Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Problem mit "System Check" Critical error (https://www.trojaner-board.de/111469-problem-system-check-critical-error.html)

AlexT 14.03.2012 16:44
Problem mit "System Check" Critical error
 
Hallo,
ich habe ein Problem mit meinem Laptop. Nach dem Einschalten erscheint auf dem Bildschirm ein Fenster "System Check" und es öffnen sich viele kleine Fenster "Windows - Delayed Write Failed" das System Check fenster lässt sich nicht mehr schließen.Das Problem wurde hier schon häufiger angesprochen, doch lösen konnte ich mein Problem dadurch leider nicht. Ich habe mir OTL runter geladen und durchlaufen lassen. So sieht das Ergebnis aus. Wenn jemand dazu eine Lösung hätte, währe ich sehr froh darüber und bedanke mich schon mal im Voraus.

cosinus 14.03.2012 16:59
Ich seh da kein OTL log...

AlexT 14.03.2012 17:13
Oh, tut mir leid ich habe es wohl nicht richtig eingefügt.
Ich kopiere es mal hier rein.

Hier der OTL logOTL Logfile:
Code:
OTL logfile created on: 14.03.2012 16:17:22 - Run 3
OTL by OldTimer - Version 3.2.15.2    Folder = C:\Users\Alex\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,23 Gb Total Space | 3,61 Gb Free Space | 0,80% Space Free | Partition Type: NTFS
Drive D: | 13,24 Gb Total Space | 2,20 Gb Free Space | 16,61% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 3,23 Gb Free Space | 1,39% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\ProgramData\HhCVeBuKGhRFQ9.exe (Kuboft)
PRC - C:\ProgramData\RTGVFVaDOaRFYA.exe (Kuboft)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Users\Alex\Desktop\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe ()
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe (PCTV Systems S.à r.l.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\tuloxFreeWBE\FreeDict.exe (GEKKO Software GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\Alex\Desktop\OTL(2).exe (OldTimer Tools)
MOD - C:\Programme\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntUpdaterService) -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (DfSdkS) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe (mst software GmbH, Germany)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys File not found
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\VMM.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (Ltn_stk7070P_64) -- C:\Windows\SysNative\drivers\Ltn_stk7070P_64.sys (LITEON)
DRV:64bit: - (Ltn_stkrc_64) -- C:\Windows\SysNative\drivers\Ltn_stkrc_64.sys (LITEON)
DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=kno&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 BF D0 01 79 35 C6 4A 97 25 EC E2 C4 B0 C2 BA  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.11.30 19:46:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.19 13:55:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.05 17:52:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2012.01.17 18:38:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.17 18:38:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.02.05 17:52:40 | 000,000,000 | ---D | M]
 
