CPU ausgelastet, Lüfter läuft ständig

wake0071 · 14.03.2011, 17:59

Hallo zusammen,

ich weiß nicht mehr weiter. Die CPU meines Notebooks ist andauernd ausgelastet, mal geht es auf 10 % runter aber dann wieder auf 100% ich weiß nicht woran das liegt. Desweiteren springt auch mein Lüfter dann dauernd an

Hier die Daten zum Notebook:

ASUS Pro31S

Prozessor: Intel Core 2 Duo CPU T5750 @2,00GhZ

Betriebssystem 65-Bit

Windows 7 Ultimate

Hier ist die Logfile auswertung. Bitte um Hilfe

Vielen Dank im Vorraus wake0071

Zitat:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:51:17, on 14.03.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\ICQ7.2\ICQ.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Rouven\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rouven\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rouven\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Rouven\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rouven\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rouven\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {6edc3889-b841-4127-a2bf-c5fc48f972c7} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,C:\Windows\system32\sdra64.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RfxSrvTray] "C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rouven\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Free YouTube Download - C:\Users\Rouven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Radio.fx Server (Radio.fx) - Unknown owner - C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Windows Service Manager (svchost32) - Unknown owner - C:\Windows\system32\oobe\svchost.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12049 bytes

cosinus · 14.03.2011, 19:12

Bitte beachten

=> http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html

wake0071 · 14.03.2011, 19:43

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6054

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.03.2011 19:40:54
mbam-log-2011-03-14 (19-40-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 162525
Laufzeit: 3 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 6

Infizierte Speicherprozesse:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 2280 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\B60JHDGR6V (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\restorpoint (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Windows\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\restorpoint\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

cosinus · 14.03.2011, 19:58

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

wake0071 · 14.03.2011, 20:02

So hier sind die anderen

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6054

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.03.2011 19:52:45
mbam-log-2011-03-14 (19-52-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 36568
Laufzeit: 3 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6054

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.03.2011 19:56:18
mbam-log-2011-03-14 (19-56-18).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 162187
Laufzeit: 3 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

von OTL

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.03.2011 19:54:29 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Rouven\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 171,16 Gb Free Space | 57,42% Space Free | Partition Type: NTFS
 
Computer Name: ROUVEN-PC | User Name: Rouven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.14 18:28:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rouven\Desktop\OTL.exe
PRC - [2011.03.11 09:03:30 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.02.28 13:55:02 | 003,577,688 | ---- | M] () -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2011.01.27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.01.26 16:09:16 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.26 16:09:05 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.01.26 16:09:05 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.26 16:09:04 | 000,539,304 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2011.01.26 16:09:04 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.2\ICQ.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.10.22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2010.01.13 13:24:53 | 000,686,344 | ---- | M] (Tobit.Software) -- C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.14 18:28:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rouven\Desktop\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.03.11 09:03:30 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.02.28 13:55:02 | 003,577,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.01.27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.01.26 16:09:16 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.26 16:09:05 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.01.26 16:09:05 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.26 16:09:04 | 000,539,304 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2010.10.22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.24 22:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.02.04 13:58:25 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.01.26 16:09:31 | 000,126,792 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2011.01.26 16:09:31 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.01.26 16:09:31 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.11.12 13:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010.10.07 13:11:50 | 007,533,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwLv64.sys -- (NETwLv64)     Intel(R)
DRV:64bit: - [2010.09.22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010.09.13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010.06.17 14:22:42 | 000,098,120 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.03.16 23:12:16 | 001,308,672 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA)
DRV:64bit: - [2010.01.12 20:39:37 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.01.12 20:39:37 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.01.12 20:39:37 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.01.12 20:39:37 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.10.26 15:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial)
DRV:64bit: - [2009.10.10 03:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009.06.25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.25 03:14:46 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 18:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.08.09 01:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2008.09.05 00:00:00 | 000,021,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 -- (EverestDriver)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Private search | Tracking disabled
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 93 D7 FB 98 9F CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {6edc3889-b841-4127-a2bf-c5fc48f972c7} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010.12.18 01:44:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010.12.18 01:44:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2011.03.03 14:35:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files (x86)\Mobile Master\ext\1\ [2010.12.20 23:28:41 | 000,000,000 | ---D | M]
 
