Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   50€ Virus scheinbar beseitigt, Malwarebytes Anti Malware (Keine Rückmeldung) (https://www.trojaner-board.de/110989-50-virus-scheinbar-beseitigt-malwarebytes-anti-malware-keine-rueckmeldung.html)

Sebi91 06.03.2012 03:04
50€ Virus scheinbar beseitigt, Malwarebytes Anti Malware (Keine Rückmeldung)
 
Hallo liebe Helfer,

ich habe einen dieser 50€ Viren (gehabt!?), es war keiner von den dort aufgelisteten: hxxp://bka-trojaner.de/
Vermutlich eine neuere Version. Ich habe von der Kaspersky Rescue Disk gebootet, Updates gezogen und durchlaufen lassen.
hxxp://support.kaspersky.com/de/viruses/rescuedisk
Danach startete mein PC wieder normal, sicher bin ich mir aber dennoch nicht.

Nun wollte ich Malwarebytes Anti Malware durchlaufen lassen, dies schmiert aber nach einigen Sekunden ab :/.

Nun habe ich hier etwas gelesen und mal guter Hoffnung diese Anleitung schon befolgt:

OTL
Lade Dir OTL von Oldtimer herunter (hxxp://oldtimer.geekstogo.com/OTL.exe) und speichere es auf Deinem Desktop
Doppelklick auf die OTL.exe
Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
Poste die Logfiles hier in den Thread

Logs sind im Anhang. EDIT OTl.Txt ist zu groß, ich darf sie nicht hochladen.

OTL Logfile:
Code:
OTL logfile created on: 06.03.2012 02:48:09 - Run 1
OTL by OldTimer - Version 3.2.35.1    Folder = C:\Users\Sebastian\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,75 Gb Total Physical Memory | 5,42 Gb Available Physical Memory | 70,00% Memory free
15,49 Gb Paging File | 12,66 Gb Available in Paging File | 81,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 782,66 Gb Free Space | 84,03% Space Free | Partition Type: NTFS
Drive M: | 833,85 Gb Total Space | 287,48 Gb Free Space | 34,48% Space Free | Partition Type: NTFS
Drive Q: | 829,92 Gb Total Space | 441,63 Gb Free Space | 53,21% Space Free | Partition Type: NTFS
Drive W: | 833,85 Gb Total Space | 287,48 Gb Free Space | 34,48% Space Free | Partition Type: NTFS
 
Computer Name: SEBASTIANS-PC | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Miranda IM\miranda32.exe ( )
PRC - C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x86\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-8.12.071\Applets\x86\LCDYT.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-8.12.071\Applets\x86\LCDMovieViewer.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-8.12.071\Applets\x86\LCDWebCam.exe (Logitech Inc.)
PRC - Q:\Steam\Steam.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mumble\mumble.exe (Thorvald Natvig)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Miranda IM\zlib.dll ()
MOD - C:\Program Files (x86)\Miranda IM\Plugins\ICQ.dll ()
MOD - C:\Program Files (x86)\Miranda IM\Plugins\dbx_mmap.dll ()
MOD - C:\Program Files (x86)\Miranda IM\Plugins\clist_classic.dll ()
MOD - C:\Program Files (x86)\Miranda IM\Plugins\Aim.dll ()
MOD - C:\Program Files (x86)\Miranda IM\Plugins\IRC.dll ()
MOD - Q:\Steam\bin\libcef.dll ()
MOD - Q:\Steam\bin\chromehtml.dll ()
MOD - Q:\Steam\bin\avutil-50.dll ()
MOD - Q:\Steam\bin\avformat-52.dll ()
MOD - Q:\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\tf2.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\wow.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\bf3.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\bfbc2.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\css.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\lotro.dll ()
MOD - C:\Program Files (x86)\Miranda IM\Plugins\ICQORI_von_30.01.2012.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\bf2.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\gtaiv.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\dys.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\etqw.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\l4d2.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\insurgency.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\dods.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\l4d.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\manual.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\hl2dm.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\wolfet.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\ut3.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\ut2004.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\gmod.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\sto.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\link.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\borderlands.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\cod4.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\cs.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\codmw2so.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\codmw2.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\bfheroes.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\aoc.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\cod5.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\cod2.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\bf2142.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\bf1942.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\arma2.dll ()
MOD - C:\Program Files (x86)\Mumble\plugins\breach.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Mumble\speex.dll ()
MOD - C:\Program Files (x86)\Mumble\mumble_ol.dll ()
MOD - C:\Program Files (x86)\Mumble\celt0.0.7.0.sse2.dll ()
MOD - C:\Program Files (x86)\Mumble\celt0.0.11.0.sse2.dll ()
MOD - C:\Program Files (x86)\Mumble\libprotobuf.dll ()
MOD - C:\Program Files (x86)\Mumble\QtPlugins\iconengines\qsvgicon4.dll ()
MOD - C:\Program Files (x86)\Mumble\QtPlugins\imageformats\qtiff4.dll ()
MOD - C:\Program Files (x86)\Mumble\QtPlugins\imageformats\qsvg4.dll ()
MOD - C:\Program Files (x86)\Mumble\QtPlugins\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Mumble\QtPlugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Mumble\QtPlugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Mumble\QtPlugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Mumble\QtGui4.dll ()
MOD - C:\Program Files (x86)\Mumble\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Mumble\QtSvg4.dll ()
MOD - C:\Program Files (x86)\Mumble\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Mumble\QtSql4.dll ()
MOD - C:\Program Files (x86)\Mumble\QtXml4.dll ()
MOD - C:\Program Files (x86)\Mumble\QtCore4.dll ()
MOD - C:\Program Files (x86)\Mumble\libsndfile-1.dll ()
MOD - C:\Program Files (x86)\Mumble\libmysql.dll ()
MOD - C:\Program Files (x86)\Miranda IM\Plugins\quicksearch.dll ()
MOD - C:\Program Files (x86)\Miranda IM\Plugins\otr.dll ()
MOD - C:\Program Files (x86)\Mumble\zlib1.dll ()
MOD - C:\Program Files (x86)\Miranda IM\Plugins\ICQORI.dll ()
MOD - C:\Windows\DAODx.exe ()
MOD - C:\Program Files (x86)\Miranda IM\Plugins\spamfilter.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys (Advanced Micro Devices)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (XPAD) -- C:\Windows\SysNative\drivers\xpad.sys (Beijing WiseGrup.,Ltd (gamepad.yeah.net))
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\Razerlow.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 79 45 16 98 7C CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2DBCA1CC-8E75-4D03-9C0D-983F1B3479D2}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: Q:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: Q:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.05 10:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.26 19:40:46 | 000,000,000 | ---D | M]
 