[2011.11.11 20:22:18 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2010.06.10 13:24:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.12 12:43:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012.03.06 16:51:27 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\tuy5qpeo.default\extensions
[2012.01.10 10:49:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\tuy5qpeo.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.03.06 16:51:27 | 000,000,000 | -H-D | M] (WOT) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\tuy5qpeo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.02.17 11:36:59 | 000,000,000 | -H-D | M] (FoxLingo) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\tuy5qpeo.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012.02.17 11:36:39 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\tuy5qpeo.default\extensions\firefox@ghostery.com
[2011.04.12 12:43:29 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Sunbird\Profiles\ab98duh2.default\extensions
[2012.03.08 21:23:35 | 000,001,056 | -H-- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\FireFox\Profiles\tuy5qpeo.default\searchplugins\icqplugin.xml
[2011.11.11 20:35:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.04.01 18:35:57 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{7055e901-b25e-6440-24e1-78369aa97018}
[2009.12.12 23:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.13 15:57:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.19 13:55:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.05.24 12:15:34 | 000,599,424 | ---- | M] (3D RealityMaps GmbH) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprm3d.dll
[2012.02.16 10:50:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 10:50:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2012.02.16 10:50:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.09.14 13:11:28 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
[2012.02.16 10:50:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2012.02.16 10:50:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2012.02.16 10:50:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RTGVFVaDOaRFYA.exe] C:\ProgramData\RTGVFVaDOaRFYA.exe (Kuboft)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tuloxFreeWBE] C:\Program Files (x86)\tuloxFreeWBE\FreeDict.exe (GEKKO Software GmbH)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EPSON BX620FWD Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIGBU.EXE File not found
O4 - HKCU..\Run: [StrmServer.exe] C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe (PCTV Systems S.à r.l.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.225 83.169.186.161
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\dpus1132.dll) - C:\Windows\SysWow64\dpus1132.dll File not found
O20 - AppInit_DLLs: (C:\Windows\System32\davhlpr32.dll) - C:\Windows\SysWow64\davhlpr32.dll File not found
O20 - AppInit_DLLs: (C:\Windows\System32\drmmgrtn32.dll) - C:\Windows\SysWow64\drmmgrtn32.dll File not found
O20 - AppInit_DLLs: (C:\Windows\System32\chsbrkr32.dll) - C:\Windows\SysWow64\chsbrkr32.dll File not found
O20 - AppInit_DLLs: (C:\Windows\System32\DevicePairingProxy32.dll) - C:\Windows\SysWow64\DevicePairingProxy32.dll File not found
O20 - AppInit_DLLs: (C:\Windows\System32\1iwvqxa32.dll) - C:\Windows\SysWow64\1iwvqxa32.dll File not found
O20 - AppInit_DLLs: (C:\Windows\System32\2ksl212y32.dll) - C:\Windows\SysWow64\2ksl212y32.dll File not found
O20 - AppInit_DLLs: (C:\Windows\System32\69bv9tjp32.dll) - C:\Windows\SysWow64\69bv9tjp32.dll File not found
O20 - AppInit_DLLs: (C:\Windows\System32\xquobm3ho79p32.dll) - C:\Windows\SysWow64\xquobm3ho79p32.dll File not found
O20 - AppInit_DLLs: (C:\Windows\System32\d3dx9_3232.dll) - C:\Windows\SysWow64\d3dx9_3232.dll File not found
O20 - AppInit_DLLs: (C:\Windows\System32\wmnw6e32.dll) - C:\Windows\SysWow64\wmnw6e32.dll File not found
O20 - AppInit_DLLs: (C:\Windows\System32\02dspiyng32.dll) - C:\Windows\SysWow64\02dspiyng32.dll File not found
O20 - AppInit_DLLs: (C:\Windows\System32\mb15h2r3w532.dll) - C:\Windows\SysWow64\mb15h2r3w532.dll File not found
O20 - AppInit_DLLs: (C:\Windows\System32\frpqq3b6ydt6q732.dll) - C:\Windows\SysWow64\frpqq3b6ydt6q732.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.04 13:00:00 | 000,095,034 | RHS- | M] () - F:\AUTORUN.FCB -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.14 15:09:14 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL(2).exe
