Trojaner-Board
Seite 1 von 5 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Sicherheitscenterdienst (https://www.trojaner-board.de/131459-sicherheitscenterdienst.html)

tempotimes 24.02.2013 12:40
Sicherheitscenterdienst
 
Hallo,

also ich hatte letztens so nen Virus aufm Laptop und kurze Zeit später fiel mir dann auf, dass das Sicherheitscenter unten rechts in der Taskleiste nicht mehr aufgeführt wird. Manuell starten lässt es sich auch nicht, denn dann kommt "Der Windows-Sicherheitsdienst kann nicht gestartet werden". Wenn ich dann bei Diensten nach diesem speziellen Dienst suche, wird dieser nicht einmal mehr aufgeführt. Ich hoffe ihr könnt mir weiter helfen. Vielen Dank im voraus.

Hier noch die Logfiles von HJTScanlist, Malwarebytes, HiJackThis und CCleaner.
Bei HiJackThis entfernte ich schon die "mctadmin"-Einträge. Und auch bei Malwarebytes führte ich die Säuberungen durch.


Code:
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.1.7601]
 
 
C:

  24.02.2013 12:23    C:\Program Files (x86) --------- 20480 
  24.02.2013 12:22    C:\ProgramData --------- 12288 
  24.02.2013 12:22    C:\END --------- 0 
  24.02.2013 12:12    C:\test.log --------- 294 
      C:\pagefile.sys ---------   
      C:\hiberfil.sys ---------   
  24.02.2013 12:10    C:\Windows --------- 32768 
  23.02.2013 23:40    C:\Program Files --------- 12288 
  23.02.2013 22:55    C:\Users --------- 4096 
  17.02.2013 20:30    C:\AILog.txt --------- 0 
  17.02.2013 02:35    C:\System Volume Information --------- 16384 
  14.02.2013 19:29    C:\Downloads --------- 0 
  14.09.2012 15:28    C:\temp --------- 0 
  17.01.2012 20:48    C:\MSOCache --------- 0 
  20.12.2011 14:10    C:\NVIDIA --------- 0 
  27.09.2011 14:20    C:\$Recycle.Bin --------- 0 
  16.09.2011 16:27    C:\Recovery --------- 0 
  16.09.2011 16:27    C:\Programme --------- 0 
  16.09.2011 16:27    C:\Dokumente und Einstellungen --------- 0 
  13.09.2011 04:46    C:\windiag --------- 0 
  30.03.2010 08:36    C:\found.000 --------- 0 
  15.12.2009 08:49    C:\Setup.log --------- 166 
  15.12.2009 08:19    C:\RHDSetup.log --------- 2144 
  15.12.2009 08:17    C:\Intel --------- 0 
  14.07.2009 06:08    C:\Documents and Settings --------- 0 
  14.07.2009 04:20    C:\PerfLogs --------- 0 
----------------------------------------

 
C:\windows

  24.02.2013 12:16    C:\windows\WindowsUpdate.log --------- 1257931 
  24.02.2013 12:10    C:\windows\setupact.log --------- 6527 
  24.02.2013 12:10    C:\windows\bootstat.dat --------- 67584 
  24.02.2013 01:40    C:\windows\PFRO.log --------- 2262 
  23.02.2013 23:40    C:\windows\epplauncher.mif --------- 1912 
  15.01.2013 20:35    C:\windows\setuperr.log --------- 0 
  11.02.2012 07:36    C:\windows\splwow64.exe --------- 67072 
  25.12.2011 14:33    C:\windows\VobEdit.INI --------- 133 
  25.12.2011 13:45    C:\windows\IfoEdit.INI --------- 280 
  13.09.2011 03:02    C:\windows\win.ini --------- 717 
  25.02.2011 07:19    C:\windows\explorer.exe --------- 2871808 
  20.11.2010 14:24    C:\windows\bfsvc.exe --------- 71168 
  20.11.2010 13:21    C:\windows\twain_32.dll --------- 51200 
  15.12.2009 09:04    C:\windows\Csup.txt --------- 10 
  15.12.2009 08:15    C:\windows\HotFixList.ini --------- 2 
  20.11.2009 10:17    C:\windows\R-series.bmp --------- 480056 
  20.11.2009 09:39    C:\windows\R-series.c1 --------- 673 
  20.11.2009 09:39    C:\windows\R-series.c3 --------- 673 
  20.11.2009 09:39    C:\windows\R-series.ico --------- 10446 
  20.11.2009 05:56    C:\windows\R-series.swf --------- 10478708 
  16.11.2009 08:27    C:\windows\Crystal Delight.scr --------- 19480587 
  10.11.2009 02:32    C:\windows\surbey.ico --------- 562718 
  17.09.2009 20:00    C:\windows\SetLCDStretchMode.exe --------- 345600 
  19.08.2009 02:16    C:\windows\RtlExUpd.dll --------- 831488 
  14.07.2009 05:54    C:\windows\WindowsShell.Manifest --------- 749 
  14.07.2009 02:39    C:\windows\write.exe --------- 10240 
  14.07.2009 02:39    C:\windows\regedit.exe --------- 427008 
  14.07.2009 02:39    C:\windows\notepad.exe --------- 193536 
  14.07.2009 02:39    C:\windows\HelpPane.exe --------- 733696 
  14.07.2009 02:39    C:\windows\hh.exe --------- 16896 
  14.07.2009 02:39    C:\windows\fveupdate.exe --------- 15360 
  14.07.2009 02:14    C:\windows\winhlp32.exe --------- 9728 
  14.07.2009 02:14    C:\windows\twunk_32.exe --------- 31232 
  14.07.2009 00:06    C:\windows\mib.bin --------- 43131 
  10.06.2009 22:41    C:\windows\twunk_16.exe --------- 49680 
  10.06.2009 22:41    C:\windows\twain.dll --------- 94784 
  10.06.2009 22:08    C:\windows\system.ini --------- 219 
  10.06.2009 21:52    C:\windows\WMSysPr9.prx --------- 316640 
  10.06.2009 21:36    C:\windows\msdfmap.ini --------- 1405 
  10.06.2009 21:31    C:\windows\Starter.xml --------- 48201 
  10.06.2009 21:30    C:\windows\HomePremium.xml --------- 48265 
  10.06.2009 21:30    C:\windows\HomeBasic.xml --------- 48223 
  15.04.2009 03:21    C:\windows\SetDisplayResolution.exe --------- 307200 
  19.12.2008 20:04    C:\windows\SetDisplayResolutionDT.xml --------- 3282 
  19.12.2008 20:04    C:\windows\SetDisplayResolutionNP.xml --------- 3282 
  20.02.2008 08:50    C:\windows\R-series.scr --------- 903680 
  20.02.2008 08:49    C:\windows\R-series.exe --------- 495104 
  14.11.2007 08:13    C:\windows\Reseal64.exe --------- 423936 
  09.11.2006 23:31    C:\windows\Samsung.png --------- 16018 
  24.10.2006 09:06    C:\windows\R-series.c4 --------- 639 
  08.10.2006 11:33    C:\windows\R-series.ini --------- 0 
  17.12.1999 07:13    C:\windows\unvise32.exe --------- 86016 
----------------------------------------

 
C:\windows\System

 21.09.1994 00:00      C:\windows\System\Wing32.dll --------- 12800
----------------------------------------