[2011.03.03 12:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.18 01:50:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - No CLSID value found.
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6EDC3889-B841-4127-A2BF-C5FC48F972C7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RfxSrvTray] C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Rouven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Rouven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{20e4ad36-305d-11e0-96e3-001fc651ad2d}\Shell - "" = AutoRun
O33 - MountPoints2\{20e4ad36-305d-11e0-96e3-001fc651ad2d}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2099.01.01 21:59:42 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Local\{99E29B0F-A24A-4700-A46D-5E7FE1D9330A}
[2011.03.14 19:22:54 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Malwarebytes
[2011.03.14 19:22:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.03.14 19:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.14 19:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.14 19:22:42 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.03.14 19:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.03.14 18:28:00 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Rouven\Desktop\Erunt-setup.exe
[2011.03.14 18:27:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Rouven\Desktop\OTL.exe
[2011.03.14 18:27:59 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Rouven\Desktop\TFC.exe
[2011.03.14 17:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.03.14 17:50:33 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.03.13 09:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.03.13 09:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.03.13 09:47:51 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.03.13 09:47:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.03.13 09:47:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.03.13 09:47:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.03.11 09:24:33 | 000,000,000 | ---D | C] -- C:\AV-CLS
[2011.03.11 09:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011.03.11 09:10:18 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Avira
[2011.03.11 09:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.03.11 09:01:08 | 000,126,792 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2011.03.11 09:01:08 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.03.11 09:01:08 | 000,098,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2011.03.11 09:01:08 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.03.11 09:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.03.11 09:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.03.09 10:46:04 | 000,000,000 | ---D | C] -- C:\5edebd2f221e1e5d733692d04d1e87
[2011.03.09 05:58:42 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.03.09 05:58:41 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.03.09 05:58:41 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.03.09 05:58:41 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.03.09 05:58:40 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011.03.09 05:58:40 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011.03.09 05:58:40 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011.03.09 05:58:40 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.03.09 05:58:40 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011.03.09 05:58:40 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.03.09 05:58:40 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011.03.09 05:58:39 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011.03.09 05:58:35 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011.03.09 05:58:35 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011.03.09 05:58:35 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011.03.09 05:58:35 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011.03.07 05:54:45 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Desktop\Neuer Ordner
[2011.03.06 23:36:41 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Desktop\Profilbilder_files
[2011.03.05 05:21:25 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Local\Preton_Ltd
[2011.03.05 05:20:57 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Local\IsolatedStorage
[2011.03.04 22:52:43 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Apple Computer
[2011.03.04 22:52:43 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Local\Apple Computer
[2011.03.04 22:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.04 22:52:31 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011.03.04 22:52:31 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011.03.04 22:52:31 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011.03.04 22:52:06 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.04 22:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.03.04 22:52:06 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.04 22:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011.03.04 22:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.03.04 22:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.03.04 22:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.03.04 22:50:52 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Local\Apple
[2011.03.04 22:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.03.04 22:50:40 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2011.03.04 22:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.03.04 22:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011.03.03 14:44:44 | 000,000,000 | ---D | C] -- C:\Programme\Preton
[2011.03.03 14:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmazonIcon
[2011.03.03 14:43:52 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Documents\billeo
[2011.03.03 14:41:07 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2011.03.03 14:40:50 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\AVG10
[2011.03.03 14:35:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.03.03 14:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011.03.03 14:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011.03.03 14:35:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011.03.03 14:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011.03.03 14:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.03.03 14:08:21 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2011.03.03 14:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.03.03 13:33:53 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.03.02 16:39:25 | 037,443,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011.03.01 21:32:37 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Databecker-com_to_Date_Pro_Nulled
[2011.03.01 21:19:08 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Garmin
[2011.03.01 21:14:55 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Tobi
[2011.03.01 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\Rouven\BROTHER DCP 135C
[2011.03.01 21:12:18 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Desktop\WIN7_x64_Pre-Activated
[2011.03.01 21:07:47 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Martina
[2011.03.01 21:04:51 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Microsoft_Office_2007_Deutsch_inkl._Key
[2011.03.01 21:04:28 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Fußballturnier
[2011.03.01 21:02:30 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Burning Board 3.1 Nulled with _plug-ins_ mods and hacks_
[2011.03.01 20:52:23 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Malik
[2011.03.01 20:48:45 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Documents\OneNote-Notizbücher
[2011.03.01 18:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011.02.24 17:51:53 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\CocoonSoftware
[2011.02.24 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Local\WDSetup
[2011.02.23 09:06:57 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 09:06:57 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 09:06:57 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 09:06:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.21 21:11:10 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Desktop\Antje Filme
[2011.02.21 16:50:59 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Documents\Usenet.nl
[2011.02.20 23:11:04 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.02.20 19:43:55 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Aushilfe
[2011.02.19 12:39:10 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Tobit
[2011.02.19 12:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software
[2011.02.19 12:38:38 | 003,523,928 | ---- | C] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[2011.02.19 12:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tobit
[2011.02.19 12:38:37 | 003,523,928 | ---- | C] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2011.02.19 12:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tobit Radio.fx
[2011.02.16 21:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2011.02.15 20:09:52 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Posteriza
[2011.02.15 20:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Posteriza
[2011.02.15 20:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\POSTERIZA
[2011.02.15 20:09:33 | 000,768,776 | ---- | C] (e-Presencia) -- C:\Users\Rouven\Desktop\posteriza_install_v1_1_1.exe
[2011.02.15 20:05:37 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Keseling
[2011.02.15 20:04:45 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Desktop\Filme
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.14 19:55:16 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Rouven\Desktop\Erunt-setup.exe
[2011.03.14 19:55:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rouven\Desktop\TFC.exe
[2011.03.14 19:52:53 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.14 19:52:53 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.14 19:45:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.14 19:45:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.14 19:44:59 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.14 19:36:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075571968-248755595-1205296925-1001UA.job
[2011.03.14 19:32:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.14 19:22:46 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.14 18:28:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rouven\Desktop\OTL.exe
[2011.03.14 17:50:33 | 000,003,013 | ---- | M] () -- C:\Users\Rouven\Desktop\HiJackThis.lnk
[2011.03.13 12:40:23 | 000,005,701 | ---- | M] () -- C:\Users\Rouven\Desktop\Anleitung.html
[2011.03.13 09:36:43 | 000,002,405 | ---- | M] () -- C:\Users\Rouven\Desktop\Google Chrome.lnk
[2011.03.11 13:46:46 | 000,007,610 | ---- | M] () -- C:\Users\Rouven\AppData\Local\Resmon.ResmonCfg
[2011.03.11 13:36:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075571968-248755595-1205296925-1001Core.job
[2011.03.11 09:16:39 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.11 09:16:39 | 000,656,040 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.03.11 09:16:39 | 000,616,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.11 09:16:39 | 000,130,640 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.03.11 09:16:39 | 000,106,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.03.11 09:01:58 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.03.09 18:10:21 | 000,004,943 | ---- | M] () -- C:\Users\Rouven\Desktop\schutzengel-neu-918344-mbhf,templateId=renderScaled,property=Bild,height=137.jpg
[2011.03.08 06:12:34 | 000,859,256 | ---- | M] () -- C:\Users\Rouven\Desktop\Unbenannt-1.jpg
[2011.03.07 17:43:13 | 001,673,074 | ---- | M] () -- C:\Users\Rouven\Desktop\Einschulung_Antje 001.JPG
[2011.03.07 17:17:09 | 002,090,989 | ---- | M] () -- C:\Users\Rouven\Desktop\Unbenannt-2.jpg
[2011.03.07 17:11:08 | 001,971,009 | ---- | M] () -- C:\Users\Rouven\Desktop\Unbenannt-3.jpg
[2011.03.07 16:50:05 | 001,905,678 | ---- | M] () -- C:\Users\Rouven\Desktop\Antje neu
[2011.03.07 16:09:22 | 000,000,845 | ---- | M] () -- C:\Users\Rouven\.recently-used.xbel
[2011.03.06 23:57:42 | 002,951,253 | ---- | M] () -- C:\Users\Rouven\Desktop\112.JPG
[2011.03.06 23:37:51 | 000,075,308 | ---- | M] () -- C:\Users\Rouven\Desktop\Download.jpg
[2011.03.06 23:36:41 | 000,316,434 | ---- | M] () -- C:\Users\Rouven\Desktop\Profilbilder.htm
[2011.03.04 22:52:34 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.04 22:51:12 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.03.03 21:41:45 | 000,052,982 | ---- | M] () -- C:\Users\Rouven\Desktop\birthday-geburtstagskarte_bunt.gif
[2011.03.03 14:43:54 | 000,001,278 | ---- | M] () -- C:\Users\Rouven\Desktop\Amazon.lnk
[2011.03.03 14:35:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011.03.03 14:28:50 | 005,765,904 | ---- | M] () -- C:\Users\Rouven\Desktop\HSS-1.57-install-anchorfree-244-ask4.exe
[2011.03.03 14:08:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.03.02 00:20:45 | 000,028,418 | ---- | M] () -- C:\Users\Rouven\Desktop\Kündigung vom 02.02.2011.pdf
[2011.03.01 21:42:19 | 000,001,340 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2011.03.01 18:02:33 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.03.01 01:20:39 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011.02.27 23:23:18 | 000,046,556 | ---- | M] () -- C:\Users\Rouven\Lebenslauf.pdf
[2011.02.27 23:19:13 | 000,906,495 | ---- | M] () -- C:\Users\Rouven\Anlagen.pdf
[2011.02.27 16:00:42 | 003,048,230 | ---- | M] () -- C:\Users\Rouven\DSCF0027.JPG
[2011.02.24 18:23:34 | 003,523,928 | ---- | M] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2011.02.24 18:23:34 | 003,523,928 | ---- | M] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[2011.02.24 17:48:51 | 000,004,151 | ---- | M] () -- C:\ProgramData\hnbdehzc.pfe
[2011.02.23 00:24:10 | 000,064,350 | ---- | M] () -- C:\Users\Rouven\Documents\Mein Film.wlmp
[2011.02.20 23:48:16 | 000,138,511 | ---- | M] () -- C:\Users\Rouven\Desktop\SchollGyO.JPG
[2011.02.20 23:15:42 | 000,511,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.19 15:03:37 | 000,051,200 | ---- | M] () -- C:\Windows\SysNative\netjoind.dll
[2011.02.19 12:38:51 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Radio.fx.LNK
[2011.02.19 07:37:10 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.02.19 07:36:49 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.02.19 06:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.02.19 06:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.02.16 23:05:44 | 000,000,924 | ---- | M] () -- C:\Windows\posteriza.INI
[2011.02.16 21:37:08 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.02.15 22:30:03 | 000,017,426 | ---- | M] () -- C:\Users\Rouven\Desktop\pic_7401585_1248978451.jpg
[2011.02.15 22:15:59 | 000,033,055 | ---- | M] () -- C:\Users\Rouven\Desktop\zupfiopnkgdd.jpg
[2011.02.15 20:09:53 | 000,001,019 | ---- | M] () -- C:\Users\Rouven\Desktop\POSTERIZA.lnk
[2011.02.15 20:09:38 | 000,768,776 | ---- | M] (e-Presencia) -- C:\Users\Rouven\Desktop\posteriza_install_v1_1_1.exe
 