[2012.03.14 13:37:27 | 000,363,520 | -H-- | C] (Kuboft) -- C:\ProgramData\HhCVeBuKGhRFQ9.exe
[2012.03.14 13:33:57 | 000,460,288 | -H-- | C] (Kuboft) -- C:\ProgramData\RTGVFVaDOaRFYA.exe
[2012.03.14 10:20:23 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{3C9E1C33-F906-4164-B45B-23D3157C6A80}
[2012.03.14 09:32:06 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{EC4F6329-9CA8-48A1-A5A6-A0B04492483D}
[2012.03.14 03:09:03 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.14 03:09:02 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.14 03:09:02 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.14 01:54:11 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 01:54:10 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2012.03.14 01:53:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.14 01:53:17 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.14 01:53:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.14 01:53:02 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.14 01:53:02 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.13 18:21:05 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{4FE6D269-D218-4A31-AC6C-A21777082A9A}
[2012.03.13 18:20:53 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{800720F8-AA7C-4ED2-B351-6264D5E6B428}
[2012.03.13 09:42:24 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{EDDCFCF0-E7CA-4F7D-9AFB-DF0F50EBCA9A}
[2012.03.12 18:18:23 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{D2C517EE-AE07-4F01-BF24-23BC7373393B}
[2012.03.12 18:17:58 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{CC6EE7B2-F605-4BEB-BCC8-A1356BC2E306}
[2012.03.12 12:11:51 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{251C053B-A2DA-4025-B0DF-C269F564E2F8}
[2012.03.12 11:36:42 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{B0FD7D20-FFCC-47B8-84F5-AF0425C7F629}
[2012.03.12 09:57:55 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{EDC9ED02-63FB-450E-8666-3E6CD81911F9}
[2012.03.11 09:35:10 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{952D19A8-C712-4BBB-8A0D-722145902B80}
[2012.03.11 09:34:45 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{377FC1E3-DAB2-437A-818F-D3C767F17B88}
[2012.03.10 10:43:17 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{B16E2FDE-EDFB-4551-BF42-9A55FBF888E3}
[2012.03.10 10:43:04 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{4E4A1022-2EA1-40A5-8207-5DCA15A4FF46}
[2012.03.09 13:01:07 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{B28C8581-2943-4DD3-BBDA-374F4A1FF54E}
[2012.03.09 13:00:55 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{298E19DD-ADBF-4A57-A8CD-19D2126B03CA}
[2012.03.08 23:02:43 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{87BE9E8E-CFD4-4355-A7C2-9A3FF04A459E}
[2012.03.08 23:02:30 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{DE9F591A-CA1E-45E2-9F29-CE17A65418B0}
[2012.03.08 10:12:56 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{81AD73EF-557A-407A-80F1-FA94A46C1555}
[2012.03.08 10:12:40 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{AB37E080-0885-494D-AADE-B4A09DB906E5}
[2012.03.07 22:03:35 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{C709ADAF-8ED9-4AA2-921C-E05B69F2A6FF}
[2012.03.07 22:03:24 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{B7058FB3-5FB1-4FAC-9775-12D5C388B811}
[2012.03.07 10:02:53 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{D4AA23C6-6764-494D-9C8C-4A4DB8490D2B}
[2012.03.07 10:02:40 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{E638F16D-5C62-45BD-8413-535426C0C9D7}
[2012.03.06 21:52:21 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{75FD580F-8CF3-4924-AA6F-DD290ABD094F}
[2012.03.06 21:52:09 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{91CB82D7-C4BA-44E2-89BB-32FECF0E638D}
[2012.03.06 18:27:50 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{697D15C3-BD73-44F0-9381-41318FCAB486}
[2012.03.06 16:50:40 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{279F237B-C3A7-49BF-9A6F-020ED7367DF5}
[2012.03.06 16:50:28 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{C84718F8-67AB-40DD-AD4F-B2193B43EC20}
[2012.03.06 03:11:18 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{984FF938-9E11-4A35-9764-D77DE406B00F}
[2012.03.05 11:07:02 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{527D9C7B-1F6A-42E5-993F-6403CBE4AE2A}
[2012.03.05 11:06:43 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{5B046786-1FD3-4FEF-BE39-8DFB75A7D02C}
[2012.03.04 13:38:17 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{4492C816-5F40-4687-A35D-B037EC45C6FD}