 
C:\windows\System32

 24.02.2013 12:18    C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 13936 
 24.02.2013 12:18    C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 13936 
 24.02.2013 12:26    C:\windows\system32\config --------- 28672 
 24.02.2013 05:32    C:\windows\system32\FNTCACHE.DAT --------- 389920 
 24.02.2013 05:30    C:\windows\system32\migration --------- 0 
 24.02.2013 05:30    C:\windows\system32\drivers --------- 65536 
 24.02.2013 02:30    C:\windows\system32\MRT.exe --------- 70004024 
 24.02.2013 02:28    C:\windows\system32\perfh009.dat --------- 616242 
 24.02.2013 02:28    C:\windows\system32\perfc009.dat --------- 106622 
 24.02.2013 02:28    C:\windows\system32\perfc007.dat --------- 130240 
 24.02.2013 02:28    C:\windows\system32\perfh007.dat --------- 654400 
 24.02.2013 02:28    C:\windows\system32\PerfStringBackup.INI --------- 1520734 
 23.02.2013 23:16    C:\windows\system32\catroot --------- 4096 
 23.02.2013 22:58    C:\windows\system32\catroot2 --------- 40960 
 23.02.2013 22:56    C:\windows\system32\DriverStore --------- 4096 
 10.02.2013 04:25    C:\windows\system32\nvd3dumx.dll --------- 17987192 
 10.02.2013 04:25    C:\windows\system32\nvdispco6420294.dll --------- 1807136 
 10.02.2013 04:25    C:\windows\system32\nvcuda.dll --------- 9422672 
 10.02.2013 04:25    C:\windows\system32\nvinfo.pb --------- 17738 
 10.02.2013 04:25    C:\windows\system32\nvcompiler.dll --------- 25256736 
 10.02.2013 04:25    C:\windows\system32\nvcuvenc.dll --------- 2350368 
 10.02.2013 04:25    C:\windows\system32\nvoglv64.dll --------- 26947360 
 10.02.2013 04:25    C:\windows\system32\nvcuvid.dll --------- 2911008 
 10.02.2013 04:25    C:\windows\system32\nvdispgenco6420162.dll --------- 1510176 
 10.02.2013 04:25    C:\windows\system32\nvopencl.dll --------- 7569184 
 10.02.2013 04:25    C:\windows\system32\nvapi64.dll --------- 2854344 
 10.02.2013 04:25    C:\windows\system32\nvwgf2umx.dll --------- 15275744 
 10.02.2013 02:04    C:\windows\system32\nvsvc64.dll --------- 3472672 
 10.02.2013 02:04    C:\windows\system32\nvcpl.dll --------- 6393120 
 10.02.2013 02:04    C:\windows\system32\nvvsvc.exe --------- 877856 
 10.02.2013 02:04    C:\windows\system32\nvsvcr.dll --------- 2555680 
 10.02.2013 02:04    C:\windows\system32\nvshext.dll --------- 63776 
 10.02.2013 02:04    C:\windows\system32\nvmctray.dll --------- 237856 
 30.01.2013 11:53    C:\windows\system32\MpSigStub.exe --------- 273840 
 09.01.2013 00:08    C:\windows\system32\de-DE --------- 262144 
 08.01.2013 06:40    C:\windows\system32\mshtmled.dll --------- 97792 
 05.01.2013 06:53    C:\windows\system32\ntoskrnl.exe --------- 5553512 
 04.01.2013 06:46    C:\windows\system32\winsrv.dll --------- 215040 
 04.01.2013 04:26    C:\windows\system32\win32k.sys --------- 3153408 
 20.12.2012 14:59    C:\windows\system32\wininet.dll --------- 1188864 
 20.12.2012 14:59    C:\windows\system32\urlmon.dll --------- 1492992 
 20.12.2012 14:59    C:\windows\system32\url.dll --------- 134144 
 20.12.2012 14:56    C:\windows\system32\mshtml.dll --------- 9058304 
 20.12.2012 14:56    C:\windows\system32\msfeeds.dll --------- 735744 
 20.12.2012 14:55    C:\windows\system32\jsproxy.dll --------- 64512 
 20.12.2012 14:55    C:\windows\system32\ieui.dll --------- 247808 
 20.12.2012 14:55    C:\windows\system32\iertutil.dll --------- 2458112 
 20.12.2012 14:55    C:\windows\system32\ieframe.dll --------- 12295168 
 20.12.2012 13:02    C:\windows\system32\mshtml.tlb --------- 1638912 
 19.12.2012 06:42    C:\windows\system32\nvhdap64.dll --------- 31672 
 18.12.2012 09:31    C:\windows\system32\nvhdagenco6420103.dll --------- 1510328 
 16.12.2012 18:11    C:\windows\system32\atmlib.dll --------- 46080 
 16.12.2012 15:45    C:\windows\system32\atmfd.dll --------- 367616 
 07.12.2012 14:20    C:\windows\system32\Wpc.dll --------- 441856 
 07.12.2012 14:15    C:\windows\system32\gameux.dll --------- 2746368 
 07.12.2012 12:20    C:\windows\system32\usk.rs --------- 30720 
 07.12.2012 12:20    C:\windows\system32\csrr.rs --------- 43520 
 07.12.2012 12:20    C:\windows\system32\oflc.rs --------- 23552 
 07.12.2012 12:20    C:\windows\system32\oflc-nz.rs --------- 45568 
 07.12.2012 12:20    C:\windows\system32\pegi-fi.rs --------- 20480 
 07.12.2012 12:20    C:\windows\system32\pegibbfc.rs --------- 44544 
 07.12.2012 12:20    C:\windows\system32\pegi-pt.rs --------- 20480 
 07.12.2012 12:19    C:\windows\system32\pegi.rs --------- 20480 
 07.12.2012 12:19    C:\windows\system32\fpb.rs --------- 46592 
 07.12.2012 12:19    C:\windows\system32\djctq.rs --------- 15360 
 07.12.2012 12:19    C:\windows\system32\grb.rs --------- 21504 
 07.12.2012 12:19    C:\windows\system32\cob-au.rs --------- 40960 
 07.12.2012 12:19    C:\windows\system32\cero.rs --------- 55296 
 07.12.2012 12:19    C:\windows\system32\esrb.rs --------- 51712 
 30.11.2012 06:45    C:\windows\system32\wow64win.dll --------- 362496 
 30.11.2012 06:45    C:\windows\system32\wow64cpu.dll --------- 13312 
 30.11.2012 06:45    C:\windows\system32\wow64.dll --------- 243200 
 30.11.2012 06:43    C:\windows\system32\ntvdm64.dll --------- 16384 
 30.11.2012 06:41    C:\windows\system32\KernelBase.dll --------- 424448 
 30.11.2012 06:41    C:\windows\system32\kernel32.dll --------- 1161216 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-security-base-l1-1-0.dll --------- 6144 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-util-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll --------- 4608 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll --------- 4096 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll --------- 4096 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-string-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll --------- 3584 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll --------- 4608 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll --------- 3584 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll --------- 3584 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll --------- 3584 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll --------- 3584 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll --------- 4096 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll --------- 4096 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll --------- 3584 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-io-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll --------- 3584 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-file-l1-1-0.dll --------- 5120 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll --------- 3072 
----------------------------------------