========== Files Created - No Company Name ==========
 
[2011.03.14 19:22:46 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.14 17:50:33 | 000,003,013 | ---- | C] () -- C:\Users\Rouven\Desktop\HiJackThis.lnk
[2011.03.13 12:41:14 | 000,005,701 | ---- | C] () -- C:\Users\Rouven\Desktop\Anleitung.html
[2011.03.11 09:01:57 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.03.09 18:10:26 | 000,004,943 | ---- | C] () -- C:\Users\Rouven\Desktop\schutzengel-neu-918344-mbhf,templateId=renderScaled,property=Bild,height=137.jpg
[2011.03.07 17:42:19 | 001,673,074 | ---- | C] () -- C:\Users\Rouven\Desktop\Einschulung_Antje 001.JPG
[2011.03.07 17:15:31 | 002,090,989 | ---- | C] () -- C:\Users\Rouven\Desktop\Unbenannt-2.jpg
[2011.03.07 17:09:37 | 001,971,009 | ---- | C] () -- C:\Users\Rouven\Desktop\Unbenannt-3.jpg
[2011.03.07 16:51:07 | 000,859,256 | ---- | C] () -- C:\Users\Rouven\Desktop\Unbenannt-1.jpg
[2011.03.07 16:48:37 | 001,905,678 | ---- | C] () -- C:\Users\Rouven\Desktop\Antje neu
[2011.03.07 16:09:22 | 000,000,845 | ---- | C] () -- C:\Users\Rouven\.recently-used.xbel
[2011.03.07 16:07:52 | 002,947,558 | ---- | C] () -- C:\Users\Rouven\Desktop\DSCF0061.JPG
[2011.03.06 23:57:42 | 002,951,253 | ---- | C] () -- C:\Users\Rouven\Desktop\112.JPG
[2011.03.06 23:37:53 | 000,075,308 | ---- | C] () -- C:\Users\Rouven\Desktop\Download.jpg
[2011.03.06 23:36:37 | 000,316,434 | ---- | C] () -- C:\Users\Rouven\Desktop\Profilbilder.htm
[2011.03.04 22:52:34 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.04 22:51:12 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.03.04 22:50:51 | 000,002,563 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.03.03 21:41:52 | 000,052,982 | ---- | C] () -- C:\Users\Rouven\Desktop\birthday-geburtstagskarte_bunt.gif
[2011.03.03 14:43:54 | 000,001,278 | ---- | C] () -- C:\Users\Rouven\Desktop\Amazon.lnk
[2011.03.03 14:35:38 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011.03.03 14:27:34 | 005,765,904 | ---- | C] () -- C:\Users\Rouven\Desktop\HSS-1.57-install-anchorfree-244-ask4.exe
[2011.03.03 13:33:55 | 000,002,405 | ---- | C] () -- C:\Users\Rouven\Desktop\Google Chrome.lnk
[2011.03.03 13:31:33 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075571968-248755595-1205296925-1001UA.job
[2011.03.03 13:31:32 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075571968-248755595-1205296925-1001Core.job
[2011.03.03 12:46:48 | 000,007,610 | ---- | C] () -- C:\Users\Rouven\AppData\Local\Resmon.ResmonCfg
[2011.03.02 00:20:43 | 000,028,418 | ---- | C] () -- C:\Users\Rouven\Desktop\Kündigung vom 02.02.2011.pdf
[2011.03.01 21:13:29 | 000,000,521 | ---- | C] () -- C:\Users\Rouven\WIN7_x64_Pre-Activated.iso
[2011.03.01 20:48:53 | 000,001,340 | ---- | C] () -- C:\Users\Rouven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2011.03.01 18:02:33 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.03.01 18:02:33 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.02.27 23:19:58 | 000,046,556 | ---- | C] () -- C:\Users\Rouven\Lebenslauf.pdf
[2011.02.27 23:19:11 | 000,906,495 | ---- | C] () -- C:\Users\Rouven\Anlagen.pdf
[2011.02.27 16:00:54 | 003,048,230 | ---- | C] () -- C:\Users\Rouven\DSCF0027.JPG
[2011.02.24 17:48:51 | 000,004,151 | ---- | C] () -- C:\ProgramData\hnbdehzc.pfe
[2011.02.23 00:24:10 | 000,064,350 | ---- | C] () -- C:\Users\Rouven\Documents\Mein Film.wlmp
[2011.02.20 23:48:14 | 000,138,511 | ---- | C] () -- C:\Users\Rouven\Desktop\SchollGyO.JPG
[2011.02.19 21:42:57 | 732,297,216 | ---- | C] () -- C:\Users\Rouven\pl-wolfman_xvid.avi
[2011.02.19 15:03:37 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\netjoind.dll
[2011.02.19 12:38:51 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\Radio.fx.LNK
[2011.02.19 12:38:37 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2011.02.16 23:05:43 | 000,000,924 | ---- | C] () -- C:\Windows\posteriza.INI
[2011.02.16 21:37:08 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.02.15 22:30:03 | 000,017,426 | ---- | C] () -- C:\Users\Rouven\Desktop\pic_7401585_1248978451.jpg
[2011.02.15 22:15:58 | 000,033,055 | ---- | C] () -- C:\Users\Rouven\Desktop\zupfiopnkgdd.jpg
[2011.02.15 20:09:53 | 000,001,019 | ---- | C] () -- C:\Users\Rouven\Desktop\POSTERIZA.lnk
[2010.12.24 03:27:51 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.12.22 00:18:38 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2010.12.22 00:18:38 | 000,000,169 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2010.12.22 00:17:03 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2010.12.22 00:17:03 | 000,000,205 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2010.12.22 00:17:01 | 000,001,318 | ---- | C] () -- C:\Windows\cm108.ini
[2010.12.18 17:42:36 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.12.18 17:42:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.12.18 02:18:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.18 02:05:04 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010.12.18 01:46:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.11.24 00:43:55 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 00:16:42 | 001,868,944 | ---- | C] () -- C:\Windows\SysWow64\RSA32_16.DLL
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.11.11 22:52:50 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\mmSQL.dll
 
========== LOP Check ==========
 
[2010.11.23 23:59:09 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\7211FA0867870DF27ABFAE9D3DB3EC9A
[2010.11.25 14:30:02 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Acym
[2010.12.21 23:33:46 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Ashampoo
[2011.03.03 14:40:50 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\AVG10
[2010.11.24 15:21:51 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\BuddyW
[2010.12.31 02:44:55 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Byke
[2011.02.24 17:51:53 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\CocoonSoftware
[2011.02.04 14:00:26 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\DAEMON Tools Lite
[2010.12.30 15:42:52 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.25 14:20:34 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Ecroze
[2010.12.28 01:52:21 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Exfy
[2010.12.19 02:51:21 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\FileZilla
[2010.12.28 03:34:10 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\GetRightToGo
[2011.02.04 12:36:46 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\gtk-2.0
[2011.03.14 19:46:04 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\ICQ
[2010.12.19 02:23:41 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\IrfanView
[2010.12.20 23:27:35 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Jumping Bytes
[2010.12.28 01:00:09 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Kanaru
[2011.02.15 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Keseling
[2010.12.18 01:44:22 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Local
[2011.02.20 22:52:58 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\MAGIX
[2011.02.10 17:48:28 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\ManyCam
[2010.12.21 00:20:25 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\ML
[2010.12.20 23:32:15 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Mobile Master
[2010.12.28 01:52:21 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Nesuev
[2010.11.23 22:21:44 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Nvu
[2011.01.01 22:10:41 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Ohxa
[2009.12.27 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Okuz
[2010.12.28 01:52:21 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Ortu
[2011.02.20 22:55:01 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\ProtectDisc
[2011.03.13 09:35:20 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Samsung
[2011.02.19 12:39:10 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Tobit
[2010.11.24 22:09:35 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Uzyzko
[2010.11.26 20:24:04 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Wawala
[2010.12.28 00:56:46 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Xire
[2009.12.27 01:02:26 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Xuisw
[2011.01.29 15:37:02 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Zyyww
[2011.03.08 23:34:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

wake0071 · 14.03.2011, 20:03

So hier sind die anderen

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6054

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.03.2011 19:52:45
mbam-log-2011-03-14 (19-52-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 36568
Laufzeit: 3 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6054