[2012.03.04 13:37:56 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{D699F290-E446-4006-9D8D-993C901EC7B5}
[2012.03.03 01:54:47 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{C37D88AF-7809-4898-BA48-B9E2E262EC7C}
[2012.03.02 13:52:01 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{55A87741-70EC-4557-B213-6960747E2E7C}
[2012.03.02 13:51:49 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{20BA59EB-D707-47D8-96A3-D0539BD81CD4}
[2012.03.01 20:56:33 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{DF9F0A18-3EF7-47B1-88AA-CC8A76D5EC83}
[2012.03.01 20:56:21 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{75244837-0655-4AA8-900F-9EF320661ED6}
[2012.02.29 22:43:53 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{FB19BA16-48D0-4C7A-A9DF-242F8B6DD2DB}
[2012.02.29 22:43:40 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{4C9EF1AD-C559-4A02-B16B-C5B29925D112}
[2012.02.29 10:51:53 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{6E69C371-1D75-421E-A7B5-303ACA8FA581}
[2012.02.28 16:04:34 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{8CA48A6D-7B70-4B04-98C3-13977FB70900}
[2012.02.28 16:04:22 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{CCC7350E-8071-431E-BCDA-16EA5269F0EB}
[2012.02.27 19:47:02 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{294A2046-6AF8-4B49-A6D6-304C983B302F}
[2012.02.27 19:46:49 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{55178E36-6B4C-43F7-994B-EC11AF9B7D94}
[2012.02.27 01:59:17 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{47C312D8-90DF-432D-92B2-ADFFCFAD229A}
[2012.02.27 01:59:04 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{507BCD00-37AF-4F47-9F4F-FA4CA276E1AA}
[2012.02.26 23:34:52 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{1E6C8342-EB00-467B-99E9-EC286533456C}
[2012.02.26 23:34:39 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{69AFD8D0-CDC1-4EAD-9869-0E3B3E0FAA97}
[2012.02.26 03:39:54 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{C42F3C20-B837-40A8-9680-2E2A4DAD5717}
[2012.02.26 03:39:41 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{763CE5F5-9544-4E29-AA95-FCB13D6B5CEB}
[2012.02.25 19:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2012.02.25 08:33:20 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{3565CD2C-DF15-4E94-A971-26B9782AAEDE}
[2012.02.25 08:33:08 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{9FE869B5-4FA1-47A3-98C8-2CB318CDDC6B}
[2012.02.24 14:54:57 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{7B78EECD-38B8-41CE-BD91-7C8E8DD9F5B5}
[2012.02.24 14:54:45 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{A4D68D81-D42C-4AD4-998A-D756B0F80EF2}
[2012.02.23 23:09:16 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{BEB78B7F-E2DC-4C92-842E-C62B7898A7C7}
[2012.02.23 23:09:05 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{E18E98A8-385F-47F3-BB68-1A4F9E9EB995}
[2012.02.23 08:39:02 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{4DD3D438-D7C2-4F8C-A5D4-49AAB5F9ABA8}
[2012.02.23 08:38:34 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{4457D844-9F65-40DE-92E5-9CBE16FACE31}
[2012.02.23 07:33:29 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{3C102571-ED34-4B30-ADD3-3368DD34E127}
[2012.02.22 18:09:49 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{8A97BD3C-17B7-4AA2-B1C8-06BEDD8553FB}
[2012.02.22 18:09:35 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{A4195508-A099-4ADF-91A8-7A769E1672F1}
[2012.02.22 06:09:06 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{69A2F845-B570-44E0-BEF2-CA22A29781F2}
[2012.02.22 06:08:54 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{68497DDB-C2F3-4D04-A053-8493E81D9098}
[2012.02.21 20:58:50 | 000,000,000 | -H-D | C] -- C:\Users\Alex\Documents\user
[2012.02.21 20:47:47 | 000,000,000 | -H-D | C] -- C:\Users\Alex\Documents\rattleCAD
[2012.02.21 20:45:30 | 000,000,000 | -H-D | C] -- C:\Users\Alex\Desktop\Rattel CAD
[2012.02.21 10:54:08 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{E38A4F32-F98A-465C-B7B3-151BC2796E16}
[2012.02.21 10:53:52 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{D72D08D6-015E-41C5-A66B-1AE2ACBD8C3D}
[2012.02.20 22:53:23 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{745FDDA5-0E76-4A60-9849-47877802BE18}
[2012.02.20 22:53:11 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{CA58E0CC-1070-43A0-93A5-30A4AE189167}
[2012.02.20 10:52:29 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{2A3D626E-F91C-40AC-A918-10DB49E1C60A}