 
C:\windows\Prefetch

 24.02.2013 12:28    C:\windows\Prefetch\CMD.EXE-0BD30981.pf --------- 7172 
 24.02.2013 12:27    C:\windows\Prefetch\CONHOST.EXE-0C6456FB.pf --------- 19700 
 24.02.2013 12:27    C:\windows\Prefetch\WINRAR.EXE-BA8CDB31.pf --------- 31858 
 24.02.2013 12:27    C:\windows\Prefetch\AVK.EXE-DB53F0E8.pf --------- 399878 
 24.02.2013 12:27    C:\windows\Prefetch\SEARCHFILTERHOST.EXE-44162447.pf --------- 20118 
 24.02.2013 12:27    C:\windows\Prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf --------- 46574 
 24.02.2013 12:27    C:\windows\Prefetch\FIREFOX.EXE-359C61A4.pf --------- 442576 
 24.02.2013 12:27    C:\windows\Prefetch\DLLHOST.EXE-E173F32A.pf --------- 135824 
 24.02.2013 12:27    C:\windows\Prefetch\THUNDERBIRD.EXE-69F6F4B4.pf --------- 149848 
 24.02.2013 12:27    C:\windows\Prefetch\PIDGIN.EXE-8C222CF4.pf --------- 227176 
 24.02.2013 12:25    C:\windows\Prefetch\FOOBAR2000.EXE-899D0564.pf --------- 102586 
 24.02.2013 12:25    C:\windows\Prefetch\TASKENG.EXE-35FA9C06.pf --------- 233388 
 24.02.2013 12:25    C:\windows\Prefetch\GOOGLEUPDATE.EXE-0E1E7B82.pf --------- 46810 
 24.02.2013 12:24    C:\windows\Prefetch\RUNDLL32.EXE-EB9F1AB4.pf --------- 194006 
 24.02.2013 12:24    C:\windows\Prefetch\WERMGR.EXE-F439C551.pf --------- 31630 
 24.02.2013 12:23    C:\windows\Prefetch\DLLHOST.EXE-1B239C31.pf --------- 22918 
 24.02.2013 12:23    C:\windows\Prefetch\AU_.EXE-933B346D.pf --------- 57452 
 24.02.2013 12:23    C:\windows\Prefetch\REGSVR32.EXE-B31EC963.pf --------- 23564 
 24.02.2013 12:23    C:\windows\Prefetch\DLLHOST.EXE-6FE41093.pf --------- 43244 
 24.02.2013 12:23    C:\windows\Prefetch\UNINSTALL.EXE-B3F0F389.pf --------- 25040 
 24.02.2013 12:23    C:\windows\Prefetch\DESKTOP.EXE-6503D411.pf --------- 77848 
 24.02.2013 12:22    C:\windows\Prefetch\EXINFO.EXE-203A584B.pf --------- 27898 
 24.02.2013 12:22    C:\windows\Prefetch\HJTSCANLIST.EXE-16EE552A.pf --------- 41734 
 24.02.2013 12:22    C:\windows\Prefetch\MISM.EXE-56B771DC.pf --------- 47736 
 24.02.2013 12:22    C:\windows\Prefetch\ISM.EXE-4A53D039.pf --------- 48150 
 24.02.2013 12:20    C:\windows\Prefetch\AUDIODG.EXE-AB22E9A6.pf --------- 88656 
 24.02.2013 12:20    C:\windows\Prefetch\FLASHPLAYERPLUGIN_11_5_502_14-9CE66719.pf --------- 42640 
 24.02.2013 12:20    C:\windows\Prefetch\PLUGIN-CONTAINER.EXE-6B605020.pf --------- 428938 
 24.02.2013 12:20    C:\windows\Prefetch\WMIPRVSE.EXE-E8B8DD29.pf --------- 102628 
 24.02.2013 12:20    C:\windows\Prefetch\NOTEPAD.EXE-032BB3D8.pf --------- 58190 
 24.02.2013 12:20    C:\windows\Prefetch\HIJACKTHIS204.EXE-3CC9FE52.pf --------- 39808 
 24.02.2013 12:20    C:\windows\Prefetch\TASKHOST.EXE-A0F5E092.pf --------- 1096374 
 24.02.2013 12:15    C:\windows\Prefetch\WMIADAP.EXE-BB21CD77.pf --------- 211378 
 24.02.2013 12:15    C:\windows\Prefetch\MBAM.EXE-493D9B94.pf --------- 108628 
 24.02.2013 12:14    C:\windows\Prefetch\REGSVR32.EXE-03D3FB87.pf --------- 25150 
 24.02.2013 12:14    C:\windows\Prefetch\WUAUCLT.EXE-5D573F0E.pf --------- 167208 
 24.02.2013 12:13    C:\windows\Prefetch\SPPSVC.EXE-96070FE0.pf --------- 31946 
 24.02.2013 12:13    C:\windows\Prefetch\DAEMONU.EXE-73AC4A81.pf --------- 45680 
 24.02.2013 12:13    C:\windows\Prefetch\MSCORSVW.EXE-16B291C4.pf --------- 204582 
 24.02.2013 12:13    C:\windows\Prefetch\MSCORSVW.EXE-8CE1A322.pf --------- 174582 
 24.02.2013 12:13    C:\windows\Prefetch\DLLHOST.EXE-F99091EF.pf --------- 69168 
 24.02.2013 12:13    C:\windows\Prefetch\DRSUPDATE.14956297_RUNASUSER.-600335B2.pf --------- 23408 
 24.02.2013 12:13    C:\windows\Prefetch\DBINSTALLER.EXE-E7FEEF0F.pf --------- 29238 
 24.02.2013 12:13    C:\windows\Prefetch\ReadyBoot --------- 4096 
 24.02.2013 12:12    C:\windows\Prefetch\CSC.EXE-0E09149C.pf --------- 41334 
 24.02.2013 12:12    C:\windows\Prefetch\CVTRES.EXE-F4BA0E72.pf --------- 14512 
 24.02.2013 12:12    C:\windows\Prefetch\SVCHOST.EXE-E52A3372.pf --------- 369656 
 24.02.2013 12:12    C:\windows\Prefetch\ICACLS.EXE-96ACDEBC.pf --------- 2214 
 24.02.2013 12:12    C:\windows\Prefetch\SEARCHINDEXER.EXE-1CF42BC6.pf --------- 100784 
 24.02.2013 12:12    C:\windows\Prefetch\RUNDLL32.EXE-F632BF02.pf --------- 14318 
 24.02.2013 12:12    C:\windows\Prefetch\NVTRAY.EXE-39D19720.pf --------- 34786 
 24.02.2013 12:12    C:\windows\Prefetch\SEARCHANONYMIZER.EXE-9EFE71C4.pf --------- 86884 
 24.02.2013 12:12    C:\windows\Prefetch\CMD.EXE-6D6290C5.pf --------- 14688 
 24.02.2013 12:12    C:\windows\Prefetch\RAVCPL64.EXE-4BB80510.pf --------- 13592 
 24.02.2013 05:34    C:\windows\Prefetch\AgGlFgAppHistory.db --------- 2096274 
 24.02.2013 05:34    C:\windows\Prefetch\AgGlFaultHistory.db --------- 722350 
 24.02.2013 05:34    C:\windows\Prefetch\AgGlGlobalHistory.db --------- 4351914 
 24.02.2013 05:34    C:\windows\Prefetch\AgRobust.db --------- 611056 
 24.02.2013 05:34    C:\windows\Prefetch\PfSvPerfStats.bin --------- 584 
 24.02.2013 05:33    C:\windows\Prefetch\SVCHOST.EXE-EBB13DE6.pf --------- 15376 
 24.02.2013 05:33    C:\windows\Prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf --------- 30314 
 24.02.2013 05:33    C:\windows\Prefetch\SVCHOST.EXE-BFD62F9A.pf --------- 16884 
 24.02.2013 05:33    C:\windows\Prefetch\SVCHOST.EXE-7AB41905.pf --------- 17322 
 24.02.2013 05:33    C:\windows\Prefetch\SVCHOST.EXE-282D6A34.pf --------- 19218 
 24.02.2013 05:33    C:\windows\Prefetch\SVCHOST.EXE-C02BA069.pf --------- 58574 
 24.02.2013 05:30    C:\windows\Prefetch\POQEXEC.EXE-567EE1A6.pf --------- 26004 
 24.02.2013 05:30    C:\windows\Prefetch\LOGONUI.EXE-F639BD7E.pf --------- 51776 
 24.02.2013 04:58    C:\windows\Prefetch\AgGlUAD_P_S-1-5-21-3322448490-314981258-3538992574-1001.db --------- 1031332 
 24.02.2013 04:58    C:\windows\Prefetch\AgGlUAD_S-1-5-21-3322448490-314981258-3538992574-1001.db --------- 1541526 
 24.02.2013 04:46    C:\windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-0129C0B2.pf --------- 24738 
 24.02.2013 04:16    C:\windows\Prefetch\Layout.ini --------- 882522 
 24.02.2013 02:53    C:\windows\Prefetch\SVCHOST.EXE-6D6FB3A1.pf --------- 603948 
 24.02.2013 02:46    C:\windows\Prefetch\MSIEXEC.EXE-CDBFC0F7.pf --------- 567482 
 24.02.2013 02:43    C:\windows\Prefetch\MSIEXEC.EXE-8FFB1633.pf --------- 440752 
 24.02.2013 01:57    C:\windows\Prefetch\WMPNSCFG.EXE-18FC9E64.pf --------- 51660 
 24.02.2013 01:39    C:\windows\Prefetch\NOTEPAD.EXE-C5670914.pf --------- 55464 
 23.02.2013 22:48    C:\windows\Prefetch\DRSUPDATE.13406784_RUNASUSER.-827DBA40.pf --------- 29422 
 22.02.2013 14:36    C:\windows\Prefetch\AgCx_SC4.db --------- 311071 
 10.11.2012 00:55    C:\windows\Prefetch\AgCx_SC2.db --------- 805029 
 14.08.2012 05:20    C:\windows\Prefetch\AgCx_SC1.db --------- 677092 
 14.08.2012 04:14    C:\windows\Prefetch\AgCx_SC1.db.trx --------- 178826 
 16.09.2011 16:25    C:\windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 533870 
 16.09.2011 16:25    C:\windows\Prefetch\AgAppLaunch.db --------- 334168 
----------------------------------------

