Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner auf Win7 :-( (https://www.trojaner-board.de/120364-gvu-trojaner-win7.html)

scriptlivver 25.07.2012 13:18
GVU Trojaner auf Win7 :-(
 
Hallo zusammen,

auch mich hats mit dem neuen GVU Trojaner erwischt.
Wie bekomme ich das Ding am schnellsten weg? Windows Unblocker & CO. bringen nichts. Sobald ich das LAN Kabel verbinde, wars das.

Danke und Grüße

script

OTL Log:

Code:
OTL logfile created on: 25.07.2012 13:48:25 - Run 2
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\Max\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,84% Memory free
6,00 Gb Paging File | 4,64 Gb Available in Paging File | 77,46% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 79,14 Gb Free Space | 26,56% Space Free | Partition Type: NTFS
Drive D: | 470,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SG | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.24 14:56:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.06.27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.12.08 21:42:00 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.11.11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.11.11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.09.23 18:07:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.09.23 18:00:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.23 12:07:43 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.09.23 11:37:31 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.09.23 11:35:15 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2011.09.16 02:33:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011.08.01 15:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.07 15:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- C:\Programme\VirtualCloneDrive\VCDDaemon.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.04.17 12:56:08 | 000,394,984 | ---- | M] (tzuk) -- C:\Programme\Sandboxie\SbieCtrl.exe
PRC - [2010.04.17 12:56:06 | 000,073,960 | ---- | M] (tzuk) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2010.04.10 09:03:46 | 000,077,824 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.02.27 09:18:32 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2009.02.06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.01.31 15:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2009.01.31 13:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.11.24 04:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.09.13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.09.13 14:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007.02.16 18:58:12 | 000,856,064 | ---- | M] (Christian Diefer) -- C:\Programme\I8kfanGUI\I8kfanGUI.exe
PRC - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.23 23:02:32 | 000,193,952 | ---- | M] () -- C:\Users\Max\AppData\Local\Temp\fe0_zip.exe
MOD - [2011.11.11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.11.11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.05.07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010.05.07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010.05.07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010.05.07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010.05.07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- G:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.07.18 19:20:04 | 000,114,160 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.06.27 15:53:24 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.12.08 21:42:00 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.09.23 18:07:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.23 18:00:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.23 12:07:43 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2011.09.23 11:35:15 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.30 10:39:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.04.17 12:56:06 | 000,073,960 | ---- | M] (tzuk) [On_Demand | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.09.13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x86\Sandra.sys -- (SANDRA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\DellBIOS.Sys -- (DellBIOS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - [2012.06.27 15:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.02.15 18:10:25 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.01.18 08:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.09.16 15:55:38 | 000,111,160 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2011.09.16 15:55:38 | 000,091,096 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.07.09 02:32:16 | 000,686,872 | ---- | M] (www.ext2fsd.com) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV - [2011.03.18 13:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.07 14:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010.07.15 09:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010.07.15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010.07.01 12:10:00 | 000,188,392 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2010.07.01 12:10:00 | 000,032,872 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 05:01:30 | 000,059,464 | ---- | M] (Ross-Tech LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT-USB.SYS -- (RT-USB)
DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010.04.17 12:56:02 | 000,115,944 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009.12.18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009.10.26 09:33:39 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.10.07 10:48:18 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2009.08.22 20:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009.07.22 23:54:19 | 000,293,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.07.22 23:54:19 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.07.22 23:53:23 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.07.22 23:53:21 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcuxd.sys -- (vpcuxd)
DRV - [2009.07.22 23:53:19 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.13 07:46:38 | 000,037,280 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009.03.24 16:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.03.18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.06 11:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.11.05 14:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.10.11 06:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.07.29 06:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.06.27 14:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007.02.16 11:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\Windows\System32\drivers\fanio.sys -- (fanio)
DRV - [2006.12.26 14:54:35 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005.09.23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005.01.17 21:49:27 | 000,018,048 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2003.10.16 20:11:04 | 000,012,928 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DGUSB.sys -- (DGUSB)
DRV - [2003.04.19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-8.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 C7 A6 2B FF 1E CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {17394513-BDC1-41FF-8D69-84B06A05E609}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{17394513-BDC1-41FF-8D69-84B06A05E609}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{18032637-E021-4ACE-B21E-AE2DE49701A3}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
IE - HKCU\..\SearchScopes\{192A50FE-20C4-40BD-AA63-9549FAF1942A}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{7DD8A80D-9D07-4692-AD54-ABC7DE52FD38}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
IE - HKCU\..\SearchScopes\{C23F0F7E-B4BC-45FE-8158-442849D91E4F}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline_internetexplorer-browser-suche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
IE - HKCU\..\SearchScopes\{E16DDF24-0662-40F4-8333-00CF74C03205}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 15.0a2\extensions\\Components: C:\Program Files\Firefox Aurora\components [2012.07.18 19:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 15.0a2\extensions\\Plugins: C:\Program Files\Firefox Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.08.04 18:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2012.05.23 09:06:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.01 21:20:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.26 21:04:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.05.30 17:00:56 | 000,000,000 | ---D | M]
 
[2009.09.05 00:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2012.05.23 09:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\u7hs57z8.default\extensions
[2010.08.18 21:59:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\u7hs57z8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.23 09:07:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\u7hs57z8.default\extensions\ich@maltegoetz.de
[2012.06.26 23:14:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.15 15:26:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.01 21:20:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.01 21:20:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 21:20:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 21:20:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 21:20:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.xenocode.com/
 