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.03.2011 19:56:18
mbam-log-2011-03-14 (19-56-18).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 162187
Laufzeit: 3 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

von OTL
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.03.2011 19:54:29 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Rouven\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 171,16 Gb Free Space | 57,42% Space Free | Partition Type: NTFS
 
Computer Name: ROUVEN-PC | User Name: Rouven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.14 18:28:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rouven\Desktop\OTL.exe
PRC - [2011.03.11 09:03:30 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.02.28 13:55:02 | 003,577,688 | ---- | M] () -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2011.01.27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.01.26 16:09:16 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.26 16:09:05 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.01.26 16:09:05 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.26 16:09:04 | 000,539,304 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2011.01.26 16:09:04 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.2\ICQ.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.10.22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2010.01.13 13:24:53 | 000,686,344 | ---- | M] (Tobit.Software) -- C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.14 18:28:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rouven\Desktop\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.03.11 09:03:30 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.02.28 13:55:02 | 003,577,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.01.27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.01.26 16:09:16 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.26 16:09:05 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.01.26 16:09:05 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.26 16:09:04 | 000,539,304 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2010.10.22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.24 22:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.02.04 13:58:25 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.01.26 16:09:31 | 000,126,792 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2011.01.26 16:09:31 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.01.26 16:09:31 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.11.12 13:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010.10.07 13:11:50 | 007,533,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwLv64.sys -- (NETwLv64)     Intel(R)
DRV:64bit: - [2010.09.22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010.09.13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010.06.17 14:22:42 | 000,098,120 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.03.16 23:12:16 | 001,308,672 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA)
DRV:64bit: - [2010.01.12 20:39:37 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.01.12 20:39:37 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.01.12 20:39:37 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.01.12 20:39:37 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.10.26 15:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial)
DRV:64bit: - [2009.10.10 03:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009.06.25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.25 03:14:46 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 18:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.08.09 01:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2008.09.05 00:00:00 | 000,021,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 -- (EverestDriver)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 93 D7 FB 98 9F CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {6edc3889-b841-4127-a2bf-c5fc48f972c7} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010.12.18 01:44:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010.12.18 01:44:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2011.03.03 14:35:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files (x86)\Mobile Master\ext\1\ [2010.12.20 23:28:41 | 000,000,000 | ---D | M]
 