 
C:\windows\Tasks

 24.02.2013 12:25    C:\windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1110 
 24.02.2013 12:11    C:\windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1106 
 24.02.2013 12:10    C:\windows\Tasks\SA.DAT --------- 6 
 24.02.2013 04:46    C:\windows\Tasks\Adobe Flash Player Updater.job --------- 884 
 21.12.2012 15:23    C:\windows\Tasks\SCHEDLGU.TXT --------- 32640 
----------------------------------------

 
C:\windows\Temp

 24.02.2013 12:27    C:\windows\Temp\_avast_ --------- 4096 
 24.02.2013 12:16    C:\windows\Temp\tmp000015bc --------- 0 
 24.02.2013 12:16    C:\windows\Temp\GDATA_Online_Update --------- 0 
 24.02.2013 12:11    C:\windows\Temp\lpksetup-20130224-121052-0.log --------- 3516 
 24.02.2013 05:32    C:\windows\Temp\lpksetup-20130224-053224-0.log --------- 3516 
 24.02.2013 01:56    C:\windows\Temp\lpksetup-20130224-015548-0.log --------- 3516 
 24.02.2013 01:40    C:\windows\Temp\lpksetup-20130224-014033-0.log --------- 3516 
 23.02.2013 23:39    C:\windows\Temp\MPTelemetrySubmit --------- 0 
 23.02.2013 23:31    C:\windows\Temp\MpCmdRun.log --------- 106098 
 23.02.2013 23:24    C:\windows\Temp\7668EFBA-83FC-436F-80DD-008A361A3B35-Sigs --------- 0 
 23.02.2013 23:24    C:\windows\Temp\MpSigStub.log --------- 27906 
 23.02.2013 22:59    C:\windows\Temp\lpksetup-20130223-225915-0.log --------- 3516 
 23.02.2013 22:46    C:\windows\Temp\lpksetup-20130223-224556-0.log --------- 3516 
 23.02.2013 17:33    C:\windows\Temp\lpksetup-20130223-173145-0.log --------- 3516 
 23.02.2013 13:40    C:\windows\Temp\lpksetup-20130223-133900-0.log --------- 3516 
 23.02.2013 04:00    C:\windows\Temp\lpksetup-20130223-035947-0.log --------- 3516 
 22.02.2013 22:47    C:\windows\Temp\HamachiSetup.log --------- 2383 
 22.02.2013 19:13    C:\windows\Temp\lpksetup-20130222-191334-0.log --------- 3516 
 22.02.2013 18:17    C:\windows\Temp\lpksetup-20130222-181609-0.log --------- 3516 
 22.02.2013 14:34    C:\windows\Temp\lpksetup-20130222-143402-0.log --------- 3516 
 21.02.2013 17:23    C:\windows\Temp\lpksetup-20130221-172340-0.log --------- 3516 
 20.02.2013 17:21    C:\windows\Temp\lpksetup-20130220-172052-0.log --------- 3516 
 19.02.2013 17:02    C:\windows\Temp\lpksetup-20130219-170202-0.log --------- 3516 
 18.02.2013 23:06    C:\windows\Temp\lpksetup-20130218-230621-0.log --------- 3516 
 18.02.2013 14:59    C:\windows\Temp\lpksetup-20130218-145943-0.log --------- 3516 
 17.02.2013 19:42    C:\windows\Temp\lpksetup-20130217-194233-0.log --------- 3516 
 17.02.2013 13:00    C:\windows\Temp\lpksetup-20130217-130035-0.log --------- 3516 
 16.02.2013 23:11    C:\windows\Temp\lpksetup-20130216-231126-0.log --------- 3516 
 16.02.2013 11:34    C:\windows\Temp\lpksetup-20130216-113347-0.log --------- 3516 
 15.02.2013 18:13    C:\windows\Temp\lpksetup-20130215-181323-0.log --------- 3516 
 15.02.2013 10:10    C:\windows\Temp\lpksetup-20130215-101012-0.log --------- 3516 
 14.02.2013 09:32    C:\windows\Temp\lpksetup-20130214-093224-0.log --------- 3516 
 14.02.2013 07:50    C:\windows\Temp\lpksetup-20130214-074921-0.log --------- 3516 
 13.02.2013 13:05    C:\windows\Temp\lpksetup-20130213-130518-0.log --------- 3516 
 12.02.2013 19:04    C:\windows\Temp\lpksetup-20130212-190435-0.log --------- 3516 
 12.02.2013 11:24    C:\windows\Temp\lpksetup-20130212-112403-0.log --------- 3516 
 12.02.2013 00:41    C:\windows\Temp\lpksetup-20130212-004117-0.log --------- 3516 
 11.02.2013 12:10    C:\windows\Temp\lpksetup-20130211-120943-0.log --------- 3516 
 10.02.2013 10:10    C:\windows\Temp\lpksetup-20130210-101036-0.log --------- 3516 
 09.02.2013 12:41    C:\windows\Temp\lpksetup-20130209-124121-0.log --------- 3516 
 08.02.2013 14:45    C:\windows\Temp\lpksetup-20130208-144416-0.log --------- 3516 
 07.02.2013 09:02    C:\windows\Temp\lpksetup-20130207-090136-0.log --------- 3516 
 07.02.2013 00:28    C:\windows\Temp\lpksetup-20130207-002815-0.log --------- 3516 
 06.02.2013 19:27    C:\windows\Temp\lpksetup-20130206-192721-0.log --------- 3516 
 06.02.2013 17:26    C:\windows\Temp\lpksetup-20130206-172630-0.log --------- 3516 
 06.02.2013 07:51    C:\windows\Temp\avk17D3.tmp --------- 0 
 06.02.2013 00:22    C:\windows\Temp\lpksetup-20130206-002211-0.log --------- 3516 
 06.02.2013 00:18    C:\windows\Temp\lpksetup-20130206-001740-0.log --------- 3516 
 06.02.2013 00:07    C:\windows\Temp\fwtsqmfile11.sqm --------- 608 
 05.02.2013 17:11    C:\windows\Temp\lpksetup-20130205-171134-0.log --------- 3516 
 04.02.2013 15:59    C:\windows\Temp\lpksetup-20130204-155919-0.log --------- 3516 
