Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner, ich weiß nicht mehr weiter...

Trojaner, ich weiß nicht mehr weiter...


Log-Analyse und Auswertung: Trojaner, ich weiß nicht mehr weiter...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 28.11.2010, 18:23   #1
Christop
 
Trojaner, ich weiß nicht mehr weiter... - Standard

Trojaner, ich weiß nicht mehr weiter...


Hallo zusammen,
ich habe vermutlich eine Keylogger oder so ein Shit auf meinem Pc und weiß nicht mehr weiter. Nachdem mein Battle.net Passwort also (Sc und WoW) geändert wurde habe ich meinen Pc formatiert, da ich weder Malware noch Rootkits gefunden habe. Jedoch hat das Formatieren nichts gebracht, Passwörter wurden wieder geändert.

HijackThis sagt mir folgendes;

1. Logfile of Trend Micro HijackThis v2.0.4
2. Scan saved at 17:35:49, on 28.11.2010
3. Platform: Windows 7 (WinNT 6.00.3504)
4. MSIE: Internet Explorer v8.00 (8.00.7600.16671)
5. Boot mode: Normal
6.
7. Running processes:
8. C:Program Files (x86)ICQ7.2ICQ.exe
9. D:firefox.exe
10. Dlugin-container.exe
11. D:World of WarcraftWoW.exe
12. C:Program FilesStarCraft IIVersionsBase16939SC2.exe
13. C:Program Files (x86)AviraAntiVir Desktopavcenter.exe
14. C:UsersCHRIST~1AppDataLocalTempTeamViewerVersion5TeamViewer.exe
15. C:UsersChristophDesktopHiJackThis204.exe
16.
17. R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
18. R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://www.ask.com/?gcht=HC&o=101702&l=dis
19. R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
20. R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
21. R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
22. R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
23. R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
24. R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
25. R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
26. R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
27. R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:Program Files (x86)Ask.comGenericAskToolbar.dll
28. R3 - URLSearchHook: (no name) - - (no file)
29. F2 - REG:system.ini: UserInit=userinit.exe
30. O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll
31. O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
32. O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll
33. O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
34. O4 - HKCU..Run: [ICQ] "C:Program Files (x86)ICQ7.2ICQ.exe" silent loginmode=4
35. O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'LOKALER DIENST')
36. O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'LOKALER DIENST')
37. O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'NETZWERKDIENST')
38. O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'NETZWERKDIENST')
39. O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:UsersChristophAppDataRoamingDVDVideoSoftIEHelpersyoutubetomp3.htm
40. O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:Program Files (x86)ICQ7.2ICQ.exe
41. O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:Program Files (x86)ICQ7.2ICQ.exe
42. O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
43. O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
44. O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
45. O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
46. O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing)
47. O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:Program Files (x86)AviraAntiVir Desktopsched.exe
48. O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:Program Files (x86)AviraAntiVir Desktopavguard.exe
49. O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:Program Files (x86)Common FilesCreative Labs SharedServiceAL6Licensing.exe
50. O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)
51. O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)
52. O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
53. O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
54. O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
55. O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
56. O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
57. O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
58. O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
59. O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
60. O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)
61. O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
62. O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
63. O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
64. O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
65. O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)
66. O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
67. O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)
68.
69. --
70. End of file - 6645 bytes
71.


Im Systemstart gibt es eine Unbekannte "P17RunE.dll,RunDLLEntry

Weiß darauf vll jmd einen Rat? Oder hat jmd eine Idee was man noch machen könnte?
Danke schonmal für Antworten!

Alt 29.11.2010, 20:29   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner, ich weiß nicht mehr weiter... - Standard

Trojaner, ich weiß nicht mehr weiter...


Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 30.11.2010, 18:12   #3
Christop
 
Trojaner, ich weiß nicht mehr weiter... - Standard

Trojaner, ich weiß nicht mehr weiter...


Hallo,
erstmal ein großes Dankeschön für die schnelle Antwort und Bemühungen!
Also der Malwarebytes-Scan....
Malwarebytes' Anti-Malware 1.50
Malwarebytes

Datenbank Version: 5220

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30.11.2010 17:54:37
mbam-log-2010-11-30 (17-54-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 226855
Laufzeit: 15 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Dann zum OTL - Scan
OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.11.2010 18:02:24 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Christoph\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 492,06 Gb Total Space | 447,95 Gb Free Space | 91,04% Space Free | Partition Type: NTFS
Drive D: | 48,73 Gb Total Space | 24,93 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
Drive E: | 390,53 Gb Total Space | 389,94 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - D:\firefox.exe (Mozilla Corporation)
PRC - D:\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 0A 4B 64 32 87 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101699&locale=en_US&apn_uid=193AFABE-50C5-4EE8-8DAB-BD112AFCC321&apn_ptnrs=F4&apn_sauid=6D83C014-F47E-498D-993A-63D15FEE5C9A&apn_dtid=YYYYYYYYDE&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\components [2010.11.18 17:58:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\plugins [2010.11.22 19:11:47 | 000,000,000 | ---D | M]
 