[2011.03.03 12:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.18 01:50:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - No CLSID value found.
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6EDC3889-B841-4127-A2BF-C5FC48F972C7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RfxSrvTray] C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Rouven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Rouven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{20e4ad36-305d-11e0-96e3-001fc651ad2d}\Shell - "" = AutoRun
O33 - MountPoints2\{20e4ad36-305d-11e0-96e3-001fc651ad2d}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2099.01.01 21:59:42 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Local\{99E29B0F-A24A-4700-A46D-5E7FE1D9330A}
[2011.03.14 19:22:54 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Malwarebytes
[2011.03.14 19:22:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.03.14 19:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.14 19:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.14 19:22:42 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.03.14 19:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.03.14 18:28:00 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Rouven\Desktop\Erunt-setup.exe
[2011.03.14 18:27:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Rouven\Desktop\OTL.exe
[2011.03.14 18:27:59 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Rouven\Desktop\TFC.exe
[2011.03.14 17:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.03.14 17:50:33 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.03.13 09:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.03.13 09:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.03.13 09:47:51 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.03.13 09:47:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.03.13 09:47:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.03.13 09:47:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.03.11 09:24:33 | 000,000,000 | ---D | C] -- C:\AV-CLS
[2011.03.11 09:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011.03.11 09:10:18 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Avira
[2011.03.11 09:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.03.11 09:01:08 | 000,126,792 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2011.03.11 09:01:08 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.03.11 09:01:08 | 000,098,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2011.03.11 09:01:08 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.03.11 09:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.03.11 09:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.03.09 10:46:04 | 000,000,000 | ---D | C] -- C:\5edebd2f221e1e5d733692d04d1e87
[2011.03.09 05:58:42 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.03.09 05:58:41 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.03.09 05:58:41 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.03.09 05:58:41 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.03.09 05:58:40 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011.03.09 05:58:40 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011.03.09 05:58:40 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011.03.09 05:58:40 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.03.09 05:58:40 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011.03.09 05:58:40 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.03.09 05:58:40 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011.03.09 05:58:39 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011.03.09 05:58:35 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011.03.09 05:58:35 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011.03.09 05:58:35 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011.03.09 05:58:35 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011.03.07 05:54:45 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Desktop\Neuer Ordner
[2011.03.06 23:36:41 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Desktop\Profilbilder_files
[2011.03.05 05:21:25 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Local\Preton_Ltd
[2011.03.05 05:20:57 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Local\IsolatedStorage
[2011.03.04 22:52:43 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Apple Computer
[2011.03.04 22:52:43 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Local\Apple Computer
[2011.03.04 22:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.04 22:52:31 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011.03.04 22:52:31 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011.03.04 22:52:31 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011.03.04 22:52:06 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.04 22:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.03.04 22:52:06 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.04 22:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011.03.04 22:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.03.04 22:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.03.04 22:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.03.04 22:50:52 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Local\Apple
[2011.03.04 22:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.03.04 22:50:40 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2011.03.04 22:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.03.04 22:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011.03.03 14:44:44 | 000,000,000 | ---D | C] -- C:\Programme\Preton
[2011.03.03 14:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmazonIcon
[2011.03.03 14:43:52 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Documents\billeo
[2011.03.03 14:41:07 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2011.03.03 14:40:50 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\AVG10
[2011.03.03 14:35:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.03.03 14:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011.03.03 14:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011.03.03 14:35:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011.03.03 14:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011.03.03 14:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.03.03 14:08:21 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2011.03.03 14:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.03.03 13:33:53 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.03.02 16:39:25 | 037,443,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011.03.01 21:32:37 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Databecker-com_to_Date_Pro_Nulled
[2011.03.01 21:19:08 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Garmin
[2011.03.01 21:14:55 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Tobi
[2011.03.01 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\Rouven\BROTHER DCP 135C
[2011.03.01 21:12:18 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Desktop\WIN7_x64_Pre-Activated
[2011.03.01 21:07:47 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Martina
[2011.03.01 21:04:51 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Microsoft_Office_2007_Deutsch_inkl._Key
[2011.03.01 21:04:28 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Fußballturnier
[2011.03.01 21:02:30 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Burning Board 3.1 Nulled with _plug-ins_ mods and hacks_
[2011.03.01 20:52:23 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Malik