 03.02.2013 20:33    C:\windows\Temp\lpksetup-20130203-203334-0.log --------- 3516 
 03.02.2013 17:22    C:\windows\Temp\lpksetup-20130203-172112-0.log --------- 3516 
 03.02.2013 10:31    C:\windows\Temp\fwtsqmfile10.sqm --------- 608 
 03.02.2013 10:26    C:\windows\Temp\lpksetup-20130203-102614-0.log --------- 3516 
 02.02.2013 12:57    C:\windows\Temp\lpksetup-20130202-125549-0.log --------- 3508 
 02.02.2013 04:58    C:\windows\Temp\fwtsqmfile09.sqm --------- 608 
 02.02.2013 04:50    C:\windows\Temp\lpksetup-20130202-045008-0.log --------- 3516 
 02.02.2013 04:36    C:\windows\Temp\fwtsqmfile08.sqm --------- 608 
 01.02.2013 23:22    C:\windows\Temp\lpksetup-20130201-232131-0.log --------- 3516 
 01.02.2013 23:20    C:\windows\Temp\fwtsqmfile07.sqm --------- 608 
 01.02.2013 19:20    C:\windows\Temp\lpksetup-20130201-192036-0.log --------- 3516 
 01.02.2013 19:19    C:\windows\Temp\fwtsqmfile06.sqm --------- 608 
 01.02.2013 19:14    C:\windows\Temp\lpksetup-20130201-191339-0.log --------- 3516 
 01.02.2013 16:57    C:\windows\Temp\fwtsqmfile05.sqm --------- 608 
 01.02.2013 16:12    C:\windows\Temp\lpksetup-20130201-161217-0.log --------- 3516 
 31.01.2013 16:32    C:\windows\Temp\lpksetup-20130131-163219-0.log --------- 3516 
 31.01.2013 01:05    C:\windows\Temp\fwtsqmfile04.sqm --------- 608 
 30.01.2013 22:45    C:\windows\Temp\lpksetup-20130130-224447-0.log --------- 3516 
 29.01.2013 17:11    C:\windows\Temp\lpksetup-20130129-171119-0.log --------- 3516 
 29.01.2013 01:59    C:\windows\Temp\fwtsqmfile03.sqm --------- 608 
 29.01.2013 01:47    C:\windows\Temp\lpksetup-20130129-014738-0.log --------- 3516 
 28.01.2013 15:58    C:\windows\Temp\lpksetup-20130128-155806-0.log --------- 3516 
 28.01.2013 00:02    C:\windows\Temp\fwtsqmfile02.sqm --------- 608 
 27.01.2013 19:35    C:\windows\Temp\lpksetup-20130127-193522-0.log --------- 3516 
 27.01.2013 17:48    C:\windows\Temp\fwtsqmfile00.sqm --------- 608 
 27.01.2013 12:28    C:\windows\Temp\lpksetup-20130127-122729-0.log --------- 3516 
 27.01.2013 00:56    C:\windows\Temp\lpksetup-20130127-005508-0.log --------- 3516 
 27.01.2013 00:56    C:\windows\Temp\fwtsqmfile01.sqm --------- 608 
 26.01.2013 12:56    C:\windows\Temp\fwtsqmfile19.sqm --------- 608 
 26.01.2013 12:29    C:\windows\Temp\lpksetup-20130126-122916-0.log --------- 3516 
 26.01.2013 02:18    C:\windows\Temp\fwtsqmfile18.sqm --------- 608 
 26.01.2013 01:17    C:\windows\Temp\lpksetup-20130126-011722-0.log --------- 3516 
 25.01.2013 19:11    C:\windows\Temp\fwtsqmfile17.sqm --------- 608 
 25.01.2013 18:19    C:\windows\Temp\lpksetup-20130125-181847-0.log --------- 3516 
 25.01.2013 16:58    C:\windows\Temp\fwtsqmfile16.sqm --------- 608 
 25.01.2013 15:45    C:\windows\Temp\lpksetup-20130125-154451-0.log --------- 3516 
 24.01.2013 18:38    C:\windows\Temp\fwtsqmfile15.sqm --------- 608 
 24.01.2013 16:33    C:\windows\Temp\lpksetup-20130124-163327-0.log --------- 3516 
 23.01.2013 16:20    C:\windows\Temp\fwtsqmfile14.sqm --------- 608 
 23.01.2013 11:05    C:\windows\Temp\lpksetup-20130123-110421-0.log --------- 3516 
 23.01.2013 07:18    C:\windows\Temp\fwtsqmfile13.sqm --------- 608 
 23.01.2013 07:08    C:\windows\Temp\lpksetup-20130123-070827-0.log --------- 3516 
 22.01.2013 12:52    C:\windows\Temp\fwtsqmfile12.sqm --------- 608 
 22.01.2013 12:28    C:\windows\Temp\lpksetup-20130122-122821-0.log --------- 3516 
 22.01.2013 07:51    C:\windows\Temp\lpksetup-20130122-075121-0.log --------- 3516 
 21.01.2013 14:16    C:\windows\Temp\lpksetup-20130121-141542-0.log --------- 3508 
 20.01.2013 21:56    C:\windows\Temp\lpksetup-20130120-215505-0.log --------- 3516 
 20.01.2013 21:48    C:\windows\Temp\lpksetup-20130120-214746-0.log --------- 3516 
 20.01.2013 11:10    C:\windows\Temp\lpksetup-20130120-110924-0.log --------- 3516 
 19.01.2013 19:00    C:\windows\Temp\lpksetup-20130119-185950-0.log --------- 3516 
 19.01.2013 06:54    C:\windows\Temp\lpksetup-20130119-065410-0.log --------- 3516 
 18.01.2013 18:25    C:\windows\Temp\lpksetup-20130118-182429-0.log --------- 3516 
 17.01.2013 17:34    C:\windows\Temp\lpksetup-20130117-173416-0.log --------- 3516 
 16.01.2013 17:25    C:\windows\Temp\lpksetup-20130116-172458-0.log --------- 3516 
 15.01.2013 20:35    C:\windows\Temp\_avast5_ --------- 0 
 15.01.2013 20:35    C:\windows\Temp\lpksetup-20130115-203519-0.log --------- 3516 
 15.01.2013 17:32    C:\windows\Temp\lpksetup-20130115-173216-0.log --------- 3516 
----------------------------------------