O1 HOSTS File: ([2012.06.26 21:39:31 | 000,443,290 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.234.5    MAM-SRV-ARCH01
O1 - Hosts: 192.168.234.6    MAM-SRV-ARCH02
O1 - Hosts: 192.168.234.7    MAM-SRV-ARCH03
O1 - Hosts: 192.168.234.8    MAM-SRV-ARCH04
O1 - Hosts: 192.168.234.9    MAM-SRV-ARCH05
O1 - Hosts: 192.168.234.10  MAM-SRV-ARCH06
O1 - Hosts: 192.168.234.11  MAM-SRV-ARCH07
O1 - Hosts: 192.168.234.16 MAM-SRV-DB
O1 - Hosts: 192.168.241.41        pam-srv-trans01
O1 - Hosts: 192.168.241.42        pam-srv-trans02
O1 - Hosts: 192.168.241.43        pam-srv-trans03
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 15226 more lines...
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\ExplorerFrame.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02129743-6F56-4D8D-8DB6-AEDD9902353C}: NameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{22184aaf-2de1-11df-b490-001c232bf1f2}\Shell - "" = AutoRun
O33 - MountPoints2\{22184aaf-2de1-11df-b490-001c232bf1f2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{691496b3-64ef-11e0-817c-001c232bf1f2}\Shell - "" = AutoRun
O33 - MountPoints2\{691496b3-64ef-11e0-817c-001c232bf1f2}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.25 13:48:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2012.07.24 12:22:23 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.23 22:51:08 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\GABY
[2012.07.23 21:54:02 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{0E876457-010F-46F5-A6C5-3B1019EAD19D}
[2012.07.23 21:53:50 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DE05D193-B386-4AF8-8D99-D38E23796187}
[2012.07.23 19:01:50 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\UPG
[2012.07.23 09:53:34 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9B8F2DA1-E055-40F9-8BB2-0CEBC52B8847}
[2012.07.23 09:53:20 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{01D92DAD-632D-4094-A93D-FD7EED01FC83}
[2012.07.22 00:55:49 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{57700641-55EB-4676-B94D-1839FA0A7CCC}
[2012.07.22 00:55:26 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{C97F71EE-8FA1-45DB-AA2A-31901ED05F96}
[2012.07.21 12:55:13 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{AB57F648-80F2-416A-80B7-64847985F8B7}
[2012.07.21 12:54:50 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{0D5F1440-CD16-4ED8-84FD-B6670B1873A0}
[2012.07.21 00:54:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{B5C474BE-EF29-4F98-A109-194AB1D74EAA}
[2012.07.21 00:54:13 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E049A0FB-E5C9-4397-AC59-14FB30973E4B}
[2012.07.20 12:53:59 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{8097DE49-2717-4B1D-8B79-3DC944C42258}
[2012.07.20 12:53:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{8600FF88-A5B6-468B-99EA-D4BBD2386575}
[2012.07.20 00:53:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{8B9B31B8-4C41-41CE-A293-8107E6541C75}
[2012.07.20 00:52:59 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{7CB3C92A-54A1-4821-8EA3-66478A2E3103}
[2012.07.19 18:29:53 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\47pfl6877k_12_fus_deu_NEW
[2012.07.19 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{4DA42110-4555-4834-A985-6569E4F56907}
[2012.07.19 12:48:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{BB0D9972-61E6-42AF-A39E-4CD5B0B29477}
[2012.07.19 12:48:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{39BE5A2D-1E0C-4D8B-8708-696FF87E5738}
[2012.07.19 00:48:00 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{BD83A855-3037-495A-AA7E-22222F4A7E78}
[2012.07.19 00:47:37 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{AE8515F5-FC3D-4C01-BA81-54B50CF49557}
[2012.07.18 19:36:37 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Macromedia
[2012.07.18 12:47:06 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{7D9CD1A0-2E33-4010-B3D5-22BB7145DA39}
[2012.07.18 12:46:40 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{4800F460-0B5A-4634-ABD7-981066FE9A68}
[2012.07.18 00:46:24 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{FF665716-A3EE-4CFB-BE84-EEAD9C60C006}
[2012.07.18 00:45:59 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CD28118D-351C-4EDF-9237-D7E4CED33407}
[2012.07.17 12:45:39 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{2A5A4C9E-AC03-455B-941A-84CB1C736BC5}
[2012.07.17 12:45:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{D7043730-1129-43FF-B60F-94D14BE8AB00}
[2012.07.17 00:44:56 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{F1313CA3-01F3-43DB-B6DE-4CC15099DD60}
[2012.07.17 00:44:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E639068E-8692-4991-BCCE-F04E7E57AB3B}
[2012.07.16 19:37:50 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012.07.16 19:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012.07.16 12:44:13 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{0DEC3840-38BB-4C8C-AC87-753E99A88EB5}
[2012.07.16 12:43:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{8B52BFEC-9C68-46AD-B480-9419D6B147DC}
[2012.07.16 12:36:55 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.16 12:33:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.16 12:33:12 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.16 12:33:06 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.16 00:43:29 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{97BB92EC-0640-490C-BCB1-DBEFCAE071E3}
[2012.07.16 00:43:03 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9E9F7E2F-8EEA-4424-817C-BA264F1088AB}
[2012.07.15 12:42:48 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{B714D027-53C5-4488-89C2-17BBF1F53B9B}
[2012.07.15 12:42:23 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{3B246F8C-93EE-48AF-B0DB-DB5A7EC14855}
[2012.07.15 00:42:07 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{8D66CC6F-BBE0-408D-A4E4-CE73B79FEB2E}
[2012.07.15 00:41:42 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{F59051D5-4363-4F6D-BE77-C453BD1F9970}
[2012.07.14 12:41:20 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{87F1065F-9C22-4195-A59D-D32CDF9327C5}
[2012.07.14 12:40:51 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{3E71E62E-B06C-4558-AD71-88E2A8574E90}
[2012.07.14 00:40:35 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5DCA5CB3-A29B-4803-A619-8DE4628E31A0}
[2012.07.14 00:40:12 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{27842783-DACF-4C13-9C07-0F73D68F55FE}
[2012.07.13 12:39:58 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{6C409AA7-91F1-4198-97E1-BDD4407A2C3C}
[2012.07.13 12:39:35 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{A91050C1-41AF-4BB3-84CB-8581DDECA97F}
[2012.07.13 00:39:20 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{0ABC423F-CDDA-49A4-AC3E-A0F033D4812A}
[2012.07.13 00:38:57 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{ED926501-21EF-4347-B24D-266F66BDFB35}
[2012.07.12 12:38:42 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{750AF375-F060-4ACB-904C-800C1C3916AD}
[2012.07.12 12:38:18 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{8BFDB160-B230-4985-820A-F6B013869B68}
[2012.07.12 00:38:04 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{C4D930A7-B8F3-45D3-B29B-D3180093E9DA}
[2012.07.12 00:37:41 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DDEC7E9F-0B86-4C9C-9894-C2B9AD435735}
[2012.07.11 12:37:25 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{C9863C55-CE1B-4C1D-B1E3-03A2F9FB4DAA}
[2012.07.11 12:37:02 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{B8E76645-67A3-439B-AB32-4F1C03BA070B}
[2012.07.11 00:36:47 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{F45DEB39-7A88-400A-AEB1-29436264CC8F}
[2012.07.11 00:36:24 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CA8224B1-9DC7-446B-AE6E-3A457E9ED6DC}
[2012.07.10 12:36:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E167EDB6-858C-4E1D-AD53-467E4ECD6030}
[2012.07.10 12:35:47 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9B1AF5DF-D480-4AB6-9BD3-0774E081F2E6}
[2012.07.10 00:35:33 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{C5F173CF-2A9E-4DD2-9B26-95F1B57D71B5}
[2012.07.10 00:35:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{C595D5F1-F0E0-4332-8C0E-F709594958A6}
[2012.07.09 12:34:56 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DC281656-CEC8-45BE-AA16-3F4CDB701A4D}
[2012.07.09 12:34:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{1145E29D-EFB2-43A3-B2AB-F138273304BE}
[2012.07.09 00:34:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E8C9D7BE-AD8A-4D96-BC9F-9F50571754A6}
[2012.07.09 00:34:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{59750591-D1A2-4141-95CE-2667E731CF47}
[2012.07.08 12:33:47 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9D835FFF-368B-41A1-99DD-CFB23EA92FED}
[2012.07.08 12:33:23 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CA9AB6E7-F7C5-4700-A713-BE73DA712358}
[2012.07.08 00:32:56 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E03F5716-F733-4259-BFCF-7B9687D64BAA}
[2012.07.08 00:32:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{FF460A66-659A-46D9-A9BB-8FBAB64A2FF4}
[2012.07.07 12:32:03 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{522EFB4E-3A71-4570-BEAC-CCAD0E7CB50A}
[2012.07.07 12:31:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DBB0BE6D-FC74-4E83-98D2-2B7D412E251F}
[2012.07.06 15:22:26 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DCE925D7-7E27-4BAD-BC08-19002E42BC24}
[2012.07.06 15:22:03 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{FDA6C431-0EF1-4ADB-B955-19795DE2A27B}
[2012.07.06 03:21:50 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{4BF29B2C-2712-44F5-851E-64E57FE8132E}
[2012.07.06 03:21:26 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{D138C0B3-83B8-49E7-B1E4-407AB227530B}
[2012.07.05 15:21:12 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DCF643DD-A94F-4C0E-9C23-AA37C10ABEBF}
[2012.07.05 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{D46C2760-EDBC-4D1D-ABE2-843022B36C65}
[2012.07.05 03:20:34 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{735A045C-274F-4383-8E06-7D1E69E11452}
[2012.07.05 03:20:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{63BDDC6B-CAFB-4281-8AA8-BBB586FAD15F}
[2012.07.04 15:19:57 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9B11552B-9B0A-47E0-B502-72777D9DC399}
[2012.07.04 15:19:34 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{79C841C7-CE25-4FDA-87FB-CBAF0E7161FA}
[2012.07.04 03:19:20 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{F9965F6C-6AAC-44BF-8700-6009458E8B11}
[2012.07.04 03:18:57 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{63C86A0B-7F4E-41AD-90E6-49A6B0CBDC89}
[2012.07.03 15:18:44 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{89069210-65BA-457F-95A0-E38393207E30}
[2012.07.03 15:18:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{40B98341-95CA-45EF-B422-C0F4403F3B69}