[2012.02.20 10:52:10 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{10D7ABC4-BD52-47E3-A994-5F382F3C02BC}
[2012.02.19 19:30:07 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{1411B180-D74E-4DB1-A505-747D5DE5881B}
[2012.02.19 19:29:54 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{FA857317-4F77-4B19-A108-0A1D8F0A2CAB}
[2012.02.19 07:29:19 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{EB647F60-2A8C-438D-93DD-5A32F2034E9B}
[2012.02.19 07:28:59 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{969B1DC8-8305-40C0-BD68-8933D4F0B9AB}
[2012.02.18 18:13:33 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{E2E9D6DF-FD7C-45B8-AD5B-4D2F2819EEE4}
[2012.02.18 18:13:19 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{BC24A98C-F573-4DA9-A5B1-3FAA47A5A2FB}
[2012.02.18 06:12:48 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{A7923EFE-A2B6-4A71-A252-EB413642824D}
[2012.02.18 06:12:36 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{EFD06636-BD25-4204-8D17-66DBF163E81A}
[2012.02.17 12:10:14 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{800A0E28-7753-468C-A591-3AC3EE6ED96E}
[2012.02.17 12:10:00 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{7BD2BB6F-9C3E-4E71-ABB1-B6EE199B684D}
[2012.02.17 10:23:10 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.17 10:23:09 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.17 10:23:08 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.17 10:23:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.17 10:23:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.17 10:23:07 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012.02.17 10:23:07 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.17 10:23:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.17 10:23:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.17 10:23:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.17 10:23:06 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.17 10:23:06 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.16 17:57:57 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{D4684E96-5F25-4AF4-9B68-B56A998E307C}
[2012.02.16 17:57:45 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{66CF2B11-C779-41EE-8D56-4DDDBCA0BAA1}
[2012.02.16 17:54:14 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{04240444-EED3-4481-8F4E-5BF6C008FCCA}
[2012.02.16 17:54:02 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{50B3F0F8-4C97-4D06-8CC2-09BEE9A5F0F7}
[2012.02.16 08:47:36 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.02.16 08:47:25 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.02.16 08:47:25 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.16 08:46:09 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.15 10:20:34 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{2CF909F3-09D5-4930-800C-404DAC1B492C}
[2012.02.15 10:20:17 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{5A3C3B6E-C0D6-4D41-A0E3-A394B8AC28A5}
[2012.02.14 13:53:09 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{77C6335F-04C3-4E0D-8652-47F928AE8D97}
[2012.02.14 13:52:57 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{7FDABFA5-EFD4-40FB-A072-1ED8BC1C901B}
[2012.02.13 23:06:47 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{15B0AAB5-CA86-45A3-9C9F-A38E6D3905D7}
[2012.02.13 23:06:34 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{484D0FAC-269B-4CF5-9733-20E7756B4077}
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.14 16:00:36 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.14 16:00:36 | 000,656,102 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.14 16:00:36 | 000,616,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.14 16:00:36 | 000,130,982 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.14 16:00:36 | 000,107,322 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.14 15:45:25 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.14 15:45:25 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.14 15:39:15 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.14 15:34:06 | 000,000,349 | -H-- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.03.14 15:33:29 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.14 15:33:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.14 15:33:00 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.14 13:49:41 | 000,002,052 | -H-- | M] () -- C:\Users\Alex\Desktop\Avira Free Antivirus Profil Lokale Festplatten.LNK