 
C:\Users\tim_oO\AppData\Local\Temp

 24.02.2013 12:23    C:\Users\tim_oO\AppData\Local\Temp\~nsu.tmp --------- 0 
 24.02.2013 12:22    C:\Users\tim_oO\AppData\Local\Temp\acro_rd_dir --------- 4096 
 24.02.2013 12:22    C:\Users\tim_oO\AppData\Local\Temp\nspA46B.tmp --------- 4096 
 24.02.2013 12:22    C:\Users\tim_oO\AppData\Local\Temp\nspBE02.tmp --------- 0 
 24.02.2013 12:22    C:\Users\tim_oO\AppData\Local\Temp\ct2233703 --------- 0 
 24.02.2013 12:13    C:\Users\tim_oO\AppData\Local\Temp\izdd004o.1os --------- 9 
 24.02.2013 12:11    C:\Users\tim_oO\AppData\Local\Temp\WPDNSE --------- 0 
 24.02.2013 02:30    C:\Users\tim_oO\AppData\Local\Temp\KB2789642_20130224_022645521.html --------- 65210 
 24.02.2013 02:30    C:\Users\tim_oO\AppData\Local\Temp\KB2789642_20130224_022645521-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 30932976 
 24.02.2013 02:26    C:\Users\tim_oO\AppData\Local\Temp\KB2789642_10.0.30319 --------- 0 
 24.02.2013 02:26    C:\Users\tim_oO\AppData\Local\Temp\dd_clwireg.txt --------- 3017 
 24.02.2013 01:56    C:\Users\tim_oO\AppData\Local\Temp\teypaznk.qhv --------- 9 
 24.02.2013 01:40    C:\Users\tim_oO\AppData\Local\Temp\{19E8247B-C31B-4010-9B59-AF46CDF335C5} --------- 0 
 24.02.2013 00:04    C:\Users\tim_oO\AppData\Local\Temp\plugtmp-7 --------- 0 
 23.02.2013 23:40    C:\Users\tim_oO\AppData\Local\Temp\MpCmdRun.log --------- 1148 
 23.02.2013 23:24    C:\Users\tim_oO\AppData\Local\Temp\MPTelemetrySubmit --------- 0 
 23.02.2013 23:18    C:\Users\tim_oO\AppData\Local\Temp\msdtadmin --------- 0 
 23.02.2013 23:03    C:\Users\tim_oO\AppData\Local\Temp\GDATA_Online_Update --------- 0 
 23.02.2013 23:01    C:\Users\tim_oO\AppData\Local\Temp\441ibvsb.eti --------- 9 
 23.02.2013 22:46    C:\Users\tim_oO\AppData\Local\Temp\zthoreg0.ogn --------- 9 
 23.02.2013 22:33    C:\Users\tim_oO\AppData\Local\Temp\{9d3cb86d-0b1f-4b68-af5d-fbbf164324ee} --------- 0 
 23.02.2013 22:33    C:\Users\tim_oO\AppData\Local\Temp\{02478504-3a97-4d15-96c4-125f586ef3ae} --------- 0 
 23.02.2013 21:54    C:\Users\tim_oO\AppData\Local\Temp\plugtmp-6 --------- 0 
 23.02.2013 17:33    C:\Users\tim_oO\AppData\Local\Temp\bemtybw2.suy --------- 9 
 23.02.2013 13:40    C:\Users\tim_oO\AppData\Local\Temp\feoxf0tm.b15 --------- 9 
 23.02.2013 04:00    C:\Users\tim_oO\AppData\Local\Temp\zicydw4m.5gf --------- 9 
 22.02.2013 22:47    C:\Users\tim_oO\AppData\Local\Temp\HamachiSetup.log --------- 4212 
 22.02.2013 18:29    C:\Users\tim_oO\AppData\Local\Temp\WER5A30.tmp.resp.erc.xml --------- 0 
 22.02.2013 18:18    C:\Users\tim_oO\AppData\Local\Temp\wddpdkxz.bka --------- 9 
 22.02.2013 14:37    C:\Users\tim_oO\AppData\Local\Temp\zpz1lug4.fpx --------- 9 
 21.02.2013 17:26    C:\Users\tim_oO\AppData\Local\Temp\0ypgirvr.hjb --------- 9 
 20.02.2013 23:00    C:\Users\tim_oO\AppData\Local\Temp\plugtmp-5 --------- 0 
 20.02.2013 17:24    C:\Users\tim_oO\AppData\Local\Temp\eu1kodno.4uo --------- 9 
 19.02.2013 17:05    C:\Users\tim_oO\AppData\Local\Temp\1oq3xm2a.n0e --------- 9 
 18.02.2013 23:09    C:\Users\tim_oO\AppData\Local\Temp\12gpfppn.om0 --------- 9 
 18.02.2013 16:38    C:\Users\tim_oO\AppData\Local\Temp\nY990X+X.htm.part --------- 0 
 18.02.2013 15:02    C:\Users\tim_oO\AppData\Local\Temp\3x043h4d.k2f --------- 9 
 17.02.2013 19:45    C:\Users\tim_oO\AppData\Local\Temp\g3dw4f43.ksv --------- 9 
 17.02.2013 13:04    C:\Users\tim_oO\AppData\Local\Temp\x2tmy5bc.ixh --------- 9 
 16.02.2013 23:12    C:\Users\tim_oO\AppData\Local\Temp\mrwwd3hi.os1 --------- 9 
 16.02.2013 11:40    C:\Users\tim_oO\AppData\Local\Temp\vxtjffkg.pnk --------- 9 
 16.02.2013 01:22    C:\Users\tim_oO\AppData\Local\Temp\plugtmp-4 --------- 0 
 15.02.2013 18:22    C:\Users\tim_oO\AppData\Local\Temp\Blizzard --------- 0 
 15.02.2013 18:14    C:\Users\tim_oO\AppData\Local\Temp\2pw23m4o.idp --------- 9 
 15.02.2013 13:44    C:\Users\tim_oO\AppData\Local\Temp\hsperfdata_tim_oO --------- 0 
 15.02.2013 13:02    C:\Users\tim_oO\AppData\Local\Temp\plugtmp-3 --------- 0 
 14.02.2013 09:33    C:\Users\tim_oO\AppData\Local\Temp\irtwvbut.ukk --------- 9 
 12.02.2013 19:07    C:\Users\tim_oO\AppData\Local\Temp\0iel0xa4.0fo --------- 9 
 12.02.2013 11:26    C:\Users\tim_oO\AppData\Local\Temp\snrur0ys.10c --------- 9 
 12.02.2013 00:43    C:\Users\tim_oO\AppData\Local\Temp\ao3qcxll.egc --------- 9 
 11.02.2013 12:10    C:\Users\tim_oO\AppData\Local\Temp\bmxbeoly.k4d --------- 9 
 11.02.2013 01:56    C:\Users\tim_oO\AppData\Local\Temp\HouseCall --------- 0 
 11.02.2013 01:31    C:\Users\tim_oO\AppData\Local\Temp\HCLauncher.log --------- 6901 
 11.02.2013 01:31    C:\Users\tim_oO\AppData\Local\Temp\HCBackup --------- 0 
 10.02.2013 10:12    C:\Users\tim_oO\AppData\Local\Temp\ggwjmuez.daw --------- 9 
 09.02.2013 12:42    C:\Users\tim_oO\AppData\Local\Temp\3uwphvof.3j0 --------- 9 
 08.02.2013 14:45    C:\Users\tim_oO\AppData\Local\Temp\khzw2olk.uqp --------- 9 
 07.02.2013 09:02    C:\Users\tim_oO\AppData\Local\Temp\d0ecnplu.swh --------- 9 
 07.02.2013 00:31    C:\Users\tim_oO\AppData\Local\Temp\igfcdhur.s2t --------- 9 
 06.02.2013 19:29    C:\Users\tim_oO\AppData\Local\Temp\lxlxlabw.r3b --------- 9 