[2010.11.18 17:58:58 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions
[2010.11.30 17:41:00 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\rrhz2qwt.default\extensions
[2010.11.28 10:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\rrhz2qwt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f9db5d80-f323-11df-8771-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f9db5d80-f323-11df-8771-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.30 18:00:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2010.11.29 21:44:06 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes
[2010.11.29 21:43:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.29 21:43:40 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.29 21:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.11.29 21:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.29 21:41:42 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Christoph\Desktop\mbam-setup.exe
[2010.11.29 21:17:58 | 000,000,000 | ---D | C] -- C:\Windows\de
[2010.11.29 20:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.11.29 20:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010.11.29 20:54:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.11.29 20:53:55 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010.11.29 20:53:55 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010.11.29 20:53:54 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010.11.29 20:53:54 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010.11.29 20:52:43 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010.11.29 20:52:43 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010.11.29 20:49:14 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2010.11.29 20:49:14 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2010.11.29 20:49:13 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2010.11.29 20:49:13 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2010.11.29 20:47:01 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010.11.29 20:47:00 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010.11.29 20:47:00 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010.11.29 20:47:00 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010.11.29 20:47:00 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010.11.29 20:46:59 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010.11.29 20:46:58 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010.11.29 20:33:03 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Windows Live
[2010.11.29 20:33:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010.11.29 20:32:16 | 001,291,624 | ---- | C] (Microsoft Corporation) -- C:\Users\Christoph\Desktop\wlsetup-web__1_.exe
[2010.11.29 18:44:59 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Vegas Movie Studio HD Platinum 10.0 Projekte
[2010.11.29 18:44:59 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Sony
[2010.11.29 18:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010.11.29 18:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2010.11.29 18:29:15 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Sony
[2010.11.29 18:04:36 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.11.29 18:04:35 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.11.29 18:04:33 | 000,472,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010.11.29 18:04:33 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.11.29 18:04:31 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.11.29 18:04:29 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.11.29 18:04:19 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.11.29 18:04:19 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.11.29 18:04:17 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software
[2010.11.29 18:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.11.29 17:42:51 | 153,184,264 | ---- | C] (Sony Creative Software Inc.) -- C:\Users\Christoph\Desktop\moviestudiope10.exe
[2010.11.28 18:02:45 | 001,289,216 | ---- | C] (Creative Technology Ltd.) -- C:\Users\Christoph\Desktop\P17.sys
[2010.11.28 18:00:51 | 000,014,848 | ---- | C] (Creative Technology Ltd.) -- C:\Users\Christoph\Desktop\P17RunE.dll
[2010.11.28 17:34:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Christoph\Desktop\HiJackThis204.exe
[2010.11.28 17:13:21 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\TeamViewer
[2010.11.28 17:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.11.28 17:07:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.11.28 17:07:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.11.28 17:07:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.11.28 10:59:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.28 10:59:14 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\DVDVideoSoft
[2010.11.28 10:59:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.11.28 10:59:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.11.24 22:04:52 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Creative
[2010.11.24 21:42:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.11.24 21:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2010.11.24 21:26:37 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscomct2.ocx
[2010.11.24 21:26:37 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe
[2010.11.24 21:12:04 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Foxit Software
[2010.11.24 21:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010.11.24 21:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2010.11.24 20:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2010.11.24 20:25:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\VirtualDJ
[2010.11.24 20:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2010.11.24 20:07:41 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Schule
[2010.11.22 20:39:04 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Erdkunde
[2010.11.22 19:24:10 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\OpenOffice.org
[2010.11.22 19:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010.11.22 19:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010.11.22 19:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.11.22 19:11:47 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.11.22 19:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.11.22 19:09:01 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\OpenOffice.org 3.2 (de) Installation Files
[2010.11.22 17:32:17 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Apps
[2010.11.20 14:09:19 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\ICQ
[2010.11.20 03:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010.11.20 03:05:18 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.11.20 03:05:18 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.11.20 03:05:18 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.11.20 03:05:18 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.11.20 03:05:18 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.11.20 03:05:18 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.11.20 03:05:18 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.11.20 03:05:18 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.11.20 03:05:00 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.11.19 17:49:49 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\ATI
[2010.11.19 17:49:49 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\ATI
[2010.11.19 17:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.11.19 17:48:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies
[2010.11.19 17:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010.11.19 17:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010.11.19 17:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010.11.19 17:47:17 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2010.11.19 17:46:56 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2010.11.19 17:43:28 | 000,000,000 | ---D | C] -- C:\ATI
[2010.11.19 17:38:42 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.11.19 17:38:38 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.11.19 17:38:36 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.11.19 17:38:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.11.19 17:38:35 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010.11.19 17:38:31 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010.11.19 17:38:29 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010.11.19 17:38:29 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010.11.19 17:37:51 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.11.19 17:37:51 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.11.19 17:37:51 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.11.19 17:37:51 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.11.19 17:37:51 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.11.19 17:37:51 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.11.19 17:37:51 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.11.19 17:37:51 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.11.19 17:37:51 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.11.19 17:37:51 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.11.19 17:37:51 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.11.19 17:37:51 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.11.19 17:37:51 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.11.19 17:37:51 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.11.19 17:37:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.11.19 17:37:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.11.19 17:37:11 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.11.19 17:37:11 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.11.19 17:37:11 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.11.19 17:37:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.11.19 17:37:11 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.11.19 17:37:11 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.11.19 17:37:10 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010.11.19 17:37:10 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010.11.19 17:37:10 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.11.19 17:36:47 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.11.19 17:36:46 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.11.19 17:36:46 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.11.19 17:36:38 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010.11.19 17:36:37 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010.11.19 17:36:35 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.11.19 17:36:35 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.11.19 17:36:35 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.11.19 17:36:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010.11.19 17:36:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010.11.19 17:36:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010.11.19 17:36:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010.11.19 17:36:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010.11.19 17:36:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010.11.19 17:36:29 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.11.19 17:36:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.11.19 17:35:48 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.11.19 17:35:45 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.11.19 17:35:23 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010.11.19 17:35:22 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.11.19 17:35:22 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010.11.19 17:35:21 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.11.19 17:35:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.11.19 17:35:21 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.11.19 17:33:50 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010.11.19 17:33:49 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.11.19 17:33:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.11.19 17:33:46 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.11.19 17:32:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010.11.19 17:32:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010.11.19 17:32:12 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010.11.19 17:32:10 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.11.19 17:32:10 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.11.19 17:32:10 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.11.19 17:32:10 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.11.19 17:32:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.11.19 17:32:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.11.19 17:32:06 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.11.19 17:32:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.11.19 17:32:05 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.11.19 17:32:05 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.11.19 17:32:05 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.11.19 17:32:05 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.11.19 17:32:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.11.19 17:32:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.11.19 17:32:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.11.19 17:32:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.11.19 17:32:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.11.19 17:32:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.11.19 17:32:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.11.19 17:32:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.11.19 17:31:40 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.11.19 17:31:39 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.11.19 17:31:39 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.11.19 17:31:39 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.11.19 17:31:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010.11.18 22:53:26 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.11.18 22:40:35 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Grafikarte
