F-BBF2-0926-C92F6974EC91}" = Catalyst Control Center Graphics Light
"{85F82863-A6DB-E29B-6B81-4A8582180679}" = CCC Help Thai
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.16
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{98A55952-7BE9-0869-A062-B6E402CCBF85}" = CCC Help Spanish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A68F5819-0EF7-72E5-41B4-F26EFC453553}" = CCC Help Finnish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{CE8C262E-5DB4-C8AC-7DA2-DC88767653A1}" = HydraVision
"{CF8C33F5-9279-5A08-7EA0-5624E6D5AD55}" = Catalyst Control Center Core Implementation
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D83BFF4C-FBB6-5A62-C27C-EF5612626205}" = CCC Help German
"{E000847A-AA69-E617-B038-217F8995FC4A}" = CCC Help French
"{E2300343-26C4-11DA-7E89-FD35E1C6FDDA}" = CCC Help Polish
"{E46C4D1B-39D0-4A9F-0001-6529DDC11226}" = CDRWIN 9 Basic
"{E59F4CC1-E338-7141-5B1C-1F4ADF371A87}" = CCC Help Swedish
"{F00B33C1-9F1C-FEA5-52EF-EE612E498D8D}" = CCC Help Turkish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Cossacks : Back To War" = Cossacks - Back To War
"dreamboxEDIT" = dreamboxEDIT -- The one and only settings editor for your Dreambox
"E.M. Free Photo Collage 1.30_is1" = E.M. Free Photo Collage 1.30
"EADM" = EA Download Manager
"ElsterFormular" = ElsterFormular
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"HandWallet" = HandWallet
"HyperCam 3" = HyperCam 3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PROHYBRIDR" = 2007 Microsoft Office system
"SopCast" = SopCast 3.4.8
"Sparfuchs_is1" = Sparfuchs
"Updater Service" = Updater Service
"Veetle TV" = Veetle TV
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.02.2013 14:30:57 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 18.02.2013 14:30:57 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 18.02.2013 14:30:58 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 18.02.2013 14:30:58 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 18.02.2013 14:30:58 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 18.02.2013 14:30:59 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 18.02.2013 14:30:59 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 18.02.2013 14:30:59 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 18.02.2013 14:31:00 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 18.02.2013 14:31:00 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
[ Spybot - Search and Destroy Events ]
Error - 07.03.2013 16:44:09 | Computer Name = PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 26.05.2013 07:31:44 | Computer Name = PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 26.05.2013 07:32:23 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Updater Service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 26.05.2013 08:26:04 | Computer Name = PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 26.05.2013 08:27:20 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Updater Service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 26.05.2013 14:04:30 | Computer Name = PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 26.05.2013 14:04:54 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Updater Service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 26.05.2013 14:04:58 | Computer Name = PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 27.05.2013 04:28:22 | Computer Name = PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 27.05.2013 04:28:40 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Updater Service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 27.05.2013 04:28:44 | Computer Name = PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
 
< End of report >

--- --- ---

GMER

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-27 11:44:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000004d SAMSUNG_ rev.1AJ1 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\...\AppData\Local\Temp\kxdiapow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1784] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69   00000000757d1465 2 bytes [7D, 75]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1784] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  00000000757d14bb 2 bytes [7D, 75]
.text  ...                                                                                                                            * 2
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000757d1465 2 bytes [7D, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000757d14bb 2 bytes [7D, 75]
.text  ...                                                                                                                            * 2

---- EOF - GMER 2.1 ----

--- --- ---

Allgemeine Kontrolle meines PC's

Log-Analyse und Auswertung: Allgemeine Kontrolle meines PC's

Allgemeine Kontrolle meines PC's

Ähnliche Themen: Allgemeine Kontrolle meines PC's