 06.02.2013 17:28    C:\Users\tim_oO\AppData\Local\Temp\nf3t03nr.bid --------- 9 
 06.02.2013 00:23    C:\Users\tim_oO\AppData\Local\Temp\AdobeARM.log --------- 34228 
 06.02.2013 00:19    C:\Users\tim_oO\AppData\Local\Temp\xgs1zn2m.20o --------- 9 
 05.02.2013 18:00    C:\Users\tim_oO\AppData\Local\Temp\MozillaMailnews --------- 0 
 05.02.2013 17:37    C:\Users\tim_oO\AppData\Local\Temp\ihp0l4gg.eq5 --------- 9 
 04.02.2013 16:02    C:\Users\tim_oO\AppData\Local\Temp\iuthg50a.hf2 --------- 9 
 03.02.2013 23:53    C:\Users\tim_oO\AppData\Local\Temp\plugtmp-2 --------- 0 
 03.02.2013 20:36    C:\Users\tim_oO\AppData\Local\Temp\0fgkwlsf.2zq --------- 9 
 03.02.2013 17:23    C:\Users\tim_oO\AppData\Local\Temp\qmq5uv1g.tq1 --------- 9 
 03.02.2013 10:27    C:\Users\tim_oO\AppData\Local\Temp\0vnqtzpo.1yn --------- 9 
 02.02.2013 12:57    C:\Users\tim_oO\AppData\Local\Temp\s3ncf4p5.ayw --------- 9 
 02.02.2013 04:51    C:\Users\tim_oO\AppData\Local\Temp\jtdkk5ul.uam --------- 9 
 01.02.2013 23:23    C:\Users\tim_oO\AppData\Local\Temp\jnbutcbo.llu --------- 9 
 01.02.2013 19:22    C:\Users\tim_oO\AppData\Local\Temp\vexdxkot.0e0 --------- 9 
 01.02.2013 16:14    C:\Users\tim_oO\AppData\Local\Temp\t4s5fjvg.exq --------- 9 
 31.01.2013 16:34    C:\Users\tim_oO\AppData\Local\Temp\zw0mgegr.wll --------- 9 
 30.01.2013 22:46    C:\Users\tim_oO\AppData\Local\Temp\rsfsch1t.fjq --------- 9 
 29.01.2013 17:15    C:\Users\tim_oO\AppData\Local\Temp\2k1pwf5n.vqe --------- 9 
 29.01.2013 01:50    C:\Users\tim_oO\AppData\Local\Temp\v2sfnpml.ky0 --------- 9 
 28.01.2013 16:07    C:\Users\tim_oO\AppData\Local\Temp\lxfjz421.tal --------- 9 
 27.01.2013 21:19    C:\Users\tim_oO\AppData\Local\Temp\jar_cache1708816180670125365.tmp --------- 0 
 27.01.2013 19:39    C:\Users\tim_oO\AppData\Local\Temp\mirorlhz.3j0 --------- 9 
 27.01.2013 15:11    C:\Users\tim_oO\AppData\Local\Temp\fontconfig --------- 0 
 27.01.2013 12:29    C:\Users\tim_oO\AppData\Local\Temp\gxczjw4a.40b --------- 9 
 27.01.2013 00:56    C:\Users\tim_oO\AppData\Local\Temp\bq4gdrum.bp4 --------- 9 
 26.01.2013 12:32    C:\Users\tim_oO\AppData\Local\Temp\ekqe0mm0.4p5 --------- 9 
 26.01.2013 01:24    C:\Users\tim_oO\AppData\Local\Temp\rhzrjvnv.su3 --------- 9 
 25.01.2013 18:21    C:\Users\tim_oO\AppData\Local\Temp\uvapbbwp.wiw --------- 9 
 25.01.2013 16:13    C:\Users\tim_oO\AppData\Local\Temp\GtKy22Uw.htm.part --------- 0 
 25.01.2013 16:11    C:\Users\tim_oO\AppData\Local\Temp\plugtmp-1 --------- 0 
 25.01.2013 15:47    C:\Users\tim_oO\AppData\Local\Temp\ww5s4ion.vks --------- 9 
 24.01.2013 19:33    C:\Users\tim_oO\AppData\Local\Temp\plugtmp --------- 0 
 24.01.2013 19:16    C:\Users\tim_oO\AppData\Local\Temp\f93wtg0z.mp3.part --------- 0 
 24.01.2013 16:34    C:\Users\tim_oO\AppData\Local\Temp\wuffrars.mgp --------- 9 
 23.01.2013 07:10    C:\Users\tim_oO\AppData\Local\Temp\ysirhvtp.v5n --------- 9 
 22.01.2013 15:22    C:\Users\tim_oO\AppData\Local\Temp\qtsingleapp-combli-839e-1-lockfile --------- 0 
 22.01.2013 07:52    C:\Users\tim_oO\AppData\Local\Temp\facbhuee.ck2 --------- 9 
 21.01.2013 14:19    C:\Users\tim_oO\AppData\Local\Temp\2jg1is2e.prq --------- 9 
 20.01.2013 21:56    C:\Users\tim_oO\AppData\Local\Temp\jn0c2svw.yu4 --------- 9 
 20.01.2013 21:50    C:\Users\tim_oO\AppData\Local\Temp\ai2hojq1.4nd --------- 9 
 20.01.2013 11:11    C:\Users\tim_oO\AppData\Local\Temp\nyegmbba.1td --------- 9 
 19.01.2013 19:01    C:\Users\tim_oO\AppData\Local\Temp\t1jn5d15.1cb --------- 9 
 19.01.2013 06:55    C:\Users\tim_oO\AppData\Local\Temp\d3f3jnig.mfr --------- 9 
 18.01.2013 18:26    C:\Users\tim_oO\AppData\Local\Temp\uf25yxkk.w2m --------- 9 
 17.01.2013 21:15    C:\Users\tim_oO\AppData\Local\Temp\BTN%Copy%1 --------- 0 
 17.01.2013 17:37    C:\Users\tim_oO\AppData\Local\Temp\cbvztqg2.dpn --------- 9 
 16.01.2013 22:58    C:\Users\tim_oO\AppData\Local\Temp\d444rpey.arf --------- 12554 
 16.01.2013 22:58    C:\Users\tim_oO\AppData\Local\Temp\qomszfid.ffe --------- 9 
 16.01.2013 22:57    C:\Users\tim_oO\AppData\Local\Temp\AdobeARM_NotLocked.log --------- 580 
 16.01.2013 22:54    C:\Users\tim_oO\AppData\Local\Temp\History --------- 0 
 16.01.2013 22:54    C:\Users\tim_oO\AppData\Local\Temp\Cookies --------- 0 
 16.01.2013 22:54    C:\Users\tim_oO\AppData\Local\Temp\Temporary Internet Files --------- 0 
 16.01.2013 22:54    C:\Users\tim_oO\AppData\Local\Temp\Adobe --------- 0 
 16.01.2013 17:32    C:\Users\tim_oO\AppData\Local\Temp\tbitso1e.2wc --------- 9 
 15.01.2013 20:36    C:\Users\tim_oO\AppData\Local\Temp\4avqxrpn.wbf --------- 9 
 15.01.2013 17:34    C:\Users\tim_oO\AppData\Local\Temp\xup14avh.g5j --------- 9 
 13.08.2012 18:50    C:\Users\tim_oO\AppData\Local\Temp\STP5715.csv --------- 2027 
 13.08.2012 18:50    C:\Users\tim_oO\AppData\Local\Temp\STP5715.tmp --------- 601224 
 08.05.2012 14:39    C:\Users\tim_oO\AppData\Local\Temp\3d0a1899-e862-43d1-b9db-9650cceb2a80 --------- 0 
 28.10.2011 14:13    C:\Users\tim_oO\AppData\Local\Temp\Low --------- 0 
 16.09.2011 16:39    C:\Users\tim_oO\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 
----------------------------------------