[2012.07.03 03:18:07 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{2A8BC292-F06A-49B4-849E-CB2D0D26DFD3}
[2012.07.03 03:17:43 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5F8078EB-AE66-4479-9F66-D3609AADEE40}
[2012.07.02 15:17:15 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{ED572693-7787-4E6A-9F61-F88D13789F2F}
[2012.07.02 15:16:52 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{60B4AE59-2E74-4F8E-A4F5-3C253CC06B66}
[2012.07.02 03:16:39 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{B1C923A2-5681-40B1-926F-7FE70B5416E6}
[2012.07.02 03:16:15 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{28A4ECA0-4584-4520-B615-B8FB96CC3149}
[2012.07.01 17:19:42 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\bdp7700_12_fus_deu
[2012.07.01 15:16:02 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{4F4288E5-D71C-4980-92D7-D040C2AFDEA0}
[2012.07.01 15:15:39 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{44A6E1CB-F1A0-4A89-85B0-837317E557FD}
[2012.07.01 03:15:26 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5EC02976-8934-4428-8E6D-BE7D3FB19BD3}
[2012.07.01 03:15:03 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{82964F9F-ABD1-4D3D-A84F-3B003B244914}
[2012.06.30 15:14:50 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{2373D420-726D-47AB-8933-5F358BBA2166}
[2012.06.30 15:14:27 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{1749EE95-0CB4-4944-B9BE-298718E1487A}
[2012.06.30 03:14:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{174829FC-6683-44C9-8A49-96378AC0BCE8}
[2012.06.30 03:13:51 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{A70B47C6-AD0C-4AAE-9C50-0377105BB3E3}
[2012.06.29 16:22:20 | 000,319,488 | ---- | C] (GigaTwin/Unicam Team) -- C:\Users\Max\Desktop\UniCam Loader 1.1.exe
[2012.06.29 16:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.06.29 16:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.06.29 15:13:25 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{73C14D43-6E81-433B-9C23-79F3FE6B44A9}
[2012.06.29 15:13:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{99E2C589-6C29-4BDD-A300-152B593DA21E}
[2012.06.29 03:12:48 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{C176DE92-9C1F-48B9-BD89-BFFF23A52A8B}
[2012.06.29 03:12:25 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{EF2E0394-27CB-4D21-84C6-0D549A51EC28}
[2012.06.28 15:12:12 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{3EDABFF5-B522-4949-8714-5774D9267C63}
[2012.06.28 15:11:48 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{67381B56-5811-4822-AD65-B22EB7453AB7}
[2012.06.28 03:11:35 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{72D5DD88-9330-4BC9-B995-3549DE6C72D3}
[2012.06.28 03:11:12 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{4824C93D-094F-48EC-9C8B-DE3CC8001E93}
[2012.06.27 15:10:59 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{986109CB-193F-493A-AAAC-BCE25DDEFB3A}
[2012.06.27 15:10:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E1494694-0EA9-4C3D-AA3A-D2E87621023D}
[2012.06.27 03:10:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{8D346E41-4FF3-4AEB-8163-09BAB802E505}
[2012.06.27 03:09:58 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{80E87279-1B71-4C0C-A495-904BEF980736}
[2012.06.26 20:45:16 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.26 20:45:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.26 20:45:14 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.26 20:45:14 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.26 20:45:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.26 20:44:56 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012.06.26 20:44:49 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.06.26 20:42:36 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.26 20:42:36 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.26 20:42:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.06.26 20:26:05 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Desktop 7
[2012.06.26 15:09:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{ABDA9D84-74E5-4210-8196-3CCCC9FCB9BE}
[2012.06.26 15:08:24 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{27A9F340-9B5D-4FFB-899F-A6A25C17341F}
[2012.06.26 03:07:59 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{2B667E3F-3C10-46F8-85FC-DA95F8A0A3D2}
[2012.06.26 03:07:27 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{85434D36-8106-494F-BB2A-FEA720A5C621}
[2012.06.25 15:07:00 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5809E706-C244-4DF1-BD1C-D29AE6D80634}
[2012.06.25 15:06:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{EB83DDB9-6BD2-4A63-B851-F8C4BF0A60C2}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.25 11:26:49 | 000,020,864 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 11:26:48 | 000,020,864 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 11:19:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 11:18:54 | 2414,710,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.24 14:56:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2012.07.24 10:36:19 | 004,503,728 | ---- | M] () -- C:\ProgramData\piz_0ef.pad
[2012.07.23 23:02:35 | 000,001,879 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.23 22:44:41 | 000,656,040 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.23 22:44:41 | 000,616,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.23 22:44:41 | 000,130,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.23 22:44:41 | 000,106,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.23 19:00:53 | 021,849,912 | ---- | M] () -- C:\Users\Max\Desktop\bdp7500bl_12_fus_deu.zip
[2012.07.19 17:02:16 | 146,876,696 | ---- | M] () -- C:\Users\Max\Desktop\47pfl6877k_12_fus_deu_NEW.zip
[2012.07.19 12:49:34 | 146,511,599 | ---- | M] () -- C:\Users\Max\Desktop\6xx7_7XX7_8xx7_132.5.1.zip
[2012.07.18 18:59:09 | 002,404,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.17 10:18:14 | 145,224,603 | ---- | M] () -- C:\Users\Max\Desktop\47pfl6877k_12_fus_deu_108_008.zip
[2012.07.16 19:39:34 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.07.11 12:12:44 | 000,142,909 | ---- | M] () -- C:\Users\Max\Desktop\2012-07-08-415.jpg
[2012.07.11 12:12:44 | 000,116,759 | ---- | M] () -- C:\Users\Max\Desktop\2012-07-08-416.jpg
[2012.07.11 12:12:44 | 000,114,337 | ---- | M] () -- C:\Users\Max\Desktop\2012-07-08-410.jpg
[2012.07.07 12:33:17 | 000,001,884 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.07.01 17:14:25 | 094,925,071 | ---- | M] () -- C:\Users\Max\Desktop\bdp7700_12_fus_deu.zip
[2012.06.29 16:22:05 | 000,549,280 | ---- | M] () -- C:\Users\Max\Desktop\max_5.27.uns
[2012.06.28 16:43:46 | 000,319,488 | ---- | M] (GigaTwin/Unicam Team) -- C:\Users\Max\Desktop\UniCam Loader 1.1.exe
[2012.06.27 18:32:25 | 000,127,779 | ---- | M] () -- C:\Users\Max\Desktop\Ablaufprotokoll20120627.pdf
[2012.06.27 15:18:52 | 000,019,072 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012.06.26 21:39:31 | 000,443,290 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.06.26 20:36:42 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.26 20:36:42 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.23 23:02:35 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad
[2012.07.23 23:02:35 | 000,001,879 | ---- | C] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.23 19:00:41 | 021,849,912 | ---- | C] () -- C:\Users\Max\Desktop\bdp7500bl_12_fus_deu.zip
[2012.07.19 17:50:25 | 146,876,696 | ---- | C] () -- C:\Users\Max\Desktop\47pfl6877k_12_fus_deu_NEW.zip
[2012.07.19 16:08:42 | 146,511,599 | ---- | C] () -- C:\Users\Max\Desktop\6xx7_7XX7_8xx7_132.5.1.zip
[2012.07.17 10:15:58 | 145,224,603 | ---- | C] () -- C:\Users\Max\Desktop\47pfl6877k_12_fus_deu_108_008.zip
[2012.07.16 19:39:34 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.07.11 12:13:36 | 000,116,759 | ---- | C] () -- C:\Users\Max\Desktop\2012-07-08-416.jpg
[2012.07.11 12:13:35 | 000,142,909 | ---- | C] () -- C:\Users\Max\Desktop\2012-07-08-415.jpg
[2012.07.11 12:13:35 | 000,114,337 | ---- | C] () -- C:\Users\Max\Desktop\2012-07-08-410.jpg
[2012.07.08 08:33:31 | 2414,710,784 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.01 16:44:57 | 094,925,071 | ---- | C] () -- C:\Users\Max\Desktop\bdp7700_12_fus_deu.zip
[2012.06.29 16:22:15 | 000,549,280 | ---- | C] () -- C:\Users\Max\Desktop\max_5.27.uns
[2012.06.27 18:33:41 | 000,127,779 | ---- | C] () -- C:\Users\Max\Desktop\Ablaufprotokoll20120627.pdf
[2012.05.03 10:02:07 | 000,000,056 | ---- | C] () -- C:\Windows\vidpidfix.INI
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.11.17 03:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.09.20 21:34:52 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.08.14 15:03:25 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.05.30 18:28:54 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.05.30 18:26:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.28 02:04:02 | 000,181,724 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.04.13 19:39:14 | 000,071,168 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2011.04.13 19:39:05 | 000,000,051 | ---- | C] () -- C:\Windows\TSetup.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.26 22:56:45 | 002,336,384 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.03.26 22:56:45 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.03.26 22:56:45 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.03.26 22:56:45 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.03.26 22:56:45 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.03.13 02:49:59 | 000,676,864 | ---- | C] () -- C:\Windows\System32\mxMonecSocket.dll
[2010.11.02 10:43:41 | 000,137,960 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.11.02 10:07:37 | 000,235,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.11.02 10:07:19 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.11.02 10:07:18 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.10.08 12:52:13 | 000,000,000 | -H-- | C] () -- C:\Windows\msds.dat
[2010.10.08 12:43:12 | 000,029,574 | ---- | C] () -- C:\Windows\SETUP1.EXE
[2010.09.25 00:32:56 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2010.09.25 00:32:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010.07.29 19:39:53 | 000,000,149 | ---- | C] () -- C:\Windows\wiso.ini
[2010.05.18 00:27:43 | 000,004,608 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.15 20:46:54 | 000,000,084 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.03.28 02:42:22 | 002,887,680 | ---- | C] () -- C:\Users\Max\s-1-5-21-3619751621-3969484228-3234360931-1000.rrr
[2010.03.06 13:54:38 | 000,001,356 | ---- | C] () -- C:\Users\Max\Windows XP Mode.vmcx
[2010.02.27 18:24:37 | 000,000,484 | RHS- | C] () -- C:\Users\Max\ntuser.pol
[2009.09.04 17:10:16 | 000,007,597 | ---- | C] () -- C:\Users\Max\AppData\Local\Resmon.ResmonCfg
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C895616B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6CC69D3C