[2011.03.01 20:48:45 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Documents\OneNote-Notizbücher
[2011.03.01 18:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011.02.24 17:51:53 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\CocoonSoftware
[2011.02.24 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Local\WDSetup
[2011.02.23 09:06:57 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 09:06:57 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 09:06:57 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 09:06:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.21 21:11:10 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Desktop\Antje Filme
[2011.02.21 16:50:59 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Documents\Usenet.nl
[2011.02.20 23:11:04 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.02.20 19:43:55 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Aushilfe
[2011.02.19 12:39:10 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Tobit
[2011.02.19 12:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software
[2011.02.19 12:38:38 | 003,523,928 | ---- | C] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[2011.02.19 12:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tobit
[2011.02.19 12:38:37 | 003,523,928 | ---- | C] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2011.02.19 12:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tobit Radio.fx
[2011.02.16 21:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2011.02.15 20:09:52 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Posteriza
[2011.02.15 20:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Posteriza
[2011.02.15 20:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\POSTERIZA
[2011.02.15 20:09:33 | 000,768,776 | ---- | C] (e-Presencia) -- C:\Users\Rouven\Desktop\posteriza_install_v1_1_1.exe
[2011.02.15 20:05:37 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Keseling
[2011.02.15 20:04:45 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Desktop\Filme
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.14 19:55:16 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Rouven\Desktop\Erunt-setup.exe
[2011.03.14 19:55:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rouven\Desktop\TFC.exe
[2011.03.14 19:52:53 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.14 19:52:53 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.14 19:45:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.14 19:45:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.14 19:44:59 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.14 19:36:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075571968-248755595-1205296925-1001UA.job
[2011.03.14 19:32:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.14 19:22:46 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.14 18:28:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rouven\Desktop\OTL.exe
[2011.03.14 17:50:33 | 000,003,013 | ---- | M] () -- C:\Users\Rouven\Desktop\HiJackThis.lnk
[2011.03.13 12:40:23 | 000,005,701 | ---- | M] () -- C:\Users\Rouven\Desktop\Anleitung.html
[2011.03.13 09:36:43 | 000,002,405 | ---- | M] () -- C:\Users\Rouven\Desktop\Google Chrome.lnk
[2011.03.11 13:46:46 | 000,007,610 | ---- | M] () -- C:\Users\Rouven\AppData\Local\Resmon.ResmonCfg
[2011.03.11 13:36:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075571968-248755595-1205296925-1001Core.job
[2011.03.11 09:16:39 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.11 09:16:39 | 000,656,040 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.03.11 09:16:39 | 000,616,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.11 09:16:39 | 000,130,640 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.03.11 09:16:39 | 000,106,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.03.11 09:01:58 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.03.09 18:10:21 | 000,004,943 | ---- | M] () -- C:\Users\Rouven\Desktop\schutzengel-neu-918344-mbhf,templateId=renderScaled,property=Bild,height=137.jpg
[2011.03.08 06:12:34 | 000,859,256 | ---- | M] () -- C:\Users\Rouven\Desktop\Unbenannt-1.jpg
[2011.03.07 17:43:13 | 001,673,074 | ---- | M] () -- C:\Users\Rouven\Desktop\Einschulung_Antje 001.JPG
[2011.03.07 17:17:09 | 002,090,989 | ---- | M] () -- C:\Users\Rouven\Desktop\Unbenannt-2.jpg
[2011.03.07 17:11:08 | 001,971,009 | ---- | M] () -- C:\Users\Rouven\Desktop\Unbenannt-3.jpg
[2011.03.07 16:50:05 | 001,905,678 | ---- | M] () -- C:\Users\Rouven\Desktop\Antje neu
[2011.03.07 16:09:22 | 000,000,845 | ---- | M] () -- C:\Users\Rouven\.recently-used.xbel
[2011.03.06 23:57:42 | 002,951,253 | ---- | M] () -- C:\Users\Rouven\Desktop\112.JPG
[2011.03.06 23:37:51 | 000,075,308 | ---- | M] () -- C:\Users\Rouven\Desktop\Download.jpg
[2011.03.06 23:36:41 | 000,316,434 | ---- | M] () -- C:\Users\Rouven\Desktop\Profilbilder.htm
[2011.03.04 22:52:34 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.04 22:51:12 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.03.03 21:41:45 | 000,052,982 | ---- | M] () -- C:\Users\Rouven\Desktop\birthday-geburtstagskarte_bunt.gif
[2011.03.03 14:43:54 | 000,001,278 | ---- | M] () -- C:\Users\Rouven\Desktop\Amazon.lnk
[2011.03.03 14:35:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011.03.03 14:28:50 | 005,765,904 | ---- | M] () -- C:\Users\Rouven\Desktop\HSS-1.57-install-anchorfree-244-ask4.exe
[2011.03.03 14:08:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.03.02 00:20:45 | 000,028,418 | ---- | M] () -- C:\Users\Rouven\Desktop\Kündigung vom 02.02.2011.pdf
[2011.03.01 21:42:19 | 000,001,340 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2011.03.01 18:02:33 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.03.01 01:20:39 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011.02.27 23:23:18 | 000,046,556 | ---- | M] () -- C:\Users\Rouven\Lebenslauf.pdf
[2011.02.27 23:19:13 | 000,906,495 | ---- | M] () -- C:\Users\Rouven\Anlagen.pdf
[2011.02.27 16:00:42 | 003,048,230 | ---- | M] () -- C:\Users\Rouven\DSCF0027.JPG
[2011.02.24 18:23:34 | 003,523,928 | ---- | M] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2011.02.24 18:23:34 | 003,523,928 | ---- | M] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[2011.02.24 17:48:51 | 000,004,151 | ---- | M] () -- C:\ProgramData\hnbdehzc.pfe
[2011.02.23 00:24:10 | 000,064,350 | ---- | M] () -- C:\Users\Rouven\Documents\Mein Film.wlmp
[2011.02.20 23:48:16 | 000,138,511 | ---- | M] () -- C:\Users\Rouven\Desktop\SchollGyO.JPG
[2011.02.20 23:15:42 | 000,511,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.19 15:03:37 | 000,051,200 | ---- | M] () -- C:\Windows\SysNative\netjoind.dll
[2011.02.19 12:38:51 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Radio.fx.LNK
[2011.02.19 07:37:10 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.02.19 07:36:49 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.02.19 06:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.02.19 06:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.02.16 23:05:44 | 000,000,924 | ---- | M] () -- C:\Windows\posteriza.INI
[2011.02.16 21:37:08 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.02.15 22:30:03 | 000,017,426 | ---- | M] () -- C:\Users\Rouven\Desktop\pic_7401585_1248978451.jpg
[2011.02.15 22:15:59 | 000,033,055 | ---- | M] () -- C:\Users\Rouven\Desktop\zupfiopnkgdd.jpg
[2011.02.15 20:09:53 | 000,001,019 | ---- | M] () -- C:\Users\Rouven\Desktop\POSTERIZA.lnk
[2011.02.15 20:09:38 | 000,768,776 | ---- | M] (e-Presencia) -- C:\Users\Rouven\Desktop\posteriza_install_v1_1_1.exe
 