[2010.11.18 22:20:01 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Avira
[2010.11.18 21:54:54 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.11.18 21:54:54 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.18 21:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.11.18 21:54:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.11.18 21:05:27 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\TS3Client
[2010.11.18 21:04:31 | 000,121,770 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Programme\Uninstall.exe
[2010.11.18 21:04:31 | 000,000,000 | ---D | C] -- C:\Programme\translations
[2010.11.18 21:04:31 | 000,000,000 | ---D | C] -- C:\Programme\styles
[2010.11.18 21:04:30 | 000,000,000 | ---D | C] -- C:\Programme\sound
[2010.11.18 21:04:30 | 000,000,000 | ---D | C] -- C:\Programme\plugins
[2010.11.18 21:04:30 | 000,000,000 | ---D | C] -- C:\Programme\imageformats
[2010.11.18 21:04:30 | 000,000,000 | ---D | C] -- C:\Programme\gfx
[2010.11.18 21:04:30 | 000,000,000 | ---D | C] -- C:\Programme\accessible
[2010.11.18 17:58:58 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Mozilla
[2010.11.18 17:54:50 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\StarCraft II
[2010.11.18 17:54:50 | 000,000,000 | ---D | C] -- C:\Programme\StarCraft II
[2010.11.18 17:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.11.18 17:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.11.18 17:32:49 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Macromedia
[2010.11.18 17:32:49 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Adobe
[2010.11.18 17:32:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010.11.18 17:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.11.18 17:23:11 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Mozilla
[2010.11.18 17:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.11.18 17:22:50 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\ICQ
[2010.11.18 17:22:47 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\AOL
[2010.11.18 17:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.11.18 17:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2010.11.18 17:22:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2010.11.18 17:22:17 | 002,873,820 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2010.11.18 17:22:17 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.11.18 17:22:17 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.11.18 17:22:17 | 000,133,632 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.11.18 17:22:17 | 000,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.11.18 17:22:16 | 001,908,736 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2010.11.18 17:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2010.11.18 17:21:46 | 000,000,000 | ---D | C] -- C:\Programme\Creative
[2010.11.18 17:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2010.11.18 17:21:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010.11.18 17:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010.11.18 16:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2010.11.18 16:19:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data
[2010.11.18 16:19:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DATA
[2010.11.18 16:15:04 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Opera
[2010.11.18 16:15:04 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Opera
[2010.11.18 16:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010.11.18 16:14:43 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.11.18 16:06:33 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.11.18 16:06:33 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.11.18 16:06:31 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.11.18 16:06:31 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.11.18 16:05:13 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Searches
[2010.11.18 16:05:05 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Identities
[2010.11.18 16:05:03 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Contacts
[2010.11.18 16:05:01 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\VirtualStore
[2010.11.18 16:04:53 | 000,000,000 | --SD | C] -- C:\Users\Christoph\AppData\Roaming\Microsoft
[2010.11.18 16:04:53 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Links
[2010.11.18 16:04:53 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Favorites
[2010.11.18 16:04:53 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Downloads
[2010.11.18 16:04:53 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Documents
[2010.11.18 16:04:53 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Desktop
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Vorlagen
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\AppData\Local\Verlauf
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\AppData\Local\Temporary Internet Files
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Startmenü
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\SendTo
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Recent
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Netzwerkumgebung
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Lokale Einstellungen
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Documents\Eigene Videos
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Documents\Eigene Musik
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Eigene Dateien
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Documents\Eigene Bilder
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Druckumgebung
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Cookies
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\AppData\Local\Anwendungsdaten
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Anwendungsdaten
[2010.11.18 16:04:53 | 000,000,000 | -H-D | C] -- C:\Users\Christoph\AppData
[2010.11.18 16:04:53 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Temp
[2010.11.18 16:04:53 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Microsoft
[2010.11.18 16:04:53 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Media Center Programs
[2010.11.18 16:04:52 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Videos
[2010.11.18 16:04:52 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Saved Games
[2010.11.18 16:04:52 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Pictures
[2010.11.18 16:04:52 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Music
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.11.18 15:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.11.18 15:56:34 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.11.18 15:56:14 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.11.18 15:55:25 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.11.18 15:55:12 | 000,000,000 | -HSD | C] -- C:\Boot
[2010.11.05 14:27:18 | 010,327,296 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Programme\ts3client_win64.exe
[2010.05.18 13:46:32 | 001,033,216 | ---- | C] (Firelight Technologies) -- C:\Programme\fmodex64.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.30 18:00:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2010.11.30 17:37:55 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.30 17:32:49 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.30 17:32:49 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.30 17:31:43 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.30 17:31:43 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.30 17:31:43 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.30 17:31:43 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.30 17:31:43 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.30 17:25:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.30 17:25:15 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.29 22:10:35 | 000,003,527 | ---- | M] () -- C:\Users\Christoph\Documents\Mein Film.wlmp
[2010.11.29 22:04:19 | 012,345,208 | ---- | M] () -- C:\Users\Christoph\Desktop\Zwegat 2.AVI
[2010.11.29 22:04:18 | 010,312,440 | ---- | M] () -- C:\Users\Christoph\Desktop\Zwegat 1.AVI
[2010.11.29 22:04:17 | 014,066,744 | ---- | M] () -- C:\Users\Christoph\Desktop\Outtake 2.AVI
[2010.11.29 21:42:35 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Christoph\Desktop\mbam-setup.exe
[2010.11.29 20:32:26 | 001,291,624 | ---- | M] (Microsoft Corporation) -- C:\Users\Christoph\Desktop\wlsetup-web__1_.exe
[2010.11.29 18:48:49 | 000,002,584 | ---- | M] () -- C:\Users\Christoph\Documents\Vegas Movie Studio HD Platinum registrieren.htm
[2010.11.29 18:12:46 | 153,184,264 | ---- | M] (Sony Creative Software Inc.) -- C:\Users\Christoph\Desktop\moviestudiope10.exe
[2010.11.29 18:04:36 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010.11.29 18:04:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.11.29 17:58:36 | 041,053,917 | ---- | M] () -- C:\Users\Christoph\Desktop\Neuer Ordner.zip
[2010.11.29 17:55:43 | 042,800,064 | ---- | M] () -- C:\Users\Christoph\Desktop\setup_av_pro_ger.exe
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.28 18:01:55 | 000,013,192 | ---- | M] () -- C:\Users\Christoph\Desktop\P17.sys - Verknüpfung.lnk
[2010.11.28 17:34:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Christoph\Desktop\HiJackThis204.exe
[2010.11.28 17:12:19 | 003,099,848 | ---- | M] () -- C:\Users\Christoph\Desktop\TeamViewer_Setup.exe
[2010.11.28 10:59:17 | 000,001,239 | ---- | M] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk
[2010.11.24 22:01:56 | 000,290,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.11.24 21:11:41 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.11.24 20:32:56 | 000,001,102 | ---- | M] () -- C:\Users\Christoph\Desktop\EVEREST Home Edition.lnk
[2010.11.24 20:25:20 | 000,001,044 | ---- | M] () -- C:\Users\Christoph\Desktop\Virtual DJ Home.lnk
[2010.11.22 22:50:11 | 000,004,062 | ---- | M] () -- C:\Users\Christoph\Documents\Metropolen.rtf
[2010.11.22 22:06:19 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.22 19:13:18 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.11.19 17:27:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.11.18 22:53:27 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.18 21:04:31 | 000,121,770 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files\Uninstall.exe
[2010.11.18 17:22:17 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.11.18 17:22:17 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.11.18 17:22:17 | 000,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.11.18 17:22:17 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.11.18 16:19:37 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010.11.18 16:00:19 | 000,056,735 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.11.18 16:00:19 | 000,056,735 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.11.18 15:58:13 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010.11.18 15:55:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.11.05 14:27:18 | 010,327,296 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files\ts3client_win64.exe
[2010.11.05 14:27:08 | 000,468,224 | ---- | M] () -- C:\Program Files\update.exe
[2010.11.05 14:27:02 | 000,034,858 | ---- | M] () -- C:\Program Files\apps.ini
[2010.11.05 14:27:02 | 000,000,990 | ---- | M] () -- C:\Program Files\mirrors.ini
 