[2012.03.14 13:39:28 | 000,000,464 | -H-- | M] () -- C:\ProgramData\HhCVeBuKGhRFQ9
[2012.03.14 13:38:21 | 000,000,653 | -H-- | M] () -- C:\Users\Alex\Desktop\System Check.lnk
[2012.03.14 13:37:27 | 000,363,520 | -H-- | M] (Kuboft) -- C:\ProgramData\HhCVeBuKGhRFQ9.exe
[2012.03.14 13:30:03 | 000,460,288 | -H-- | M] (Kuboft) -- C:\ProgramData\RTGVFVaDOaRFYA.exe
[2012.03.14 03:29:43 | 000,442,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.13 17:57:56 | 000,037,026 | -H-- | M] () -- C:\Users\Alex\Documents\cc_20120313_175749.reg
[2012.02.20 22:27:59 | 000,085,212 | -H-- | M] () -- C:\Users\Alex\.linkassistant.properties
[2012.02.17 07:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.02.17 06:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.02.16 11:13:46 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.14 13:49:41 | 000,002,052 | -H-- | C] () -- C:\Users\Alex\Desktop\Avira Free Antivirus Profil Lokale Festplatten.LNK
[2012.03.14 13:38:21 | 000,000,653 | -H-- | C] () -- C:\Users\Alex\Desktop\System Check.lnk
[2012.03.14 13:38:15 | 000,000,464 | -H-- | C] () -- C:\ProgramData\HhCVeBuKGhRFQ9
[2012.03.13 17:57:53 | 000,037,026 | -H-- | C] () -- C:\Users\Alex\Documents\cc_20120313_175749.reg
[2011.10.28 19:06:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\realbap1.dll
[2011.10.12 10:29:07 | 000,003,894 | -H-- | C] () -- C:\Users\Alex\AppData\Roaming\DA-FormMakertemp.htm
[2011.07.24 23:49:52 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.24 11:19:20 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
[2011.07.12 14:25:00 | 000,000,000 | -H-- | C] () -- C:\Users\Alex\AppData\Local\{2022DA5E-09FC-477E-9D02-60B70FEA30F8}
[2011.07.03 06:00:51 | 000,007,605 | -H-- | C] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2011.06.18 12:09:15 | 000,000,000 | -H-- | C] () -- C:\Users\Alex\AppData\Roaming\wklnhst.dat
[2011.06.12 14:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010.09.15 16:08:14 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.09.15 16:07:55 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.09.05 12:51:36 | 000,061,551 | -H-- | C] () -- C:\Users\Alex\AppData\Roaming\Alex3SQLite3.dll
[2010.07.22 22:52:58 | 000,002,181 | ---- | C] () -- C:\Windows\Helicon Debug Window.ini
[2010.06.14 21:10:24 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2010.03.24 21:40:26 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.02.26 22:55:05 | 000,000,032 | ---- | C] () -- C:\Windows\wininit.ini
[2010.02.09 14:01:31 | 000,090,984 | -H-- | C] () -- C:\Users\Alex\AppData\Local\pixeldbg.txt
[2010.02.09 14:01:31 | 000,037,891 | -H-- | C] () -- C:\Users\Alex\AppData\Local\pixeldbg.txt.old
[2009.12.04 14:26:33 | 000,112,128 | -H-- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.04 11:57:54 | 000,000,017 | -H-- | C] () -- C:\Users\Alex\AppData\Local\19720201.dat
[2009.12.04 11:57:50 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2009.12.03 15:00:48 | 000,000,000 | -H-- | C] () -- C:\Users\Alex\AppData\Local\QSwitch.txt
[2009.12.03 15:00:48 | 000,000,000 | -H-- | C] () -- C:\Users\Alex\AppData\Local\DSwitch.txt
[2009.12.03 15:00:47 | 000,000,000 | -H-- | C] () -- C:\Users\Alex\AppData\Local\AtStart.txt
[2009.12.03 15:00:46 | 000,000,187 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009.11.05 01:04:35 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009.11.05 01:04:25 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009.11.05 01:04:07 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009.11.05 01:03:43 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009.11.05 01:03:01 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009.08.25 19:51:12 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009.08.25 19:47:24 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009.08.25 19:45:45 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009.08.25 19:45:01 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009.07.15 16:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.08.23 17:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005.04.08 03:16:43 | 000,553,115 | -H-- | C] () -- C:\Users\Alex\AppData\Roaming\Alexlog.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF
@Alternate Data Stream - 400 bytes -> C:\Users\Alex\AppData\Local\desktop.ini:bf5af20ce7a419b1178ece347eddc338
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E8BE05FA
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:C59E90A4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:63238B95