[2011.04.04 12:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions
[2011.04.04 12:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.22 12:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\4hrp65yw.default\extensions
[2011.04.08 11:09:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\4hrp65yw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.09 22:24:11 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\4hrp65yw.default\extensions\firesheep@codebutler.com
[2012.02.05 10:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.11.06 23:21:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.05 10:41:27 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.05 10:41:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.05 10:41:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.05 10:41:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.05 10:41:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.05 10:41:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.05 10:41:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] Q:\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - Q:\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FAED5F7-CDA8-4086-920D-09E3DAB1A9A7}: DhcpNameServer = 192.168.0.250
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0a2e1c01-3da9-11e0-b9b9-20cf306ee1a4}\Shell - "" = AutoRun
O33 - MountPoints2\{0a2e1c01-3da9-11e0-b9b9-20cf306ee1a4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{24560b57-7a79-11e0-b30d-20cf306ee1a4}\Shell - "" = AutoRun
O33 - MountPoints2\{24560b57-7a79-11e0-b30d-20cf306ee1a4}\Shell\AutoRun\command - "" = E:\DTLplus_Launcher.exe
O33 - MountPoints2\{4f8d76c4-0d0f-11e0-a73c-20cf306ee1a4}\Shell - "" = AutoRun
O33 - MountPoints2\{4f8d76c4-0d0f-11e0-a73c-20cf306ee1a4}\Shell\AutoRun\command - "" = G:\AutoPlay.exe -auto
O33 - MountPoints2\{5e930f8c-6776-11e0-a2da-20cf306ee1a4}\Shell - "" = AutoRun
O33 - MountPoints2\{5e930f8c-6776-11e0-a2da-20cf306ee1a4}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5e930f9b-6776-11e0-a2da-20cf306ee1a4}\Shell - "" = AutoRun
O33 - MountPoints2\{5e930f9b-6776-11e0-a2da-20cf306ee1a4}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.06 02:37:04 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2012.03.05 23:31:06 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Malwarebytes
[2012.03.05 23:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.05 23:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.05 23:30:59 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.05 23:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.05 23:18:54 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.03.05 23:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.03.05 23:10:26 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\21 Geb
[2012.02.29 17:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012.02.29 17:15:25 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\DVDVideoSoft
[2012.02.29 14:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.02.29 14:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.02.26 23:11:47 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\RotMG.Production
[2012.02.24 02:10:45 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delta
[2012.02.24 02:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delta
[2012.02.24 02:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2012.02.24 02:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epsxe170
[2012.02.24 00:58:33 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\AdobeUM
[2012.02.24 00:54:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.02.24 00:54:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2012.02.16 21:01:40 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.16 21:01:40 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.16 21:01:39 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.16 21:01:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.16 21:01:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.16 21:01:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.16 21:01:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.16 21:01:38 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.16 21:01:38 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.16 21:01:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.16 21:01:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.16 13:31:40 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.02.16 13:31:39 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.02.16 13:31:39 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.16 13:31:34 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.14 02:50:38 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\Neuer Ordner (2)
[2012.02.12 18:44:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.02.12 18:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.02.12 18:43:53 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.02.12 18:43:53 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2012.02.12 18:43:53 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.02.12 18:43:53 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.02.12 18:43:53 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.02.12 18:43:53 | 000,177,088 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2012.02.12 18:43:53 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.02.12 18:43:53 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2012.02.12 18:43:53 | 000,065,432 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2012.02.12 18:43:52 | 002,615,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012.02.12 18:43:52 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012.02.12 18:43:52 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012.02.12 18:43:52 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012.02.12 18:43:52 | 000,219,752 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2012.02.12 18:43:52 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012.02.12 18:43:52 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012.02.12 18:43:52 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.02.12 18:43:51 | 003,744,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012.02.12 18:43:51 | 002,684,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2012.02.12 18:43:51 | 001,969,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012.02.12 18:43:51 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012.02.12 18:43:51 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.02.12 18:43:51 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.02.12 18:43:51 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.02.12 18:43:51 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.02.12 18:43:51 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012.02.12 18:43:51 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.02.12 18:43:51 | 000,100,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2012.02.12 18:43:51 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.02.12 18:43:51 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2012.02.12 18:43:50 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012.02.12 18:43:50 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012.02.12 18:43:50 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.02.12 18:43:50 | 000,702,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek2.dll