========== Files Created - No Company Name ==========
 
[2010.11.29 22:10:34 | 000,003,527 | ---- | C] () -- C:\Users\Christoph\Documents\Mein Film.wlmp
[2010.11.29 21:43:44 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.29 18:45:57 | 000,002,584 | ---- | C] () -- C:\Users\Christoph\Documents\Vegas Movie Studio HD Platinum registrieren.htm
[2010.11.29 18:04:36 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010.11.29 18:04:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010.11.29 17:39:31 | 042,800,064 | ---- | C] () -- C:\Users\Christoph\Desktop\setup_av_pro_ger.exe
[2010.11.29 17:38:26 | 041,053,917 | ---- | C] () -- C:\Users\Christoph\Desktop\Neuer Ordner.zip
[2010.11.28 18:01:55 | 000,013,192 | ---- | C] () -- C:\Users\Christoph\Desktop\P17.sys - Verknüpfung.lnk
[2010.11.28 17:11:59 | 003,099,848 | ---- | C] () -- C:\Users\Christoph\Desktop\TeamViewer_Setup.exe
[2010.11.28 10:59:15 | 000,001,239 | ---- | C] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk
[2010.11.27 13:47:04 | 014,066,744 | ---- | C] () -- C:\Users\Christoph\Desktop\Outtake 2.AVI
[2010.11.27 13:41:54 | 012,345,208 | ---- | C] () -- C:\Users\Christoph\Desktop\Zwegat 2.AVI
[2010.11.27 13:40:38 | 010,312,440 | ---- | C] () -- C:\Users\Christoph\Desktop\Zwegat 1.AVI
[2010.11.24 21:11:41 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.11.24 20:32:56 | 000,001,102 | ---- | C] () -- C:\Users\Christoph\Desktop\EVEREST Home Edition.lnk
[2010.11.24 20:25:20 | 000,001,044 | ---- | C] () -- C:\Users\Christoph\Desktop\Virtual DJ Home.lnk
[2010.11.22 19:13:18 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.11.22 18:48:53 | 000,004,062 | ---- | C] () -- C:\Users\Christoph\Documents\Metropolen.rtf
[2010.11.19 17:27:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.11.18 22:53:27 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.18 17:22:48 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2010.11.18 16:19:37 | 000,190,976 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2010.11.18 16:19:37 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.11.18 16:19:37 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2010.11.18 16:19:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.11.18 16:19:37 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2010.11.18 15:58:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.18 15:56:14 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.18 15:55:13 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010.11.18 15:55:12 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010.11.05 14:27:20 | 000,080,905 | ---- | C] () -- C:\Programme\changelog.txt
[2010.11.05 14:27:08 | 000,468,224 | ---- | C] () -- C:\Programme\update.exe
[2010.11.05 14:27:02 | 000,034,858 | ---- | C] () -- C:\Programme\apps.ini
[2010.11.05 14:27:02 | 000,000,990 | ---- | C] () -- C:\Programme\mirrors.ini
[2010.05.17 09:29:02 | 010,144,768 | ---- | C] () -- C:\Programme\QtGui4.dll
[2010.03.25 10:57:36 | 002,699,264 | ---- | C] () -- C:\Programme\QtCore4.dll
[2010.03.22 10:59:00 | 000,934,400 | ---- | C] () -- C:\Programme\QtNetwork4.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.11.13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini

< End of report >
--- --- ---
Und zum Schluss Extras.txt vom OTL - ScanOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.11.2010 18:02:24 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Christoph\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 492,06 Gb Total Space | 447,95 Gb Free Space | 91,04% Space Free | Partition Type: NTFS
Drive D: | 48,73 Gb Total Space | 24,93 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
Drive E: | 390,53 Gb Total Space | 389,94 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" File not found
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" File not found
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"avast5" = avast! Pro Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"StarCraft II" = StarCraft II
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.11.2010 16:44:17 | Computer Name = Christoph-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\CHRIST~1\AppData\Local\Temp\RarSFX0\redist.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.11.2010 17:32:23 | Computer Name = Christoph-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 19.11.2010 12:47:44 | Computer Name = Christoph-PC | Source = ATIeRecord | ID = 16389
Description = ATI EEU the creation of a class has failed
 
Error - 24.11.2010 16:56:12 | Computer Name = Christoph-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16671,
 Zeitstempel: 0x4c86f9be  Name des fehlerhaften Moduls: GenericAskToolbar.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4ca2d1ef  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x70c48784  ID des fehlerhaften Prozesses: 0x10a8  Startzeit der fehlerhaften Anwendung:
 0x01cb8c1a0377452d  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
 Explorer\iexplore.exe  Pfad des fehlerhaften Moduls: GenericAskToolbar.dll  Berichtskennung:
 44d62021-f80d-11df-b8ac-001fd05a7c41
 
[ System Events ]
Error - 22.11.2010 17:09:50 | Computer Name = Christoph-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 22.11.2010 17:10:12 | Computer Name = Christoph-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 22.11.2010 17:10:20 | Computer Name = Christoph-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 22.11.2010 17:10:24 | Computer Name = Christoph-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 22.11.2010 17:10:37 | Computer Name = Christoph-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 22.11.2010 17:11:21 | Computer Name = Christoph-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 23.11.2010 11:46:32 | Computer Name = Christoph-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 24.11.2010 15:33:06 | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%577
 
Error - 24.11.2010 15:33:06 | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%577
 
Error - 26.11.2010 17:56:24 | Computer Name = Christoph-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?11.?2010 um 20:33:14 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---
Dankeschön schonmal ;-)
Gruß Christoph
__________________
Alt 30.11.2010, 18:12   #4
Christop
 
Trojaner, ich weiß nicht mehr weiter... - Standard

Trojaner, ich weiß nicht mehr weiter...