========== Files Created - No Company Name ==========
 
[2011.03.14 19:22:46 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.14 17:50:33 | 000,003,013 | ---- | C] () -- C:\Users\Rouven\Desktop\HiJackThis.lnk
[2011.03.13 12:41:14 | 000,005,701 | ---- | C] () -- C:\Users\Rouven\Desktop\Anleitung.html
[2011.03.11 09:01:57 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.03.09 18:10:26 | 000,004,943 | ---- | C] () -- C:\Users\Rouven\Desktop\schutzengel-neu-918344-mbhf,templateId=renderScaled,property=Bild,height=137.jpg
[2011.03.07 17:42:19 | 001,673,074 | ---- | C] () -- C:\Users\Rouven\Desktop\Einschulung_Antje 001.JPG
[2011.03.07 17:15:31 | 002,090,989 | ---- | C] () -- C:\Users\Rouven\Desktop\Unbenannt-2.jpg
[2011.03.07 17:09:37 | 001,971,009 | ---- | C] () -- C:\Users\Rouven\Desktop\Unbenannt-3.jpg
[2011.03.07 16:51:07 | 000,859,256 | ---- | C] () -- C:\Users\Rouven\Desktop\Unbenannt-1.jpg
[2011.03.07 16:48:37 | 001,905,678 | ---- | C] () -- C:\Users\Rouven\Desktop\Antje neu
[2011.03.07 16:09:22 | 000,000,845 | ---- | C] () -- C:\Users\Rouven\.recently-used.xbel
[2011.03.07 16:07:52 | 002,947,558 | ---- | C] () -- C:\Users\Rouven\Desktop\DSCF0061.JPG
[2011.03.06 23:57:42 | 002,951,253 | ---- | C] () -- C:\Users\Rouven\Desktop\112.JPG
[2011.03.06 23:37:53 | 000,075,308 | ---- | C] () -- C:\Users\Rouven\Desktop\Download.jpg
[2011.03.06 23:36:37 | 000,316,434 | ---- | C] () -- C:\Users\Rouven\Desktop\Profilbilder.htm
[2011.03.04 22:52:34 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.04 22:51:12 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.03.04 22:50:51 | 000,002,563 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.03.03 21:41:52 | 000,052,982 | ---- | C] () -- C:\Users\Rouven\Desktop\birthday-geburtstagskarte_bunt.gif
[2011.03.03 14:43:54 | 000,001,278 | ---- | C] () -- C:\Users\Rouven\Desktop\Amazon.lnk
[2011.03.03 14:35:38 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011.03.03 14:27:34 | 005,765,904 | ---- | C] () -- C:\Users\Rouven\Desktop\HSS-1.57-install-anchorfree-244-ask4.exe
[2011.03.03 13:33:55 | 000,002,405 | ---- | C] () -- C:\Users\Rouven\Desktop\Google Chrome.lnk
[2011.03.03 13:31:33 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075571968-248755595-1205296925-1001UA.job
[2011.03.03 13:31:32 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075571968-248755595-1205296925-1001Core.job
[2011.03.03 12:46:48 | 000,007,610 | ---- | C] () -- C:\Users\Rouven\AppData\Local\Resmon.ResmonCfg
[2011.03.02 00:20:43 | 000,028,418 | ---- | C] () -- C:\Users\Rouven\Desktop\Kündigung vom 02.02.2011.pdf
[2011.03.01 21:13:29 | 000,000,521 | ---- | C] () -- C:\Users\Rouven\WIN7_x64_Pre-Activated.iso
[2011.03.01 20:48:53 | 000,001,340 | ---- | C] () -- C:\Users\Rouven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2011.03.01 18:02:33 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.03.01 18:02:33 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.02.27 23:19:58 | 000,046,556 | ---- | C] () -- C:\Users\Rouven\Lebenslauf.pdf
[2011.02.27 23:19:11 | 000,906,495 | ---- | C] () -- C:\Users\Rouven\Anlagen.pdf
[2011.02.27 16:00:54 | 003,048,230 | ---- | C] () -- C:\Users\Rouven\DSCF0027.JPG
[2011.02.24 17:48:51 | 000,004,151 | ---- | C] () -- C:\ProgramData\hnbdehzc.pfe
[2011.02.23 00:24:10 | 000,064,350 | ---- | C] () -- C:\Users\Rouven\Documents\Mein Film.wlmp
[2011.02.20 23:48:14 | 000,138,511 | ---- | C] () -- C:\Users\Rouven\Desktop\SchollGyO.JPG
[2011.02.19 21:42:57 | 732,297,216 | ---- | C] () -- C:\Users\Rouven\pl-wolfman_xvid.avi
[2011.02.19 15:03:37 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\netjoind.dll
[2011.02.19 12:38:51 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\Radio.fx.LNK
[2011.02.19 12:38:37 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2011.02.16 23:05:43 | 000,000,924 | ---- | C] () -- C:\Windows\posteriza.INI
[2011.02.16 21:37:08 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.02.15 22:30:03 | 000,017,426 | ---- | C] () -- C:\Users\Rouven\Desktop\pic_7401585_1248978451.jpg
[2011.02.15 22:15:58 | 000,033,055 | ---- | C] () -- C:\Users\Rouven\Desktop\zupfiopnkgdd.jpg
[2011.02.15 20:09:53 | 000,001,019 | ---- | C] () -- C:\Users\Rouven\Desktop\POSTERIZA.lnk
[2010.12.24 03:27:51 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.12.22 00:18:38 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2010.12.22 00:18:38 | 000,000,169 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2010.12.22 00:17:03 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2010.12.22 00:17:03 | 000,000,205 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2010.12.22 00:17:01 | 000,001,318 | ---- | C] () -- C:\Windows\cm108.ini
[2010.12.18 17:42:36 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.12.18 17:42:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.12.18 02:18:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.18 02:05:04 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010.12.18 01:46:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.11.24 00:43:55 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 00:16:42 | 001,868,944 | ---- | C] () -- C:\Windows\SysWow64\RSA32_16.DLL
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.11.11 22:52:50 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\mmSQL.dll
 