[2012.02.12 18:43:50 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012.02.12 18:43:50 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012.02.12 18:43:50 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.02.12 18:43:50 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.02.12 18:43:50 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.02.12 18:43:50 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012.02.12 18:43:50 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012.02.12 18:43:50 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012.02.12 18:43:48 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.02.12 18:43:48 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.02.12 18:43:48 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.02.12 18:43:48 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.02.12 18:43:48 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.02.12 18:43:48 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.02.12 18:43:48 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.02.12 18:43:48 | 000,527,872 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012.02.12 18:43:48 | 000,515,584 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012.02.12 18:43:48 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.02.12 18:43:48 | 000,439,808 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012.02.12 18:43:48 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.02.12 18:43:48 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.02.12 18:43:48 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.02.12 18:43:48 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.02.12 18:43:48 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.02.12 18:43:48 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012.02.12 18:43:48 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012.02.12 18:43:44 | 001,698,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012.02.06 18:53:52 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\Neuer Ordner
[9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.06 02:37:06 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2012.03.05 23:31:02 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.05 23:14:27 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.05 23:14:27 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.05 23:09:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.05 23:09:10 | 1944,723,455 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.29 16:28:23 | 003,611,954 | ---- | M] () -- C:\Users\Sebastian\Desktop\TI_Lösungen_1-5.zip
[2012.02.28 19:31:36 | 000,002,765 | ---- | M] () -- C:\Users\Sebastian\.recently-used.xbel
[2012.02.28 15:18:12 | 000,001,034 | ---- | M] () -- C:\Users\Sebastian\Desktop\Dropbox.lnk
[2012.02.28 15:18:12 | 000,001,014 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.28 15:17:15 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.02.28 03:43:08 | 000,073,583 | ---- | M] () -- C:\Windows\SysNative\features_gray.cff
[2012.02.28 03:43:08 | 000,015,255 | ---- | M] () -- C:\Windows\SysNative\features_polyakov.cff
[2012.02.28 03:43:08 | 000,013,897 | ---- | M] () -- C:\Windows\SysNative\xr_elements.xre
[2012.02.25 16:22:50 | 001,845,704 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.25 16:22:50 | 000,777,380 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.25 16:22:50 | 000,732,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.25 16:22:50 | 000,180,184 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.25 16:22:50 | 000,152,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.24 14:42:26 | 000,463,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.24 00:55:04 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2012.02.19 23:43:40 | 000,022,101 | ---- | M] () -- C:\Users\Sebastian\Desktop\Java.odt
[2012.02.19 23:37:29 | 000,000,036 | ---- | M] () -- C:\Users\Sebastian\.org.eclipse.epp.usagedata.recording.userId
[2012.02.14 02:45:13 | 000,002,082 | -H-- | M] () -- C:\Users\Sebastian\Documents\Default.rdp
[2012.02.13 22:51:07 | 001,109,096 | ---- | M] () -- C:\Users\Sebastian\Desktop\DS_Tut_012.pdf
[2012.02.06 22:45:11 | 000,024,938 | ---- | M] () -- C:\Users\Sebastian\Desktop\Tauglichkeitsuntersuchung fr Fallschirmspringer 07-2003.pdf
[2012.02.06 22:45:02 | 000,005,691 | ---- | M] () -- C:\Users\Sebastian\Desktop\Tauglichkeitsattest 07-2003.pdf
[9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.05 23:31:02 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.29 17:40:42 | 000,000,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.02.29 16:28:13 | 003,611,954 | ---- | C] () -- C:\Users\Sebastian\Desktop\TI_Lösungen_1-5.zip
[2012.02.28 19:31:36 | 000,002,765 | ---- | C] () -- C:\Users\Sebastian\.recently-used.xbel
[2012.02.27 21:42:19 | 000,073,583 | ---- | C] () -- C:\Windows\SysNative\features_gray.cff
[2012.02.27 21:42:19 | 000,015,255 | ---- | C] () -- C:\Windows\SysNative\features_polyakov.cff
[2012.02.27 21:42:19 | 000,013,897 | ---- | C] () -- C:\Windows\SysNative\xr_elements.xre
[2012.02.24 00:55:04 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2012.02.24 00:55:04 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0.lnk
[2012.02.24 00:55:04 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2012.02.24 00:55:04 | 000,002,447 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
[2012.02.19 23:37:29 | 000,000,036 | ---- | C] () -- C:\Users\Sebastian\.org.eclipse.epp.usagedata.recording.userId
[2012.02.18 21:12:11 | 000,022,101 | ---- | C] () -- C:\Users\Sebastian\Desktop\Java.odt
[2012.02.13 22:51:05 | 001,109,096 | ---- | C] () -- C:\Users\Sebastian\Desktop\DS_Tut_012.pdf
[2012.02.12 18:43:51 | 000,200,468 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.02.06 22:45:11 | 000,024,938 | ---- | C] () -- C:\Users\Sebastian\Desktop\Tauglichkeitsuntersuchung fr Fallschirmspringer 07-2003.pdf
[2012.02.06 22:45:02 | 000,005,691 | ---- | C] () -- C:\Users\Sebastian\Desktop\Tauglichkeitsattest 07-2003.pdf
[2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.11.25 20:18:13 | 000,000,600 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\PUTTY.RND
[2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.09 17:16:32 | 000,174,908 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.11.03 01:55:18 | 000,002,024 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.27 23:56:43 | 000,000,097 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\fusioncache.dat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.16 15:34:11 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.04.15 15:33:48 | 000,062,356 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.04.07 19:30:33 | 000,007,650 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg
[2011.03.19 01:43:31 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.02.21 23:24:41 | 000,004,608 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.17 17:24:22 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.01.04 22:29:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.30 15:40:48 | 000,000,265 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\burnaware.ini
[2010.12.21 14:41:43 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.12.21 14:41:41 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.12.21 14:41:41 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.12.21 12:20:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.21 11:48:40 | 001,820,170 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.21 10:58:43 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.12.21 10:58:41 | 000,000,660 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