Hallo,
erstmal ein großes Dankeschön für die schnelle Antwort und Bemühungen!
Also der Malwarebytes-Scan....
Malwarebytes' Anti-Malware 1.50
Malwarebytes

Datenbank Version: 5220

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30.11.2010 17:54:37
mbam-log-2010-11-30 (17-54-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 226855
Laufzeit: 15 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Dann zum OTL - Scan
OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.11.2010 18:02:24 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Christoph\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 492,06 Gb Total Space | 447,95 Gb Free Space | 91,04% Space Free | Partition Type: NTFS
Drive D: | 48,73 Gb Total Space | 24,93 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
Drive E: | 390,53 Gb Total Space | 389,94 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - D:\firefox.exe (Mozilla Corporation)
PRC - D:\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 0A 4B 64 32 87 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101699&locale=en_US&apn_uid=193AFABE-50C5-4EE8-8DAB-BD112AFCC321&apn_ptnrs=F4&apn_sauid=6D83C014-F47E-498D-993A-63D15FEE5C9A&apn_dtid=YYYYYYYYDE&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\components [2010.11.18 17:58:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\plugins [2010.11.22 19:11:47 | 000,000,000 | ---D | M]
 
[2010.11.18 17:58:58 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions
[2010.11.30 17:41:00 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\rrhz2qwt.default\extensions
[2010.11.28 10:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\rrhz2qwt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f9db5d80-f323-11df-8771-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f9db5d80-f323-11df-8771-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.30 18:00:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2010.11.29 21:44:06 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes
[2010.11.29 21:43:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.29 21:43:40 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.29 21:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.11.29 21:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.29 21:41:42 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Christoph\Desktop\mbam-setup.exe
[2010.11.29 21:17:58 | 000,000,000 | ---D | C] -- C:\Windows\de
[2010.11.29 20:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.11.29 20:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010.11.29 20:54:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.11.29 20:53:55 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010.11.29 20:53:55 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010.11.29 20:53:54 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010.11.29 20:53:54 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010.11.29 20:52:43 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010.11.29 20:52:43 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010.11.29 20:49:14 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2010.11.29 20:49:14 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2010.11.29 20:49:13 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2010.11.29 20:49:13 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2010.11.29 20:47:01 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010.11.29 20:47:00 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010.11.29 20:47:00 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010.11.29 20:47:00 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010.11.29 20:47:00 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010.11.29 20:46:59 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010.11.29 20:46:58 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010.11.29 20:33:03 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Windows Live
[2010.11.29 20:33:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010.11.29 20:32:16 | 001,291,624 | ---- | C] (Microsoft Corporation) -- C:\Users\Christoph\Desktop\wlsetup-web__1_.exe
[2010.11.29 18:44:59 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Vegas Movie Studio HD Platinum 10.0 Projekte
[2010.11.29 18:44:59 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Sony
[2010.11.29 18:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010.11.29 18:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2010.11.29 18:29:15 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Sony
[2010.11.29 18:04:36 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.11.29 18:04:35 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.11.29 18:04:33 | 000,472,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010.11.29 18:04:33 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.11.29 18:04:31 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.11.29 18:04:29 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.11.29 18:04:19 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.11.29 18:04:19 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.11.29 18:04:17 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software
[2010.11.29 18:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.11.29 17:42:51 | 153,184,264 | ---- | C] (Sony Creative Software Inc.) -- C:\Users\Christoph\Desktop\moviestudiope10.exe
[2010.11.28 18:02:45 | 001,289,216 | ---- | C] (Creative Technology Ltd.) -- C:\Users\Christoph\Desktop\P17.sys
[2010.11.28 18:00:51 | 000,014,848 | ---- | C] (Creative Technology Ltd.) -- C:\Users\Christoph\Desktop\P17RunE.dll
[2010.11.28 17:34:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Christoph\Desktop\HiJackThis204.exe
[2010.11.28 17:13:21 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\TeamViewer
[2010.11.28 17:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.11.28 17:07:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.11.28 17:07:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.11.28 17:07:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.11.28 10:59:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.28 10:59:14 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\DVDVideoSoft
[2010.11.28 10:59:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.11.28 10:59:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.11.24 22:04:52 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Creative
[2010.11.24 21:42:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.11.24 21:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2010.11.24 21:26:37 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscomct2.ocx
[2010.11.24 21:26:37 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe
[2010.11.24 21:12:04 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Foxit Software
[2010.11.24 21:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010.11.24 21:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2010.11.24 20:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2010.11.24 20:25:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\VirtualDJ
[2010.11.24 20:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2010.11.24 20:07:41 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Schule
[2010.11.22 20:39:04 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Erdkunde
[2010.11.22 19:24:10 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\OpenOffice.org
[2010.11.22 19:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010.11.22 19:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010.11.22 19:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.11.22 19:11:47 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.11.22 19:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.11.22 19:09:01 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\OpenOffice.org 3.2 (de) Installation Files
[2010.11.22 17:32:17 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Apps
[2010.11.20 14:09:19 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\ICQ
[2010.11.20 03:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010.11.20 03:05:18 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.11.20 03:05:18 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.11.20 03:05:18 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.11.20 03:05:18 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.11.20 03:05:18 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.11.20 03:05:18 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.11.20 03:05:18 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.11.20 03:05:18 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.11.20 03:05:00 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.11.19 17:49:49 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\ATI
[2010.11.19 17:49:49 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\ATI
[2010.11.19 17:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.11.19 17:48:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies
[2010.11.19 17:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010.11.19 17:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010.11.19 17:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010.11.19 17:47:17 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2010.11.19 17:46:56 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2010.11.19 17:43:28 | 000,000,000 | ---D | C] -- C:\ATI
[2010.11.19 17:38:42 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.11.19 17:38:38 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.11.19 17:38:36 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.11.19 17:38:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.11.19 17:38:35 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010.11.19 17:38:31 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010.11.19 17:38:29 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010.11.19 17:38:29 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010.11.19 17:37:51 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.11.19 17:37:51 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.11.19 17:37:51 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.11.19 17:37:51 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.11.19 17:37:51 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.11.19 17:37:51 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.11.19 17:37:51 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.11.19 17:37:51 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.11.19 17:37:51 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.11.19 17:37:51 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.11.19 17:37:51 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.11.19 17:37:51 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.11.19 17:37:51 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.11.19 17:37:51 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.11.19 17:37:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.11.19 17:37:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.11.19 17:37:11 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.11.19 17:37:11 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.11.19 17:37:11 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.11.19 17:37:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.11.19 17:37:11 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.11.19 17:37:11 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.11.19 17:37:10 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010.11.19 17:37:10 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010.11.19 17:37:10 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.11.19 17:36:47 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.11.19 17:36:46 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.11.19 17:36:46 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.11.19 17:36:38 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010.11.19 17:36:37 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010.11.19 17:36:35 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.11.19 17:36:35 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.11.19 17:36:35 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.11.19 17:36:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010.11.19 17:36:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010.11.19 17:36:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010.11.19 17:36:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010.11.19 17:36:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010.11.19 17:36:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010.11.19 17:36:29 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.11.19 17:36:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.11.19 17:35:48 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.11.19 17:35:45 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.11.19 17:35:23 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010.11.19 17:35:22 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.11.19 17:35:22 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010.11.19 17:35:21 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.11.19 17:35:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.11.19 17:35:21 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.11.19 17:33:50 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010.11.19 17:33:49 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.11.19 17:33:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.11.19 