< End of report >

Malwarebytes Log:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Max :: SG [Administrator]

25.07.2012 14:15:27
mbam-log-2012-07-25 (14-25-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235397
Laufzeit: 4 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 2008 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.

(Ende)

markusg 25.07.2012 14:26
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
[2012.07.23 23:02:35 | 000,001,879 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
 :Files
:Commands
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!


c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel

scriptlivver 25.07.2012 14:39
Ich sehe gerade, ich hatte im OTL was vergessen (Registry).

Anbei nun das richtige Log und die Extras.

OTL:

Code:
OTL logfile created on: 25.07.2012 15:03:31 - Run 3
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\Max\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,22% Memory free
6,00 Gb Paging File | 4,50 Gb Available in Paging File | 75,01% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 79,12 Gb Free Space | 26,55% Space Free | Partition Type: NTFS
Drive D: | 470,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SG | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Max\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Sandboxie\SbieCtrl.exe (tzuk)
PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Windows\KMService.exe ()
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Programme\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
PRC - C:\Windows\System32\srvany.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Max\AppData\Local\Temp\fe0_zip.exe ()
MOD - C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\Notepad++\NppShell_04.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Programme\Unlocker\UnlockerCOM.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.UtilitiesSvc) -- G:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (tzuk)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (TuneUpUtilitiesDrv) -- G:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x86\Sandra.sys File not found
DRV - (DellBIOS) -- C:\Windows\DellBIOS.Sys File not found
DRV - (cpuz135) -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Ext2Fsd) -- C:\Windows\System32\drivers\ext2fsd.sys (www.ext2fsd.com)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NETwLv32) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (RTL2832UBDA) -- C:\Windows\System32\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UUSB) -- C:\Windows\System32\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RT-USB) -- C:\Windows\System32\drivers\RT-USB.SYS (Ross-Tech LLC)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk)
DRV - (cpudrv) -- C:\Programme\SystemRequirementsLab\cpudrv.sys ()
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (lvselsus) -- C:\Windows\System32\drivers\lvselsus.sys (Logitech Inc.)
DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcuxd) -- C:\Windows\System32\drivers\vpcuxd.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (RTL2832U_IRHID) -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (fanio) -- C:\Windows\System32\drivers\fanio.sys (Christian Diefer)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (DGUSB) -- C:\Windows\System32\drivers\DGUSB.sys (Philips Semiconductors)
DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys ()
DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-8.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 C7 A6 2B FF 1E CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {17394513-BDC1-41FF-8D69-84B06A05E609}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{17394513-BDC1-41FF-8D69-84B06A05E609}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{18032637-E021-4ACE-B21E-AE2DE49701A3}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
IE - HKCU\..\SearchScopes\{192A50FE-20C4-40BD-AA63-9549FAF1942A}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{7DD8A80D-9D07-4692-AD54-ABC7DE52FD38}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
IE - HKCU\..\SearchScopes\{C23F0F7E-B4BC-45FE-8158-442849D91E4F}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline_internetexplorer-browser-suche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
IE - HKCU\..\SearchScopes\{E16DDF24-0662-40F4-8333-00CF74C03205}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 15.0a2\extensions\\Components: C:\Program Files\Firefox Aurora\components [2012.07.18 19:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 15.0a2\extensions\\Plugins: C:\Program Files\Firefox Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.08.04 18:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2012.05.23 09:06:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.01 21:20:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.26 21:04:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.05.30 17:00:56 | 000,000,000 | ---D | M]
 
[2009.09.05 00:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2012.05.23 09:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\u7hs57z8.default\extensions
[2010.08.18 21:59:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\u7hs57z8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.23 09:07:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\u7hs57z8.default\extensions\ich@maltegoetz.de
[2012.06.26 23:14:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.15 15:26:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.01 21:20:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.01 21:20:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 21:20:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 21:20:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 21:20:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.xenocode.com/
 