< End of report >
--- --- ---

cosinus 14.03.2012 18:24
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

AlexT 14.03.2012 21:00
Leider geht ESTE bei mir nicht, online ist da wenig zu machen. Malwarebytes habe ich durchlaufen lassen. Ich wollte schon damit die Wartung durchführen, ging aber nicht weil mal wieder vorher die böse Software alles abgeschaltet hat.Hier das, was Malwarebytes ausgelesen hat. Hoffentlich geht es damit auch.

Malwarebytes Anti-Malware (Test) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.01.13.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Alex :: ALEX-PC [Administrator]

Schutz: Deaktiviert

14.03.2012 18:50:25
mbam-log-2012-03-14 (20-18-43).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 515262
Laufzeit: 1 Stunde(n), 24 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{6d5ae610-803a-e578-8b93-ee9ce23be350} (Adware.Dymanet) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\29f29498-d73f-c344-7128-eec544232286 (Adware.Adrotator) -> Keine Aktion durchgeführt.
HKCU\Software\SuperiorBrandingSystem (Adware.PlayMP3z) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SuperiorBrandingSystem (Adware.PlayMP3z) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\SuperiorBrandingSystem (Adware.PlayMP3z) -> Keine Aktion durchgeführt.

Infizierte Dateien: 8
C:\Program Files (x86)\Fugawi\Fugawi\Fugawi45.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\GlobalSCAPE\CuteFTP Professional\cuteftp6final.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Users\Alex\Desktop\Desktop Verknüpfungen\utmp\u1003.exe (Malware.Gen) -> Keine Aktion durchgeführt.
C:\Users\Alex\Documents\Webseid Vorlagen\Allink\cuteftp6final.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Windows\System32\29f29498-d73f-c344-7128-eec544232286.exe (Adware.Adrotator) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\29f29498-d73f-c344-7128-eec544232286.exe (Adware.Adrotator) -> Keine Aktion durchgeführt.
C:\Users\Alex\Favorites\_favdata.dat (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SuperiorBrandingSystem\uninstall.exe (Adware.PlayMP3z) -> Keine Aktion durchgeführt.

(Ende)

cosinus 14.03.2012 21:58
Dass ESET bei dir nicht geht hat nun keine Relevanz mehr denn:

Zitat:
C:\Program Files (x86)\GlobalSCAPE\CuteFTP Professional\cuteftp6final.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Users\Alex\Documents\Webseid Vorlagen\Allink\cuteftp6final.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
RiskTool = Crack/Keygen :pfui:

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

AlexT 14.03.2012 23:00
Kann ich jetzt nicht ganz verstehen, ich habe eigentlich nur freie Programme und keine gecrackten Programme. Da bin ich jetzt echt erstaunt. Aber trotzdem danke für deine schnelle Hilfe.

cosinus 14.03.2012 23:10
Ja, sieht man ja im Log, dass du eben nicht ausschließlich legales Zeug drauf hast :pfeiff:

AlexT 16.03.2012 12:17
Editieren
So ich habe deinen Rat befolgt und den rechender neu installiert, jetzt ist zumindest auch der ganze Datenmüll weg. Habe ich mir wohl zu wenig Gedanken gemacht, als ich den übernommen habe. Wenn ich gewusst hätte das, da was drauf ist, was da nicht sein darf, hätte ich ganz bestimmt nicht die log hochgeladen. Nun ist das Ding in den Urzustand zurück da bin ich eigentlich ganz froh drüber, bis auf eins. Ich hatte da schon einiges drauf gespeichert auf das ich keinen Zugriff mehr hatte, als das Schadprogramm drauf war. Ist durch das Formatieren natürlich weg, was sehr schade ist denn die Sachen konnte ich nicht mehr sichern. Wichtige Textdokumente und Bilder, die ich benötige. Gibt es eine Möglichkeit diese wieder herzustellen? Und ist dieses Schadprogramm den jetzt auch wirklich gelöscht nach dem Neuaufsetzen?

cosinus 16.03.2012 17:00
Ja die Dokumente hättest du VORHER sichern müssen!
Die werden jetzt mit ziemlicher Sicherheit weg sein, da du 1. formatiert und zweitens durch die Windows-Neuinstallation neue Dateien raufkopiert hast, das hat mit hoher Wahrscheinlichkeit die Bereiche überschrieben, wo deine Dokumente lagen. Wenn dem so ist, ist eine Wiederherstellung unmöglich.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131