17:33:46 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.11.19 17:32:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010.11.19 17:32:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010.11.19 17:32:12 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010.11.19 17:32:10 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.11.19 17:32:10 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.11.19 17:32:10 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.11.19 17:32:10 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.11.19 17:32:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.11.19 17:32:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.11.19 17:32:06 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.11.19 17:32:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.11.19 17:32:05 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.11.19 17:32:05 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.11.19 17:32:05 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.11.19 17:32:05 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.11.19 17:32:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.11.19 17:32:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.11.19 17:32:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.11.19 17:32:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.11.19 17:32:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.11.19 17:32:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.11.19 17:32:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.11.19 17:32:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.11.19 17:31:40 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.11.19 17:31:39 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.11.19 17:31:39 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.11.19 17:31:39 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.11.19 17:31:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010.11.18 22:53:26 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.11.18 22:40:35 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Grafikarte
[2010.11.18 22:20:01 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Avira
[2010.11.18 21:54:54 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.11.18 21:54:54 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.18 21:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.11.18 21:54:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.11.18 21:05:27 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\TS3Client
[2010.11.18 21:04:31 | 000,121,770 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Programme\Uninstall.exe
[2010.11.18 21:04:31 | 000,000,000 | ---D | C] -- C:\Programme\translations
[2010.11.18 21:04:31 | 000,000,000 | ---D | C] -- C:\Programme\styles
[2010.11.18 21:04:30 | 000,000,000 | ---D | C] -- C:\Programme\sound
[2010.11.18 21:04:30 | 000,000,000 | ---D | C] -- C:\Programme\plugins
[2010.11.18 21:04:30 | 000,000,000 | ---D | C] -- C:\Programme\imageformats
[2010.11.18 21:04:30 | 000,000,000 | ---D | C] -- C:\Programme\gfx
[2010.11.18 21:04:30 | 000,000,000 | ---D | C] -- C:\Programme\accessible
[2010.11.18 17:58:58 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Mozilla
[2010.11.18 17:54:50 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\StarCraft II
[2010.11.18 17:54:50 | 000,000,000 | ---D | C] -- C:\Programme\StarCraft II
[2010.11.18 17:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.11.18 17:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.11.18 17:32:49 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Macromedia
[2010.11.18 17:32:49 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Adobe
[2010.11.18 17:32:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010.11.18 17:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.11.18 17:23:11 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Mozilla
[2010.11.18 17:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.11.18 17:22:50 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\ICQ
[2010.11.18 17:22:47 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\AOL
[2010.11.18 17:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.11.18 17:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2010.11.18 17:22:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2010.11.18 17:22:17 | 002,873,820 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2010.11.18 17:22:17 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.11.18 17:22:17 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.11.18 17:22:17 | 000,133,632 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.11.18 17:22:17 | 000,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.11.18 17:22:16 | 001,908,736 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2010.11.18 17:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2010.11.18 17:21:46 | 000,000,000 | ---D | C] -- C:\Programme\Creative
[2010.11.18 17:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2010.11.18 17:21:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010.11.18 17:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010.11.18 16:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2010.11.18 16:19:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data
[2010.11.18 16:19:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DATA
[2010.11.18 16:15:04 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Opera
[2010.11.18 16:15:04 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Opera
[2010.11.18 16:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010.11.18 16:14:43 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.11.18 16:06:33 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.11.18 16:06:33 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.11.18 16:06:31 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.11.18 16:06:31 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.11.18 16:05:13 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Searches
[2010.11.18 16:05:05 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Identities
[2010.11.18 16:05:03 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Contacts
[2010.11.18 16:05:01 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\VirtualStore
[2010.11.18 16:04:53 | 000,000,000 | --SD | C] -- C:\Users\Christoph\AppData\Roaming\Microsoft
[2010.11.18 16:04:53 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Links
[2010.11.18 16:04:53 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Favorites
[2010.11.18 16:04:53 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Downloads
[2010.11.18 16:04:53 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Documents
[2010.11.18 16:04:53 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Desktop
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Vorlagen
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\AppData\Local\Verlauf
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\AppData\Local\Temporary Internet Files
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Startmenü
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\SendTo
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Recent
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Netzwerkumgebung
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Lokale Einstellungen
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Documents\Eigene Videos
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Documents\Eigene Musik
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Eigene Dateien
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Documents\Eigene Bilder
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Druckumgebung
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Cookies
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\AppData\Local\Anwendungsdaten
[2010.11.18 16:04:53 | 000,000,000 | -HSD | C] -- C:\Users\Christoph\Anwendungsdaten
[2010.11.18 16:04:53 | 000,000,000 | -H-D | C] -- C:\Users\Christoph\AppData
[2010.11.18 16:04:53 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Temp
[2010.11.18 16:04:53 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Microsoft
[2010.11.18 16:04:53 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Media Center Programs
[2010.11.18 16:04:52 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Videos
[2010.11.18 16:04:52 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Saved Games
[2010.11.18 16:04:52 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Pictures
[2010.11.18 16:04:52 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Music
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.11.18 16:04:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.11.18 15:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.11.18 15:56:34 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.11.18 15:56:14 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.11.18 15:55:25 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.11.18 15:55:12 | 000,000,000 | -HSD | C] -- C:\Boot
[2010.11.05 14:27:18 | 010,327,296 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Programme\ts3client_win64.exe
[2010.05.18 13:46:32 | 001,033,216 | ---- | C] (Firelight Technologies) -- C:\Programme\fmodex64.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.30 18:00:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2010.11.30 17:37:55 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.30 17:32:49 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.30 17:32:49 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.30 17:31:43 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.30 17:31:43 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.30 17:31:43 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.30 17:31:43 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.30 17:31:43 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.30 17:25:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.30 17:25:15 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.29 22:10:35 | 000,003,527 | ---- | M] () -- C:\Users\Christoph\Documents\Mein Film.wlmp
[2010.11.29 22:04:19 | 012,345,208 | ---- | M] () -- C:\Users\Christoph\Desktop\Zwegat 2.AVI
[2010.11.29 22:04:18 | 010,312,440 | ---- | M] () -- C:\Users\Christoph\Desktop\Zwegat 1.AVI
[2010.11.29 22:04:17 | 014,066,744 | ---- | M] () -- C:\Users\Christoph\Desktop\Outtake 2.AVI
[2010.11.29 21:42:35 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Christoph\Desktop\mbam-setup.exe
[2010.11.29 20:32:26 | 001,291,624 | ---- | M] (Microsoft Corporation) -- C:\Users\Christoph\Desktop\wlsetup-web__1_.exe
[2010.11.29 18:48:49 | 000,002,584 | ---- | M] () -- C:\Users\Christoph\Documents\Vegas Movie Studio HD Platinum registrieren.htm
[2010.11.29 18:12:46 | 153,184,264 | ---- | M] (Sony Creative Software Inc.) -- C:\Users\Christoph\Desktop\moviestudiope10.exe
[2010.11.29 18:04:36 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010.11.29 18:04:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.11.29 17:58:36 | 041,053,917 | ---- | M] () -- C:\Users\Christoph\Desktop\Neuer Ordner.zip
[2010.11.29 17:55:43 | 042,800,064 | ---- | M] () -- C:\Users\Christoph\Desktop\setup_av_pro_ger.exe
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.28 18:01:55 | 000,013,192 | ---- | M] () -- C:\Users\Christoph\Desktop\P17.sys - Verknüpfung.lnk
[2010.11.28 17:34:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Christoph\Desktop\HiJackThis204.exe
[2010.11.28 17:12:19 | 003,099,848 | ---- | M] () -- C:\Users\Christoph\Desktop\TeamViewer_Setup.exe
[2010.11.28 10:59:17 | 000,001,239 | ---- | M] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk
[2010.11.24 22:01:56 | 000,290,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.11.24 21:11:41 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.11.24 20:32:56 | 000,001,102 | ---- | M] () -- C:\Users\Christoph\Desktop\EVEREST Home Edition.lnk
[2010.11.24 20:25:20 | 000,001,044 | ---- | M] () -- C:\Users\Christoph\Desktop\Virtual DJ Home.lnk
[2010.11.22 22:50:11 | 000,004,062 | ---- | M] () -- C:\Users\Christoph\Documents\Metropolen.rtf
[2010.11.22 22:06:19 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.22 19:13:18 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.11.19 17:27:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.11.18 22:53:27 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.18 21:04:31 | 000,121,770 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files\Uninstall.exe
[2010.11.18 17:22:17 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.11.18 17:22:17 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.11.18 17:22:17 | 000,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.11.18 17:22:17 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.11.18 16:19:37 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010.11.18 16:00:19 | 000,056,735 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.11.18 16:00:19 | 000,056,735 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.11.18 15:58:13 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010.11.18 15:55:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.11.05 14:27:18 | 010,327,296 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files\ts3client_win64.exe
[2010.11.05 14:27:08 | 000,468,224 | ---- | M] () -- C:\Program Files\update.exe
[2010.11.05 14:27:02 | 000,034,858 | ---- | M] () -- C:\Program Files\apps.ini
[2010.11.05 14:27:02 | 000,000,990 | ---- | M] () -- C:\Program Files\mirrors.ini
 