O1 HOSTS File: ([2012.06.26 21:39:31 | 000,443,290 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.234.5    MAM-SRV-ARCH01
O1 - Hosts: 192.168.234.6    MAM-SRV-ARCH02
O1 - Hosts: 192.168.234.7    MAM-SRV-ARCH03
O1 - Hosts: 192.168.234.8    MAM-SRV-ARCH04
O1 - Hosts: 192.168.234.9    MAM-SRV-ARCH05
O1 - Hosts: 192.168.234.10  MAM-SRV-ARCH06
O1 - Hosts: 192.168.234.11  MAM-SRV-ARCH07
O1 - Hosts: 192.168.234.16 MAM-SRV-DB
O1 - Hosts: 192.168.241.41        pam-srv-trans01
O1 - Hosts: 192.168.241.42        pam-srv-trans02
O1 - Hosts: 192.168.241.43        pam-srv-trans03
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 15226 more lines...
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\ExplorerFrame.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02129743-6F56-4D8D-8DB6-AEDD9902353C}: NameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{22184aaf-2de1-11df-b490-001c232bf1f2}\Shell - "" = AutoRun
O33 - MountPoints2\{22184aaf-2de1-11df-b490-001c232bf1f2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{691496b3-64ef-11e0-817c-001c232bf1f2}\Shell - "" = AutoRun
O33 - MountPoints2\{691496b3-64ef-11e0-817c-001c232bf1f2}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.25 14:15:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.25 14:15:07 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Malwarebytes
[2012.07.25 14:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.25 14:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.25 14:14:56 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.25 14:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.25 13:48:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2012.07.24 12:22:23 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.23 22:51:08 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\GABY
[2012.07.23 21:54:02 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{0E876457-010F-46F5-A6C5-3B1019EAD19D}
[2012.07.23 21:53:50 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DE05D193-B386-4AF8-8D99-D38E23796187}
[2012.07.23 19:01:50 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\UPG
[2012.07.23 09:53:34 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9B8F2DA1-E055-40F9-8BB2-0CEBC52B8847}
[2012.07.23 09:53:20 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{01D92DAD-632D-4094-A93D-FD7EED01FC83}
[2012.07.22 00:55:49 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{57700641-55EB-4676-B94D-1839FA0A7CCC}
[2012.07.22 00:55:26 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{C97F71EE-8FA1-45DB-AA2A-31901ED05F96}
[2012.07.21 12:55:13 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{AB57F648-80F2-416A-80B7-64847985F8B7}
[2012.07.21 12:54:50 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{0D5F1440-CD16-4ED8-84FD-B6670B1873A0}
[2012.07.21 00:54:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{B5C474BE-EF29-4F98-A109-194AB1D74EAA}
[2012.07.21 00:54:13 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E049A0FB-E5C9-4397-AC59-14FB30973E4B}
[2012.07.20 12:53:59 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{8097DE49-2717-4B1D-8B79-3DC944C42258}
[2012.07.20 12:53:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{8600FF88-A5B6-468B-99EA-D4BBD2386575}
[2012.07.20 00:53:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{8B9B31B8-4C41-41CE-A293-8107E6541C75}
[2012.07.20 00:52:59 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{7CB3C92A-54A1-4821-8EA3-66478A2E3103}
[2012.07.19 18:29:53 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\47pfl6877k_12_fus_deu_NEW
[2012.07.19 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{4DA42110-4555-4834-A985-6569E4F56907}
[2012.07.19 12:48:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{BB0D9972-61E6-42AF-A39E-4CD5B0B29477}
[2012.07.19 12:48:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{39BE5A2D-1E0C-4D8B-8708-696FF87E5738}
[2012.07.19 00:48:00 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{BD83A855-3037-495A-AA7E-22222F4A7E78}
[2012.07.19 00:47:37 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{AE8515F5-FC3D-4C01-BA81-54B50CF49557}
[2012.07.18 19:36:37 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Macromedia
[2012.07.18 12:47:06 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{7D9CD1A0-2E33-4010-B3D5-22BB7145DA39}
[2012.07.18 12:46:40 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{4800F460-0B5A-4634-ABD7-981066FE9A68}
[2012.07.18 00:46:24 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{FF665716-A3EE-4CFB-BE84-EEAD9C60C006}
[2012.07.18 00:45:59 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CD28118D-351C-4EDF-9237-D7E4CED33407}
[2012.07.17 12:45:39 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{2A5A4C9E-AC03-455B-941A-84CB1C736BC5}
[2012.07.17 12:45:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{D7043730-1129-43FF-B60F-94D14BE8AB00}
[2012.07.17 00:44:56 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{F1313CA3-01F3-43DB-B6DE-4CC15099DD60}
[2012.07.17 00:44:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E639068E-8692-4991-BCCE-F04E7E57AB3B}
[2012.07.16 19:37:50 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012.07.16 19:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012.07.16 12:44:13 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{0DEC3840-38BB-4C8C-AC87-753E99A88EB5}
[2012.07.16 12:43:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{8B52BFEC-9C68-46AD-B480-9419D6B147DC}
[2012.07.16 12:36:55 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.16 12:33:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.16 12:33:12 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.16 12:33:06 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.16 00:43:29 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{97BB92EC-0640-490C-BCB1-DBEFCAE071E3}
[2012.07.16 00:43:03 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9E9F7E2F-8EEA-4424-817C-BA264F1088AB}
[2012.07.15 12:42:48 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{B714D027-53C5-4488-89C2-17BBF1F53B9B}
[2012.07.15 12:42:23 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{3B246F8C-93EE-48AF-B0DB-DB5A7EC14855}
[2012.07.15 00:42:07 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{8D66CC6F-BBE0-408D-A4E4-CE73B79FEB2E}
[2012.07.15 00:41:42 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{F59051D5-4363-4F6D-BE77-C453BD1F9970}
[2012.07.14 12:41:20 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{87F1065F-9C22-4195-A59D-D32CDF9327C5}
[2012.07.14 12:40:51 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{3E71E62E-B06C-4558-AD71-88E2A8574E90}
[2012.07.14 00:40:35 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5DCA5CB3-A29B-4803-A619-8DE4628E31A0}
[2012.07.14 00:40:12 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{27842783-DACF-4C13-9C07-0F73D68F55FE}
[2012.07.13 12:39:58 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{6C409AA7-91F1-4198-97E1-BDD4407A2C3C}
[2012.07.13 12:39:35 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{A91050C1-41AF-4BB3-84CB-8581DDECA97F}
[2012.07.13 00:39:20 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{0ABC423F-CDDA-49A4-AC3E-A0F033D4812A}
[2012.07.13 00:38:57 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{ED926501-21EF-4347-B24D-266F66BDFB35}
[2012.07.12 12:38:42 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{750AF375-F060-4ACB-904C-800C1C3916AD}
[2012.07.12 12:38:18 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{8BFDB160-B230-4985-820A-F6B013869B68}
[2012.07.12 00:38:04 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{C4D930A7-B8F3-45D3-B29B-D3180093E9DA}
[2012.07.12 00:37:41 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DDEC7E9F-0B86-4C9C-9894-C2B9AD435735}
[2012.07.11 12:37:25 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{C9863C55-CE1B-4C1D-B1E3-03A2F9FB4DAA}
[2012.07.11 12:37:02 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{B8E76645-67A3-439B-AB32-4F1C03BA070B}
[2012.07.11 00:36:47 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{F45DEB39-7A88-400A-AEB1-29436264CC8F}
[2012.07.11 00:36:24 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CA8224B1-9DC7-446B-AE6E-3A457E9ED6DC}
[2012.07.10 12:36:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E167EDB6-858C-4E1D-AD53-467E4ECD6030}
[2012.07.10 12:35:47 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9B1AF5DF-D480-4AB6-9BD3-0774E081F2E6}
[2012.07.10 00:35:33 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{C5F173CF-2A9E-4DD2-9B26-95F1B57D71B5}
[2012.07.10 00:35:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{C595D5F1-F0E0-4332-8C0E-F709594958A6}
[2012.07.09 12:34:56 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DC281656-CEC8-45BE-AA16-3F4CDB701A4D}
[2012.07.09 12:34:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{1145E29D-EFB2-43A3-B2AB-F138273304BE}
[2012.07.09 00:34:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E8C9D7BE-AD8A-4D96-BC9F-9F50571754A6}
[2012.07.09 00:34:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{59750591-D1A2-4141-95CE-2667E731CF47}
[2012.07.08 12:33:47 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9D835FFF-368B-41A1-99DD-CFB23EA92FED}
[2012.07.08 12:33:23 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CA9AB6E7-F7C5-4700-A713-BE73DA712358}
[2012.07.08 00:32:56 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E03F5716-F733-4259-BFCF-7B9687D64BAA}
[2012.07.08 00:32:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{FF460A66-659A-46D9-A9BB-8FBAB64A2FF4}
[2012.07.07 12:32:03 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{522EFB4E-3A71-4570-BEAC-CCAD0E7CB50A}
[2012.07.07 12:31:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DBB0BE6D-FC74-4E83-98D2-2B7D412E251F}
[2012.07.06 15:22:26 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DCE925D7-7E27-4BAD-BC08-19002E42BC24}
[2012.07.06 15:22:03 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{FDA6C431-0EF1-4ADB-B955-19795DE2A27B}
[2012.07.06 03:21:50 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{4BF29B2C-2712-44F5-851E-64E57FE8132E}
[2012.07.06 03:21:26 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{D138C0B3-83B8-49E7-B1E4-407AB227530B}
[2012.07.05 15:21:12 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DCF643DD-A94F-4C0E-9C23-AA37C10ABEBF}
[2012.07.05 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{D46C2760-EDBC-4D1D-ABE2-843022B36C65}
[2012.07.05 03:20:34 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{735A045C-274F-4383-8E06-7D1E69E11452}
[2012.07.05 03:20:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{63BDDC6B-CAFB-4281-8AA8-BBB586FAD15F}
[2012.07.04 15:19:57 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9B11552B-9B0A-47E0-B502-72777D9DC399}
[2012.07.04 15:19:34 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{79C841C7-CE25-4FDA-87FB-CBAF0E7161FA}
[2012.07.04 03:19:20 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{F9965F6C-6AAC-44BF-8700-6009458E8B11}
[2012.07.04 03:18:57 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{63C86A0B-7F4E-41AD-90E6-49A6B0CBDC89}
[2012.07.03 15:18:44 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{89069210-65BA-457F-95A0-E38393207E30}
[2012.07.03 15:18:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{40B98341-95CA-45EF-B422-C0F4403F3B69}
[2012.07.03 03:18:07 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{2A8BC292-F06A-49B4-849E-CB2D0D26DFD3}
[2012.07.03 03:17:43 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5F8078EB-AE66-4479-9F66-D3609AADEE40}
[2012.07.02 15:17:15 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{ED572693-7787-4E6A-9F61-F88D13789F2F}
[2012.07.02 15:16:52 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{60B4AE59-2E74-4F8E-A4F5-3C253CC06B66}
[2012.07.02 03:16:39 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{B1C923A2-5681-40B1-926F-7FE70B5416E6}
[2012.07.02 03:16:15 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{28A4ECA0-4584-4520-B615-B8FB96CC3149}
[2012.07.01 17:19:42 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\bdp7700_12_fus_deu
[2012.07.01 15:16:02 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{4F4288E5-D71C-4980-92D7-D040C2AFDEA0}
[2012.07.01 15:15:39 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{44A6E1CB-F1A0-4A89-85B0-837317E557FD}
[2012.07.01 03:15:26 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5EC02976-8934-4428-8E6D-BE7D3FB19BD3}
[2012.07.01 03:15:03 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{82964F9F-ABD1-4D3D-A84F-3B003B244914}
[2012.06.30 15:14:50 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{2373D420-726D-47AB-8933-5F358BBA2166}
[2012.06.30 15:14:27 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{1749EE95-0CB4-4944-B9BE-298718E1487A}
[2012.06.30 03:14:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{174829FC-6683-44C9-8A49-96378AC0BCE8}
[2012.06.30 03:13:51 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{A70B47C6-AD0C-4AAE-9C50-0377105BB3E3}
[2012.06.29 16:22:20 | 000,319,488 | ---- | C] (GigaTwin/Unicam Team) -- C:\Users\Max\Desktop\UniCam Loader 1.1.exe
[2012.06.29 16:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.06.29 16:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.06.29 15:13:25 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{73C14D43-6E81-433B-9C23-79F3FE6B44A9}
[2012.06.29 15:13:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{99E2C589-6C29-4BDD-A300-152B593DA21E}
[2012.06.29 03:12:48 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{C176DE92-9C1F-48B9-BD89-BFFF23A52A8B}
[2012.06.29 03:12:25 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{EF2E0394-27CB-4D21-84C6-0D549A51EC28}
[2012.06.28 15:12:12 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{3EDABFF5-B522-4949-8714-5774D9267C63}
[2012.06.28 15:11:48 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{67381B56-5811-4822-AD65-B22EB7453AB7}
[2012.06.28 03:11:35 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{72D5DD88-9330-4BC9-B995-3549DE6C72D3}
[2012.06.28 03:11:12 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{4824C93D-094F-48EC-9C8B-DE3CC8001E93}
[2012.06.27 15:10:59 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{986109CB-193F-493A-AAAC-BCE25DDEFB3A}
[2012.06.27 15:10:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E1494694-0EA9-4C3D-AA3A-D2E87621023D}
[2012.06.27 03:10:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{8D346E41-4FF3-4AEB-8163-09BAB802E505}
[2012.06.27 03:09:58 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{80E87279-1B71-4C0C-A495-904BEF980736}
[2012.06.26 20:45:16 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.26 20:45:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.26 20:45:14 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.26 20:45:14 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.26 20:45:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.26 20:44:56 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012.06.26 20:44:49 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.06.26 20:42:36 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.26 20:42:36 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.26 20:42:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.06.26 20:26:05 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Desktop 7
[2012.06.26 15:09:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{ABDA9D84-74E5-4210-8196-3CCCC9FCB9BE}
[2012.06.26 15:08:24 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{27A9F340-9B5D-4FFB-899F-A6A25C17341F}
[2012.06.26 03:07:59 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{2B667E3F-3C10-46F8-85FC-DA95F8A0A3D2}
[2012.06.26 03:07:27 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{85434D36-8106-494F-BB2A-FEA720A5C621}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.25 14:27:23 | 000,656,040 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.25 14:27:23 | 000,616,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.25 14:27:23 | 000,130,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.25 14:27:23 | 000,106,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.25 14:15:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.25 14:14:57 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.25 11:26:49 | 000,020,864 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 11:26:48 | 000,020,864 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 11:19:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 11:18:54 | 2414,710,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.24 14:56:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2012.07.24 10:36:19 | 004,503,728 | ---- | M] () -- C:\ProgramData\piz_0ef.pad
[2012.07.23 23:02:35 | 000,001,879 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.23 19:00:53 | 021,849,912 | ---- | M] () -- C:\Users\Max\Desktop\bdp7500bl_12_fus_deu.zip
[2012.07.19 17:02:16 | 146,876,696 | ---- | M] () -- C:\Users\Max\Desktop\47pfl6877k_12_fus_deu_NEW.zip
[2012.07.19 12:49:34 | 146,511,599 | ---- | M] () -- C:\Users\Max\Desktop\6xx7_7XX7_8xx7_132.5.1.zip
[2012.07.18 18:59:09 | 002,404,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.17 10:18:14 | 145,224,603 | ---- | M] () -- C:\Users\Max\Desktop\47pfl6877k_12_fus_deu_108_008.zip
[2012.07.16 19:39:34 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.07.11 12:12:44 | 000,142,909 | ---- | M] () -- C:\Users\Max\Desktop\2012-07-08-415.jpg
[2012.07.11 12:12:44 | 000,116,759 | ---- | M] () -- C:\Users\Max\Desktop\2012-07-08-416.jpg
[2012.07.11 12:12:44 | 000,114,337 | ---- | M] () -- C:\Users\Max\Desktop\2012-07-08-410.jpg
[2012.07.07 12:33:17 | 000,001,884 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.01 17:14:25 | 094,925,071 | ---- | M] () -- C:\Users\Max\Desktop\bdp7700_12_fus_deu.zip
[2012.06.29 16:22:05 | 000,549,280 | ---- | M] () -- C:\Users\Max\Desktop\max_5.27.uns
[2012.06.28 16:43:46 | 000,319,488 | ---- | M] (GigaTwin/Unicam Team) -- C:\Users\Max\Desktop\UniCam Loader 1.1.exe
[2012.06.27 18:32:25 | 000,127,779 | ---- | M] () -- C:\Users\Max\Desktop\Ablaufprotokoll20120627.pdf
[2012.06.27 15:18:52 | 000,019,072 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012.06.26 21:39:31 | 000,443,290 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.06.26 20:36:42 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.26 20:36:42 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.25 14:14:57 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.23 23:02:35 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad
[2012.07.23 23:02:35 | 000,001,879 | ---- | C] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.23 19:00:41 | 021,849,912 | ---- | C] () -- C:\Users\Max\Desktop\bdp7500bl_12_fus_deu.zip
[2012.07.19 17:50:25 | 146,876,696 | ---- | C] () -- C:\Users\Max\Desktop\47pfl6877k_12_fus_deu_NEW.zip
[2012.07.19 16:08:42 | 146,511,599 | ---- | C] () -- C:\Users\Max\Desktop\6xx7_7XX7_8xx7_132.5.1.zip
[2012.07.17 10:15:58 | 145,224,603 | ---- | C] () -- C:\Users\Max\Desktop\47pfl6877k_12_fus_deu_108_008.zip
[2012.07.16 19:39:34 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.07.11 12:13:36 | 000,116,759 | ---- | C] () -- C:\Users\Max\Desktop\2012-07-08-416.jpg
[2012.07.11 12:13:35 | 000,142,909 | ---- | C] () -- C:\Users\Max\Desktop\2012-07-08-415.jpg
[2012.07.11 12:13:35 | 000,114,337 | ---- | C] () -- C:\Users\Max\Desktop\2012-07-08-410.jpg
[2012.07.08 08:33:31 | 2414,710,784 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.01 16:44:57 | 094,925,071 | ---- | C] () -- C:\Users\Max\Desktop\bdp7700_12_fus_deu.zip
[2012.06.29 16:22:15 | 000,549,280 | ---- | C] () -- C:\Users\Max\Desktop\max_5.27.uns
[2012.06.27 18:33:41 | 000,127,779 | ---- | C] () -- C:\Users\Max\Desktop\Ablaufprotokoll20120627.pdf
[2012.05.03 10:02:07 | 000,000,056 | ---- | C] () -- C:\Windows\vidpidfix.INI
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.11.17 03:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.09.20 21:34:52 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.08.14 15:03:25 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.05.30 18:28:54 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.05.30 18:26:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.28 02:04:02 | 000,181,724 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.04.13 19:39:14 | 000,071,168 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2011.04.13 19:39:05 | 000,000,051 | ---- | C] () -- C:\Windows\TSetup.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.26 22:56:45 | 002,336,384 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.03.26 22:56:45 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.03.26 22:56:45 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.03.26 22:56:45 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.03.26 22:56:45 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.03.13 02:49:59 | 000,676,864 | ---- | C] () -- C:\Windows\System32\mxMonecSocket.dll
[2010.11.02 10:43:41 | 000,137,960 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.11.02 10:07:37 | 000,235,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.11.02 10:07:19 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.11.02 10:07:18 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.10.08 12:52:13 | 000,000,000 | -H-- | C] () -- C:\Windows\msds.dat
[2010.10.08 12:43:12 | 000,029,574 | ---- | C] () -- C:\Windows\SETUP1.EXE
[2010.09.25 00:32:56 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2010.09.25 00:32:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010.07.29 19:39:53 | 000,000,149 | ---- | C] () -- C:\Windows\wiso.ini
[2010.05.18 00:27:43 | 000,004,608 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.15 20:46:54 | 000,000,084 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.03.28 02:42:22 | 002,887,680 | ---- | C] () -- C:\Users\Max\s-1-5-21-3619751621-3969484228-3234360931-1000.rrr
[2010.03.06 13:54:38 | 000,001,356 | ---- | C] () -- C:\Users\Max\Windows XP Mode.vmcx
[2010.02.27 18:24:37 | 000,000,484 | RHS- | C] () -- C:\Users\Max\ntuser.pol
[2009.09.04 17:10:16 | 000,007,597 | ---- | C] () -- C:\Users\Max\AppData\Local\Resmon.ResmonCfg
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C895616B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6CC69D3C