========== LOP Check ==========
 
[2010.11.23 23:59:09 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\7211FA0867870DF27ABFAE9D3DB3EC9A
[2010.11.25 14:30:02 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Acym
[2010.12.21 23:33:46 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Ashampoo
[2011.03.03 14:40:50 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\AVG10
[2010.11.24 15:21:51 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\BuddyW
[2010.12.31 02:44:55 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Byke
[2011.02.24 17:51:53 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\CocoonSoftware
[2011.02.04 14:00:26 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\DAEMON Tools Lite
[2010.12.30 15:42:52 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.25 14:20:34 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Ecroze
[2010.12.28 01:52:21 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Exfy
[2010.12.19 02:51:21 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\FileZilla
[2010.12.28 03:34:10 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\GetRightToGo
[2011.02.04 12:36:46 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\gtk-2.0
[2011.03.14 19:46:04 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\ICQ
[2010.12.19 02:23:41 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\IrfanView
[2010.12.20 23:27:35 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Jumping Bytes
[2010.12.28 01:00:09 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Kanaru
[2011.02.15 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Keseling
[2010.12.18 01:44:22 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Local
[2011.02.20 22:52:58 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\MAGIX
[2011.02.10 17:48:28 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\ManyCam
[2010.12.21 00:20:25 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\ML
[2010.12.20 23:32:15 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Mobile Master
[2010.12.28 01:52:21 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Nesuev
[2010.11.23 22:21:44 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Nvu
[2011.01.01 22:10:41 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Ohxa
[2009.12.27 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Okuz
[2010.12.28 01:52:21 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Ortu
[2011.02.20 22:55:01 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\ProtectDisc
[2011.03.13 09:35:20 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Samsung
[2011.02.19 12:39:10 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Tobit
[2010.11.24 22:09:35 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Uzyzko
[2010.11.26 20:24:04 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Wawala
[2010.12.28 00:56:46 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Xire
[2009.12.27 01:02:26 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Xuisw
[2011.01.29 15:37:02 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Zyyww
[2011.03.08 23:34:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

cosinus · 14.03.2011, 20:11

Zitat:

[2011.03.01 21:13:29 | 000,000,521 | ---- | C] () -- C:\Users\Rouven\WIN7_x64_Pre-Activated.iso

Hm, gcracktes Windows? Sry, aber hier ist Schluss, ein legales Windows ist Voraussetzung für den Bereigungssupport. Und auf die Dauer wirst du mit den "vorinstallierten" Schädlingen und Backdoors aus gecrackten Versionen eh nciht glücklich bzw. findest damit eine nachhaltige Lösung.

14.03.2011, 19:12	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	CPU ausgelastet, Lüfter läuft ständig Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html __________________ __________________

14.03.2011, 19:58	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	CPU ausgelastet, Lüfter läuft ständig Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes. __________________ Logfiles bitte immer in CODE-Tags posten

CPU ausgelastet, Lüfter läuft ständig

Log-Analyse und Auswertung: CPU ausgelastet, Lüfter läuft ständig