========== Files Created - No Company Name ==========
 
[2010.11.29 22:10:34 | 000,003,527 | ---- | C] () -- C:\Users\Christoph\Documents\Mein Film.wlmp
[2010.11.29 21:43:44 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.29 18:45:57 | 000,002,584 | ---- | C] () -- C:\Users\Christoph\Documents\Vegas Movie Studio HD Platinum registrieren.htm
[2010.11.29 18:04:36 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010.11.29 18:04:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010.11.29 17:39:31 | 042,800,064 | ---- | C] () -- C:\Users\Christoph\Desktop\setup_av_pro_ger.exe
[2010.11.29 17:38:26 | 041,053,917 | ---- | C] () -- C:\Users\Christoph\Desktop\Neuer Ordner.zip
[2010.11.28 18:01:55 | 000,013,192 | ---- | C] () -- C:\Users\Christoph\Desktop\P17.sys - Verknüpfung.lnk
[2010.11.28 17:11:59 | 003,099,848 | ---- | C] () -- C:\Users\Christoph\Desktop\TeamViewer_Setup.exe
[2010.11.28 10:59:15 | 000,001,239 | ---- | C] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk
[2010.11.27 13:47:04 | 014,066,744 | ---- | C] () -- C:\Users\Christoph\Desktop\Outtake 2.AVI
[2010.11.27 13:41:54 | 012,345,208 | ---- | C] () -- C:\Users\Christoph\Desktop\Zwegat 2.AVI
[2010.11.27 13:40:38 | 010,312,440 | ---- | C] () -- C:\Users\Christoph\Desktop\Zwegat 1.AVI
[2010.11.24 21:11:41 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.11.24 20:32:56 | 000,001,102 | ---- | C] () -- C:\Users\Christoph\Desktop\EVEREST Home Edition.lnk
[2010.11.24 20:25:20 | 000,001,044 | ---- | C] () -- C:\Users\Christoph\Desktop\Virtual DJ Home.lnk
[2010.11.22 19:13:18 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.11.22 18:48:53 | 000,004,062 | ---- | C] () -- C:\Users\Christoph\Documents\Metropolen.rtf
[2010.11.19 17:27:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.11.18 22:53:27 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.18 17:22:48 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2010.11.18 16:19:37 | 000,190,976 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2010.11.18 16:19:37 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.11.18 16:19:37 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2010.11.18 16:19:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.11.18 16:19:37 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2010.11.18 15:58:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.18 15:56:14 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.18 15:55:13 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010.11.18 15:55:12 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010.11.05 14:27:20 | 000,080,905 | ---- | C] () -- C:\Programme\changelog.txt
[2010.11.05 14:27:08 | 000,468,224 | ---- | C] () -- C:\Programme\update.exe
[2010.11.05 14:27:02 | 000,034,858 | ---- | C] () -- C:\Programme\apps.ini
[2010.11.05 14:27:02 | 000,000,990 | ---- | C] () -- C:\Programme\mirrors.ini
[2010.05.17 09:29:02 | 010,144,768 | ---- | C] () -- C:\Programme\QtGui4.dll
[2010.03.25 10:57:36 | 002,699,264 | ---- | C] () -- C:\Programme\QtCore4.dll
[2010.03.22 10:59:00 | 000,934,400 | ---- | C] () -- C:\Programme\QtNetwork4.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.11.13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini

< End of report >
--- --- ---

Und zum Schluss Extras.txt vom OTL - ScanOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.11.2010 18:02:24 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Christoph\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 492,06 Gb Total Space | 447,95 Gb Free Space | 91,04% Space Free | Partition Type: NTFS
Drive D: | 48,73 Gb Total Space | 24,93 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
Drive E: | 390,53 Gb Total Space | 389,94 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" File not found
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" File not found
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"avast5" = avast! Pro Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"StarCraft II" = StarCraft II
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.11.2010 16:44:17 | Computer Name = Christoph-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\CHRIST~1\AppData\Local\Temp\RarSFX0\redist.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.11.2010 17:32:23 | Computer Name = Christoph-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 19.11.2010 12:47:44 | Computer Name = Christoph-PC | Source = ATIeRecord | ID = 16389
Description = ATI EEU the creation of a class has failed
 
Error - 24.11.2010 16:56:12 | Computer Name = Christoph-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16671,
 Zeitstempel: 0x4c86f9be  Name des fehlerhaften Moduls: GenericAskToolbar.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4ca2d1ef  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x70c48784  ID des fehlerhaften Prozesses: 0x10a8  Startzeit der fehlerhaften Anwendung:
 0x01cb8c1a0377452d  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
 Explorer\iexplore.exe  Pfad des fehlerhaften Moduls: GenericAskToolbar.dll  Berichtskennung:
 44d62021-f80d-11df-b8ac-001fd05a7c41
 
[ System Events ]
Error - 22.11.2010 17:09:50 | Computer Name = Christoph-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 22.11.2010 17:10:12 | Computer Name = Christoph-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 22.11.2010 17:10:20 | Computer Name = Christoph-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 22.11.2010 17:10:24 | Computer Name = Christoph-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 22.11.2010 17:10:37 | Computer Name = Christoph-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 22.11.2010 17:11:21 | Computer Name = Christoph-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 23.11.2010 11:46:32 | Computer Name = Christoph-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 24.11.2010 15:33:06 | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%577
 
Error - 24.11.2010 15:33:06 | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%577
 
Error - 26.11.2010 17:56:24 | Computer Name = Christoph-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?11.?2010 um 20:33:14 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---

Dankeschön schonmal ;-)
Gruß Christoph

Alt 30.11.2010, 20:27   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner, ich weiß nicht mehr weiter... - Standard

Trojaner, ich weiß nicht mehr weiter...


Wurde tatsächlich nichts gefunden oder hast du nur das Log ohne Funde gepostet?

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.11.2010, 21:42   #6
Christop
 
Trojaner, ich weiß nicht mehr weiter... - Standard

Trojaner, ich weiß nicht mehr weiter...


Es wurde leider nichts gefunden...

Alt 30.11.2010, 22:36   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner, ich weiß nicht mehr weiter... - Standard

Trojaner, ich weiß nicht mehr weiter...


Nach format c: kann kein Schädling mehr so aktiv sein. Sind die Passwörter von battle.net evtl zu einfach gestrickt? Hast du noch einen anderen wmöglich inifzierten PC, mit dem du dich in battle.net eingeloggt hast? Dubiose Tools/Trainer ausgeführt?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.11.2010, 23:00   #8
Christop
 
Trojaner, ich weiß nicht mehr weiter... - Standard

Trojaner, ich weiß nicht mehr weiter...


Ne, eigentlich nichts der gleichen, habe auch an nem anderen PC mal das PW geändert und dann habe ich auch Ruhe, man bekommt ja immer eine Mail wenn das BN-PW geändert wird. Von daher muss es an diesem PC liegen...verstehe einfach nicht was da vor sicht geht, bzw. was man dagegen machen kann...
Gruß Chrsitoph

Antwort

Themen zu Trojaner, ich weiß nicht mehr weiter...
antivir guard, battle.net, bho, boot, button, converter, explorer, formatieren, free, helper, icq, internet, internet explorer, keylogger, logfile, lsass.exe, malware, micro, mp3, object, passwort, plug-in, scan, spoolsv.exe, trojaner, userinit, windows, windowssystem


« Programme plötzlich gelöscht | Internet Explorer öffnet sich automatisch »


Ähnliche Themen: Trojaner, ich weiß nicht mehr weiter...


  1. Spam-Trojaner oder Mailkontomissbrauch? Weiß nicht mehr weiter.
    Plagegeister aller Art und deren Bekämpfung - 30.06.2014 (3)
  2. Ich weiß nicht mehr weiter :-(
    Plagegeister aller Art und deren Bekämpfung - 06.05.2014 (26)
  3. Ich weiß nicht mehr weiter ...
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (22)
  4. Browser Hjacher oder Trojaner, ich weiß nicht mehr weiter
    Plagegeister aller Art und deren Bekämpfung - 20.01.2009 (0)
  5. Hilfe, ich weiß nicht mehr weiter
    Mülltonne - 08.12.2008 (3)
  6. ich weiß nicht mehr weiter =(
    Log-Analyse und Auswertung - 23.06.2008 (9)
  7. Weiß nicht mehr weiter ... Spybot `???
    Plagegeister aller Art und deren Bekämpfung - 07.02.2008 (7)
  8. Weiß nicht mehr weiter.....
    Log-Analyse und Auswertung - 11.07.2007 (5)
  9. HILFE - Ich weiß nicht mehr weiter - Trojaner Click.Small.KJ.14 + svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 10.09.2006 (3)
  10. Weiß nicht mehr weiter ...
    Log-Analyse und Auswertung - 30.04.2006 (5)
  11. Hilfe... weiß nicht mehr weiter
    Log-Analyse und Auswertung - 24.04.2006 (21)
  12. AW: Hilfe... weiß nicht mehr weiter
    Mülltonne - 24.04.2006 (0)
  13. Also ich weiß nicht mehr weiter...
    Log-Analyse und Auswertung - 12.09.2005 (18)
  14. Weiß nicht mehr weiter...
    Log-Analyse und Auswertung - 01.06.2005 (1)
  15. Weiß nicht mehr weiter
    Plagegeister aller Art und deren Bekämpfung - 23.01.2005 (5)
  16. 100% Cpu Auslastung,weiß nicht mehr weiter......!?!
    Log-Analyse und Auswertung - 23.01.2005 (12)
  17. Ich weiß nicht mehr weiter ...
    Plagegeister aller Art und deren Bekämpfung - 21.09.2004 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner, ich weiß nicht mehr weiter... - Hallo zusammen, ich habe vermutlich eine Keylogger oder so ein Shit auf meinem Pc und weiß nicht mehr weiter. Nachdem mein Battle.net Passwort also (Sc und WoW) geändert wurde habe - Trojaner, ich weiß nicht mehr weiter......
Archiv
Du betrachtest: Trojaner, ich weiß nicht mehr weiter... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131