< End of report >

und hier die Extras:

Code:
OTL Extras logfile created on: 25.07.2012 15:03:31 - Run 3
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\Max\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,22% Memory free
6,00 Gb Paging File | 4,50 Gb Available in Paging File | 75,01% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 79,12 Gb Free Space | 26,55% Space Free | Partition Type: NTFS
Drive D: | 470,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SG | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33223DBF-6D75-424D-993D-9A1B220D49B7}" = rport=137 | protocol=17 | dir=out | app=system |
"{46C38233-7E7E-43A2-BA53-CB1EDBD50D18}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55042354-914B-4632-B025-31DB41585143}" = rport=139 | protocol=6 | dir=out | app=system |
"{58C52788-0596-455C-AD58-99E6225C756C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{70DBE646-4848-4479-BA8D-CAE9473F87E8}" = rport=445 | protocol=6 | dir=out | app=system |
"{8382D1C9-8A64-4BCB-912A-1CC6116AB754}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93BA0931-E856-4184-94C2-3BF9428DAF8C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp4c\wnt500x86\rpcsandrasrv.exe |
"{9FD030EB-7A45-4F6B-986B-0AFC0DBD9575}" = rport=138 | protocol=17 | dir=out | app=system |
"{A8DA0493-2AD8-440F-9656-78FEF257CC0E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B614E88E-F64E-40B6-83B9-F594485B6C8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3090F7B-57DB-40AB-A495-4DB293B42C80}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C38647A2-492B-416C-9495-8C6DDABE096C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C6878056-43A0-4351-B842-D39F3E5196FF}" = lport=138 | protocol=17 | dir=in | app=system |
"{D6511575-5B96-49C6-855A-1A669713EC5B}" = lport=137 | protocol=17 | dir=in | app=system |
"{DB76EF59-B3AC-4BA0-81BB-B195A084A0C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{FDBC5447-9785-445C-A5B0-C08CD39CFD17}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FF649A10-9B4D-4CEE-86AA-BD26B553D6B3}" = lport=139 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051B68B4-A610-4070-9494-60C193E560BC}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{070BBED1-F441-41EC-902D-296879B432BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08CC9CD0-F48C-4B47-ABA0-02F9265AC9CC}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{0E73F2B2-E8FB-4B20-A3C9-F8A748995F46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F1F4B00-5AE3-49E5-AEC0-382CF719BB1F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1339C0F8-42C5-4732-98EB-65C5C8F0987B}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe |
"{198256F7-1440-4A28-A0A8-9F36D95CD1C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23B4DFB5-0922-467E-B237-18CCD544B0EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2885D7F7-2ECF-4A2A-8BE9-B07692317E69}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{2969F1D0-0B75-4BA7-A28D-B362167F19FB}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{2AB38D5A-1426-4BBF-AA65-63EA18866C82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E3FABC5-FF16-4829-A72F-FE3CD904981C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{339BB4E1-80E8-4C84-8E21-E8CEA15EAFA5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{36994970-CF79-468A-8E58-5D510C09CDAE}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{39C8B6D4-5C6E-48E2-880C-63D7E1CDC100}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{3A4181B2-FB37-4646-A880-D38E6BDC9F1E}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{4039F25E-D95B-4812-8DD8-F8424FF0B9E1}" = protocol=6 | dir=in | app=c:\users\max\desktop\solutoinstaller.exe |
"{40DC2B42-1C48-4ADB-9E27-A60758BCDBD6}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{4B90DB80-C3FC-4607-BF95-B06B7ACDE224}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{4C2DE3EA-F48F-4499-8817-6CDD4D7A5332}" = protocol=17 | dir=in | app=c:\users\max\desktop\solutoinstaller.exe |
"{4CA3539E-4FCB-4F09-9161-6ABBDD81A3B6}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{4E882A05-6038-4ABB-A868-1711D238060C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5680218C-8327-47B7-A434-DA94A5F393FB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{56B92D9F-0BF8-4290-9198-A99CC21ED902}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{59A3EB02-F296-409C-8242-D3EB4FF4B5D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{608757A8-F751-4E9E-9757-9A292E188487}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{60DBFA3D-A8D5-4213-897E-8E27664A636C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65DE8696-B11F-4F8E-BE1C-E20D9566C65B}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{67579C54-4439-4312-BF92-B22D3A87E2B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{682E8216-3A78-4E90-AC97-9A2177A06A47}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68D72B4C-8CA1-440E-A085-A128B96D43AC}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{6ADD649B-DEEB-4D2D-8C23-A80D452DAAE8}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{70AEF989-9E5A-4F70-9E96-7A7FEFC28813}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{715C689D-1DE0-4BF7-ACA6-817FFCEF3ADC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{74F7F0B6-2D81-4FBE-9F8C-FB12CA1287ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7618DB44-BE2F-4024-9F94-4D8733ADDE20}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{820CF8D1-54E6-427C-BCA0-CE9A6FA241AB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{86D5F518-B299-4EED-8E6E-89018C8124BB}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{93A29E9E-552E-4AAF-AD8E-B8F74AC7155E}" = protocol=17 | dir=in | app=c:\spiele\age of empires iii\age3y.exe |
"{959A074B-2202-4C61-A812-79E43B97B77B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CF37E1A-68F2-49C5-BB2B-3FC18CFA1C79}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{9E369766-9C0B-4345-8CC3-08798A77DA65}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A13E6F27-F821-4744-8EE5-D6631281C9DA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A66EE77E-5065-43AA-9BA6-6EE6E00833B0}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{A69455A8-2C96-4F6F-AED1-848E1334FBDE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA05FA0E-9E08-4716-85F0-58B7EE9B9EB9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA567A35-C0E8-43A7-AAD2-70A9285FA2D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABAF0A46-3E75-4521-92E6-A8B5000DD951}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{B2534AE5-E320-4D76-8808-19FD470412DB}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{B91506D4-052E-48AA-A86F-F44DE236FDD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9AE6ED8-254E-4B6F-A9FD-770A2ACFB4E0}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B9D9281C-D14E-4593-B02D-28F3328495A5}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{BDF620C6-2E0D-4786-B6EE-FC66225C5C98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE3E9EBB-24BF-4048-B7EF-C7A28BD14E15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C158037D-4EBC-40B4-95A3-0EF4AFEAF119}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C1C0A0A6-3DCB-4908-89B4-83EA2D3AF45A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C272DE8A-B825-45CF-867F-572504669244}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{C375FA36-09F9-49B3-A8FF-ADDA7CAEC557}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{C6079E3D-1A4B-4D0E-87C5-3D6D51312099}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{CC519E97-49E6-4E53-AECF-D374B0C814D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD7F43B0-9A20-4207-B383-D7EDFF5397BB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{CDF03E81-DF4F-44DE-880D-17E6865271A0}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{CDF0D607-1D64-4DBC-AF94-26477B755A02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D220A7BC-C347-4CDB-A783-93366BE49272}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe |
"{D5D0C049-EE47-400D-B742-DE65E907C59A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{D6E1BBFA-26B6-4140-9604-E16BA8F959B9}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{DF9CD02C-21F9-4F51-9A21-CC34E97DCC9C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E43F09C7-36BA-4325-A0B3-37A364A716B7}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{EA366D00-B0B5-47E6-AB48-071535E1A987}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F12E3D29-ED3A-4211-B024-31BFFC6DE7BC}" = protocol=6 | dir=in | app=c:\spiele\age of empires iii\age3y.exe |
"{F5C55FE3-6B0D-4BF2-9209-A62F7F85E5BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6501FCD-56DE-43D3-AC21-4203A7CD79E1}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{F984F6EE-173C-4D03-B8F2-6C18C38172E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA237545-2141-4F75-B7C9-ED4F8155D3DD}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"TCP Query User{96765F11-56CF-429D-AF53-629F4BE55AAC}P:\already installed games\call of duty\codmp.exe" = protocol=6 | dir=in | app=p:\already installed games\call of duty\codmp.exe |
"UDP Query User{85D486B6-E034-4CF7-9CF6-C47CDFB69E3F}P:\already installed games\call of duty\codmp.exe" = protocol=17 | dir=in | app=p:\already installed games\call of duty\codmp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""DGStation PCEditor by JonDoe"_is1" = PCEditor 1.2.56
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{012E1293-EA51-4C22-9573-26E3A0F887C5}" = Channel Master
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.7 Build #6082 Banner Remover 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1893BDFE-B689-4B69-81EB-72A9DDDCC1CC}" = Nokia Suite
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2276E169-3C2B-44B9-92A1-87E630C9FDD0}" = Quake Live Internet Explorer Plugin
"{2517B7EA-6C03-4D86-A1B1-F3FE1C3BC03B}" = Radmin Viewer 3.4
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{2C0FFAE3-B7B2-400F-9D71-B711DB0BEB98}_is1" = ICQ Self Remover 1.2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34185C68-9624-4495-ABE7-BA7CDF7ABA2A}" = TMPGEnc Plus 2.5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC7D512-C41E-450D-A8E6-6B7AA8661B6B}" = PC Connectivity Solution
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.1
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{650E2ABD-270A-499C-BA9F-09180DDDDA16}" = Nokia Software Updater
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777C06F9-8462-4289-9026-0462906E177F}" = XPS LightFX SDK
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86E2D36E-0FBB-4185-81C4-6B520C32A030}" = Nokia Configuration Tool 6.3
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.3
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.9
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II
"{A35883BD-9C83-4625-82F3-90F86728C662}" = FreeUndelete
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B1EE19E5-30DC-4912-85E9-B656867F27B6}_is1" = ICQ Password Changer 1.2
"{B39F305D-4C71-44C4-B494-4CA337EBE802}_is1" = ICQ 7 Security Patch 1.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.8-beta1
"{BE6DF37F-8D64-4CAA-8028-3671FDAA94DF}" = ALL16820x Utility
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3880573-B551-4549-B67E-8AC09AC919B6}" = Trendyflash Site Builder
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"10finger" = 10Finger- Schreibtrainer
"1489-3350-5074-6281" = JDownloader 0.9
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Advanced LAN Scanner v1.0 BETA 1" = Advanced LAN Scanner v1.0 BETA 1
"AnyDVD" = AnyDVD
"Aurora 15.0a2 (x86 de)" = Aurora 15.0a2 (x86 de)
"AVI DivX to DVD SVCD VCD Converter_is1" = AVI DivX to DVD SVCD VCD Converter 3.0.0512
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Internet Security 2012
"B4DFFB06B716298277125094C48185BFE8B5A7E1" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"BeyondCompare3_is1" = Beyond Compare Version 3.1.11
"CCleaner" = CCleaner
"Channel Master" = Channel Master
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"DesktopIconAmazon" = Desktop Icon für Amazon
"DVBViewer Pro_is1" = DVBViewer Pro
"DYMO Label Software" = DYMO Label Software
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 7.1.1 Home Edition
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)
"Ext2Fsd_is1" = Ext2Fsd 0.51
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.9.15
"FastStone Capture" = FastStone Capture 5.3
"FileZilla Client" = FileZilla Client 3.3.2.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"I8kfanGUI" = I8kfanGUI V3.1
"InstallShield_{34185C68-9624-4495-ABE7-BA7CDF7ABA2A}" = TMPGEnc Plus 2.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaInfo" = MediaInfo 0.7.27
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Motherboard Monitor 5.3.7.0 Languages_is1" = Motherboard Monitor 5 Languages
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3Cover" = MP3Cover
"MProg 3.0a" = MProg 3.0a
"Nokia Configuration Tool 6.3" = Nokia Configuration Tool
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"RealVNC_is1" = VNC Personal Edition P4.5.4
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Revo Uninstaller" = Revo Uninstaller 1.93
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Sandboxie" = Sandboxie 3.442
"SpellForce" = SpellForce
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"TreeSize Free_is1" = TreeSize Free V2.5
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.8
"UseNeXT_is1" = UseNeXT
"VCDS Release 10.6" = VCDS Release 10.6.0
"VCDS-Lite  1.0" = VCDS-Lite 1.0
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.3
"VSO Image Resizer 4_is1" = VSO Image Resizer 4.0.0.53
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"Wondershare DPG Converter update trial to full_is1" = Wondershare DPG Converter(Build 4.2.0.56)
"Wondershare DPG Converter_is1" = Wondershare DPG Converter(Build 4.2.0.56)
"XTreme-G Drivers_is1" = XTreme-G 190.62m Vista Win 7 32bit
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinSetupFromUSB" = WinSetupFromUSB
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.09.2011 20:48:48 | Computer Name = SG | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia
 PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.09.2011 20:51:47 | Computer Name = SG | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 18.09.2011 15:10:19 | Computer Name = SG | Source = Windows Backup | ID = 4103
Description =
 