< End of report >
--- --- ---


Mit freundlichen Grüßen,

Sebi

cosinus 07.03.2012 13:56
Zitat:
Nun wollte ich Malwarebytes Anti Malware durchlaufen lassen, dies schmiert aber nach einigen Sekunden ab :/.
Auch im abgesicherten Modus mit Netzwerktreibern?
Hast du die Logs von Kaspersky noch?

Sebi91 07.03.2012 18:30
Im Abgesicherten Modus mit Netzwerktreibern hat es funktioniert! Danke.

Logfile ist im Anhang!:daumenhoc


Kapsersky Logfile habe ich leider nicht gespeichert. :stirn:

Mit freundlichen Grüßen,

Sebi

cosinus 07.03.2012 22:37
Zitat:
C:\Users\Sebastian\AppData\Local\Temp\XPKey.exe (Trojan.Downloader)
Wie wärs mal mit ner nicht raubkopierten Windows-Edition? :balla:

:pfui:

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

Sebi91 07.03.2012 23:10
Meine Windowsversion ist ein Import aus den US und A und nicht illegal. (Zudem W7)
Ich muss gesehen, ich habe für Tests in einer Virtuellen Maschine eine XP Version die ich nurnoch als Image (von einer OriginalCD) ohne Key habe, einen Key gesucht.

Danke trotzdem für die bisherige Bereitschaft zur Untrestützung
und entschuldige mich hiermit bei Ihnen.

Mit freundlichen Grüßen,

Sebi

cosinus 07.03.2012 23:38
Man muss sich nicht wundern, wenn man sich die Finger verbrennt, wenn man mit solch heißen/illegalen Sachen herumspielt. :pfui:


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131