Error - 20.09.2011 13:25:25 | Computer Name = SG | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\EASEUS\easeus
 partition master 7.1.1 home edition\bin\x64\ConvertFAT2NTFS.exe.Manifest". Fehler
 in Manifest- oder Richtliniendatei "c:\program files\EASEUS\easeus partition master
 7.1.1 home edition\bin\x64\Microsoft.VC80.CRT.MANIFEST" in Zeile  11.  Die im Manifest
 gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis:
 Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition:
 Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.09.2011 13:25:26 | Computer Name = SG | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\EASEUS\easeus
 partition master 7.1.1 home edition\bin\x64\WinChkdsk.exe". Fehler in Manifest-
 oder Richtliniendatei "c:\program files\EASEUS\easeus partition master 7.1.1 home
 edition\bin\x64\Microsoft.VC80.CRT.MANIFEST" in Zeile  11.  Die im Manifest gefundene
 Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.  Verweis:
 Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition:
 Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.09.2011 13:26:27 | Computer Name = SG | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia
 PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.09.2011 13:29:27 | Computer Name = SG | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 20.09.2011 15:09:03 | Computer Name = SG | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\EASEUS\easeus
 partition master 7.1.1 home edition\bin\x64\ConvertFAT2NTFS.exe.Manifest". Fehler
 in Manifest- oder Richtliniendatei "c:\program files\EASEUS\easeus partition master
 7.1.1 home edition\bin\x64\Microsoft.VC80.CRT.MANIFEST" in Zeile  11.  Die im Manifest
 gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis:
 Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition:
 Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.09.2011 15:09:03 | Computer Name = SG | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\EASEUS\easeus
 partition master 7.1.1 home edition\bin\x64\WinChkdsk.exe". Fehler in Manifest-
 oder Richtliniendatei "c:\program files\EASEUS\easeus partition master 7.1.1 home
 edition\bin\x64\Microsoft.VC80.CRT.MANIFEST" in Zeile  11.  Die im Manifest gefundene
 Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.  Verweis:
 Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition:
 Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.09.2011 15:09:56 | Computer Name = SG | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia
 PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.09.2011 15:11:45 | Computer Name = SG | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 24.07.2012 04:25:43 | Computer Name = SG | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1058
 
Error - 24.07.2012 04:25:44 | Computer Name = SG | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 24.07.2012 04:26:08 | Computer Name = SG | Source = DCOM | ID = 10010
Description =
 
Error - 24.07.2012 04:26:09 | Computer Name = SG | Source = DCOM | ID = 10010
Description =
 
Error - 24.07.2012 04:33:40 | Computer Name = SG | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DellBIOS" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 24.07.2012 04:33:42 | Computer Name = SG | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1058
 
Error - 24.07.2012 04:33:43 | Computer Name = SG | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 25.07.2012 05:19:06 | Computer Name = SG | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DellBIOS" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 25.07.2012 05:19:07 | Computer Name = SG | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1058
 
Error - 25.07.2012 05:19:09 | Computer Name = SG | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
 
< End of report >


EDIT: MALWAREBYTES Log unverändert.

Anbei das Log nach dem Fix + Neustart:

Code:
========== OTL ==========
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.54.1 log created on 07252012_154725

Was nun? Nochmal Malwarebytes? Dies hatte ja vorher auch nichts gefunden...

scriptlivver 30.07.2012 13:37
Kann mir keiner helfen?? :wtf:

markusg 30.07.2012 19:50
sorry
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

scriptlivver 01.08.2012 15:15
Ok, danke - bin momentan noch im Urlaub - werde dies also erst kommende Woche durchführen können.

Grüße

script

scriptlivver 06.08.2012 11:32
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo,
habe zwischenzeitlich mit der Comodo Firewall den Schädling auf c:\users\XYZ\AppData\Local\Temp\fe0_zip.exe eingrenzen können.
Anbei das Combofix Log:

Code:
ComboFix 12-08-05.02 - XYZ 06.08.2012  11:50:49.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.3070.1802 [GMT 2:00]
ausgeführt von:: c:\users\XYZ\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\XYZ\AppData\Local\Temp\fe0_zip.exe
c:\windows\XSxS
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-06 bis 2012-08-06  ))))))))))))))))))))))))))))))
.
.
2012-08-06 10:08 . 2012-08-06 10:08        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-08-06 10:08 . 2012-08-06 10:08        --------        d-----w-        c:\users\Acronis Agent User\AppData\Local\temp
2012-08-06 09:21 . 2012-08-06 09:24        --------        d-----w-        c:\programdata\Comodo
2012-08-06 09:21 . 2012-08-06 09:21        --------        d-----w-        c:\program files\COMODO
2012-07-25 13:47 . 2012-07-25 13:47        --------        d-----w-        C:\_OTL
2012-07-25 12:15 . 2012-07-25 12:15        --------        d-----w-        c:\users\XYZ\AppData\Roaming\Malwarebytes
2012-07-25 12:14 . 2012-07-25 12:14        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-25 12:14 . 2012-07-25 12:14        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-07-25 12:14 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-24 10:22 . 2012-07-25 10:15        --------        d---a-w-        C:\Kaspersky Rescue Disk 10.0
2012-07-18 17:36 . 2012-07-18 17:36        --------        d-----w-        c:\users\XYZ\AppData\Local\Macromedia
2012-07-16 17:37 . 2012-06-27 13:18        19072        ----a-w-        c:\windows\system32\drivers\pccsmcfd.sys
2012-07-16 17:37 . 2012-07-16 17:37        --------        d-----w-        c:\program files\PC Connectivity Solution
2012-07-16 10:36 . 2012-06-12 02:40        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-07-16 10:36 . 2012-06-18 01:14        6762896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFAAA8D4-FC96-4F00-B46D-AA44E0C69D07}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-26 18:36 . 2012-05-23 17:40        426184        ------w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-26 18:36 . 2011-07-01 22:48        70344        ------w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-23 07:05        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 07:05        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 07:05        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 07:05        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 07:05        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 07:05        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 07:05        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 07:04        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-23 07:04        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2009-10-04 12:55        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-15 03:03 . 2012-06-26 18:45        981504        ----a-w-        c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}]
2011-04-14 04:37        252832        ----a-w-        c:\program files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-04-17 394984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-27 217088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-03-06 96800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
.
c:\users\XYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ctfmon.lnk - c:\windows\System32\rundll32.exe [2009-7-14 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LAN Chat.lnk]
backup=c:\windows\pss\LAN Chat.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-02-06 15:02        170496        ----a-w-        c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21        57344        ----a-w-        c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2009-09-05 15:29        385024        ----a-w-        c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 13:56        1821576        ----a-w-        c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 10:29        1996200        ----a-w-        c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 13:08        205336        ----a-w-        c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-06 09:52        13605408        ------w-        c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-03-06 09:52        96800        ------w-        c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-06 09:52        92704        ------w-        c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32        1479680        ----a-w-        c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-04-17 10:56        394984        ----a-w-        c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43        248040        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;g:\tuneupportable\App\TuneUp\TuneUpUtilitiesService32.exe [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 DGUSB;DGUSB.Sys DGUSB Bulk IO driver;c:\windows\system32\Drivers\DGUSB.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 Ext2Fsd;Linux ext2 file system driver; [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NETwLv32;    Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;g:\tuneupportable\App\TuneUp\TuneUpUtilitiesDriver32.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.msn.de/
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to Mp3 Converter - c:\users\XYZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\XYZ\AppData\Roaming\Mozilla\Firefox\Profiles\u7hs57z8.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-SolutoService
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.2\ICQ.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\Logitech WebCam Software\LWS.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
MSConfigStartUp-USBToolTip - c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
AddRemove-UseNeXT_is1 - u:\usenext\unins000.exe
AddRemove-VCDS-Lite  1.0 - c:\ross-tech\VCDS-Lite\UnInstall.exe
AddRemove-XTreme-G Drivers_is1 - c:\nvidia forceware\XTreme-G 190.62m Vista Win 7 32bit\unins000.exe
AddRemove-WinSetupFromUSB - c:\winsetupfromusb\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\guard32.dll
.
Zeit der Fertigstellung: 2012-08-06  12:12:18
ComboFix-quarantined-files.txt  2012-08-06 10:12
.
Vor Suchlauf: 10 Verzeichnis(se), 83.724.648.448 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 84.022.214.656 Bytes frei
.
- - End Of File - - E154753580D9C8880957DDD33279B0AF


Nach dem Neustart bekomme ich jetzt aber angehängte RUNDLL Meldung.
Wie bekomme ich die weg? :-)

markusg 06.08.2012 17:38
lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

scriptlivver 06.08.2012 18:09
Hi,
also ich habe mir nun die ganze Liste angesehen. Und mir ist eigentlich jedes Programm bekannt, da alles selbst installiert.
Um das Infizierungs-Datum herum sind auch nur CCleaner usw. installiert worden. Siehe die letzten 7 Einträge.
Alles andere war auch schon vorher da und würde ich auch als "benötigt" bezeichnen.

Ich würde nun normalerweise mit dem CCleaner die falschen Einträge löschen, damit besagte Fehlermeldung nicht mehr auftritt - wenn du keine Einwände hast.

Anbei die Liste:

Code:
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        03.09.2009        596KB        9.0.30729
WinRAR                03.09.2009               
Eraser 5.8.8-beta1        The Eraser Project        04.09.2009                Eraser 5.8.8-beta1
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        04.09.2009        1,72MB        3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        04.09.2009        252KB        8.0.50727.4053
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        04.09.2009        200KB        9.0.30729.4148
Windows Live Sync        Microsoft Corporation        04.09.2009        2,79MB        14.0.8089.726
Java(TM) 6 Update 20        Sun Microsystems, Inc.        05.09.2009        94,9MB        6.0.200
Spelling Dictionaries Support For Adobe Reader 9        Adobe Systems Incorporated        05.09.2009        29,6MB        9.0.0
SigmaTel Audio        SigmaTel        07.09.2009                5.10.5210.0
Windows XP Mode        Microsoft Corporation        07.09.2009        1,13GB        1.2.7235.0
System Requirements Lab                13.09.2009               
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition        Alexey Nicolaychuk        15.09.2009                v2.24 MSI Master Overclocking Arena 2009 edition
FreePDF (Remove only)                09.10.2009               
GPL Ghostscript 8.70                09.10.2009               
RedMon - Redirection Port Monitor                09.10.2009               
ProtectDisc Driver, Version 11        ProtectDisc Software GmbH        11.10.2009                11.0.0.12
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        15.10.2009        1,27MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        26.11.2009        1,33MB        4.20.9876.0
VLC media player 1.0.3        VideoLAN Team        02.12.2009                1.0.3
WinPcap 4.1.1        CACE Technologies        19.01.2010                4.1.0.1753
QuickPar 0.9        Peter B. Clements        23.01.2010                0.9
MediaInfo 0.7.27        MediaArea.net        03.02.2010                0.7.27
VirtualCloneDrive        Elaborate Bytes        19.02.2010               
Ventrilo Client        Flagship Industries, Inc.        07.03.2010        4,43MB        3.0.5
Spybot - Search & Destroy        Safer Networking Limited        02.05.2010                1.6.2
FileZilla Client 3.3.2.1                13.05.2010                3.3.2.1
Sandboxie 3.442                23.05.2010               
Winamp        Nullsoft, Inc        04.06.2010                5.572
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        24.06.2010        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        24.06.2010        2,93MB        4.0.30319
Unlocker 1.8.8        Cedrick Collomb        28.07.2010                1.8.8
Free Audio CD Burner version 1.4        DVDVideoSoft Limited.        18.08.2010        8,08MB       
Uninstall 1.0.0.1                18.08.2010        10,5MB       
FastStone Capture 5.3        FastStone Soft        25.08.2010                5.3
Driver Sweeper 2.1.0        Phyxion.net        01.09.2010               
Beyond Compare Version 3.1.11        Scooter Software        30.09.2010               
VNC Personal Edition P4.5.4        RealVNC Ltd.        30.09.2010                P4.5.4
Avidemux 2.5                02.10.2010                2.5.3.0
NVIDIA PhysX        NVIDIA Corporation        01.11.2010        119MB        9.09.0720
FreeUndelete        Recoveronix        14.11.2010        1,56MB        2.0
I8kfanGUI V3.1        Christian Diefer        15.12.2010                3.1
Motherboard Monitor 5 Languages        Alexander van Kaam        15.12.2010                5
EASEUS Partition Master 7.1.1 Home Edition        EASEUS        26.03.2011        39,7MB       
Notepad++                26.03.2011                5.8.7
Total Commander (Remove or Repair)        Ghisler Software GmbH        26.03.2011                7.56a
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        08.04.2011                11.5.9.620
JDownloader 0.9        AppWork GmbH        24.04.2011                0.9
MP3Cover                25.04.2011               
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        28.04.2011        598KB        9.0.30729.5570
ArcSoft TotalMedia 3.5        ArcSoft        29.04.2011                3.5.28.322
NVIDIA Drivers        NVIDIA Corporation        24.05.2011                1.3
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        30.05.2011        31,3MB        3.5.88.0
Microsoft Games for Windows Marketplace        Microsoft Corporation        30.05.2011        6,03MB        3.5.50.0
System Requirements Lab for Intel        Husdawg, LLC        30.05.2011        763KB        4.4.24.0
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        16.06.2011        300KB        8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        600KB        9.0.30729.6161
Microsoft Office Professional Plus 2010        Microsoft Corporation        02.07.2011                14.0.6029.1000
Microsoft IntelliPoint 8.2        Microsoft Corporation        13.08.2011                8.20.468.0
TreeSize Free V2.5        JAM Software        11.09.2011        3,50MB        2.5
Mozilla Firefox (3.6.23)        Mozilla        01.10.2011                3.6.23 (de)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        06.10.2011        16,5MB        10.0.40219
Ext2Fsd 0.51        Matt Wu        05.12.2011        2,76MB        0.51
Windows Live Essentials        Microsoft Corporation        25.04.2012                15.4.3555.0308
MProg 3.0a                03.05.2012               
Microsoft Silverlight        Microsoft Corporation        09.05.2012        256MB        4.1.10329.0
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        23.05.2012        6,00MB        11.2.202.235
Mozilla Firefox 13.0 (x86 de)        Mozilla        23.05.2012        36,3MB        13.0
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        26.06.2012        6,00MB        11.3.300.262
Adobe Reader 9.5.1 - Deutsch        Adobe Systems Incorporated        26.06.2012        118MB        9.5.1
Skype™ 5.10        Skype Technologies S.A.        01.07.2012        19,5MB        5.10.114
Skype Click to Call        Skype Technologies S.A.        18.07.2012        21,8MB        6.1.10441
CCleaner        Piriform        24.07.2012                3.21
Malwarebytes Anti-Malware Version 1.62.0.1300        Malwarebytes Corporation        25.07.2012        18,7MB        1.62.0.1300
Aurora 16.0a2 (x86 de)        Mozilla        06.08.2012        40,9MB        16.0a2
Avira Internet Security 2012        Avira        06.08.2012        107MB        12.0.0.1088
COMODO Internet Security        COMODO Security Solutions Inc.        06.08.2012        135MB        5.10.31649.2253
COMODO Internet Security        COMODO Security Solutions Inc.        06.08.2012                5.10.31649.2253
Mozilla Maintenance Service        Mozilla        06.08.2012        335KB        16.0a2
Danke und Gruß

script

markusg 08.08.2012 21:29
COMODO das kann weg, du hast doch schon avira.
öffne ccleaner, analysieren starten
#öffne otl, cleanup, pc startet neu, testen wie der pc läuft

scriptlivver 09.08.2012 00:13
Ja, aber weder das AntiVir, noch die Avira Firewall konnten irgendetwas gegen den GVU Trojaner ausrichten bzw. haben diesen überhaupt erkannt.
Erst Commodo machte den Rechner wieder im Netz benutzbar, weil es das über den IE aufgerufene Programm enttarnte.

Habe mit dem CCleaner alles bereinigt und auch mit OTL, aber ich bekomme immernoch beim Startup die RUNDLL Fehlermeldung, die ich im vorletzten Post angehängt habe.
Wie kann ich die Fehlermeldung weg bekommen? Ich find nix, wo das irgendwie hinterlegt wäre.

Danke und Gruß

script


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131