 
C:\Program Files

 24.02.2013 05:30    C:\Program Files\Internet Explorer --------- 4096 
 23.02.2013 22:55    C:\Program Files\NVIDIA Corporation --------- 4096 
 01.02.2013 23:19    C:\Program Files\7-Zip --------- 4096 
 26.12.2012 23:47    C:\Program Files\VstPlugins --------- 0 
 26.12.2012 23:47    C:\Program Files\Common Files --------- 4096 
 26.12.2012 23:47    C:\Program Files\MeldaProduction --------- 0 
 11.09.2012 20:14    C:\Program Files\Stellarium --------- 8192 
 11.09.2012 19:26    C:\Program Files\CCleaner --------- 4096 
 14.08.2012 18:16    C:\Program Files\StarWind Software --------- 0 
 09.05.2012 18:27    C:\Program Files\Windows Journal --------- 4096 
 08.05.2012 14:37    C:\Program Files\SteelSeries --------- 0 
 02.02.2012 21:40    C:\Program Files\WinRAR --------- 4096 
 18.01.2012 21:32    C:\Program Files\Windows Mail --------- 0 
 18.01.2012 21:32    C:\Program Files\Windows Sidebar --------- 4096 
 18.01.2012 21:32    C:\Program Files\DVD Maker --------- 0 
 18.01.2012 21:32    C:\Program Files\Windows Portable Devices --------- 0 
 18.01.2012 21:32    C:\Program Files\Windows Media Player --------- 4096 
 18.01.2012 21:32    C:\Program Files\Windows Photo Viewer --------- 0 
 18.01.2012 21:32    C:\Program Files\Windows Defender --------- 4096 
 18.01.2012 17:49    C:\Program Files\Java --------- 0 
 17.01.2012 20:49    C:\Program Files\Microsoft Office --------- 0 
 27.12.2011 15:54    C:\Program Files\Samsung --------- 0 
 24.09.2011 13:34    C:\Program Files\DIFX --------- 0 
 21.09.2011 22:30    C:\Program Files\GIMP-2.0 --------- 0 
 18.09.2011 20:46    C:\Program Files\Microsoft IntelliPoint --------- 12288 
 16.09.2011 16:29    C:\Program Files\WIDCOMM --------- 0 
 16.09.2011 16:27    C:\Program Files\Windows NT --------- 4096 
 16.09.2011 16:27    C:\Program Files\Gemeinsame Dateien --------- 0 
 15.12.2009 22:47    C:\Program Files\Microsoft Games --------- 4096 
 15.12.2009 08:22    C:\Program Files\Synaptics --------- 0 
 15.12.2009 08:19    C:\Program Files\Realtek --------- 0 
 14.07.2009 06:32    C:\Program Files\Reference Assemblies --------- 0 
 14.07.2009 06:32    C:\Program Files\MSBuild --------- 0 
 14.07.2009 06:09    C:\Program Files\Uninstall Information --------- 0 
 14.07.2009 05:54    C:\Program Files\desktop.ini --------- 174 
----------------------------------------

 
C:\ProgramData\..

UpdatusUser   
tim_oO   
Public   
Default   
Default User   
All Users   
desktop.ini   
----------------------------------------

 
C:\windows\system32\drivers\etc\hosts


----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            24 K
System                          4 Services                  0          304 K
smss.exe                      280 Services                  0        1.208 K
csrss.exe                      500 Services                  0        4.640 K
wininit.exe                    560 Services                  0        4.500 K
csrss.exe                      584 Console                    1        7.600 K
services.exe                  628 Services                  0        9.068 K
lsass.exe                      644 Services                  0        10.376 K
lsm.exe                        652 Services                  0        4.456 K
svchost.exe                    760 Services                  0        9.896 K
nvvsvc.exe                    820 Services                  0        7.080 K
winlogon.exe                  864 Console                    1        7.280 K
svchost.exe                    888 Services                  0        7.280 K
GDScan.exe                    972 Services                  0        36.712 K
AVKWCtlx64.exe                120 Services                  0        18.296 K
svchost.exe                    512 Services                  0        15.616 K
svchost.exe                    648 Services                  0      150.960 K
svchost.exe                    844 Services                  0        35.036 K
svchost.exe                  1084 Services                  0        5.208 K
svchost.exe                  1152 Services                  0        11.336 K
svchost.exe                  1224 Services                  0        16.876 K
nvxdsync.exe                  1412 Console                    1        17.212 K
nvvsvc.exe                    1420 Console                    1        12.152 K
spoolsv.exe                  1568 Services                  0        11.212 K
armsvc.exe                    1840 Services                  0        3.876 K
AVKProxy.exe                  1864 Services                  0        4.324 K
AVKService.exe                1892 Services                  0        3.124 K
btwdins.exe                  1920 Services                  0        5.680 K
svchost.exe                  1964 Services                  0        5.992 K
hamachi-2.exe                1532 Services                  0        9.324 K
mbamscheduler.exe              336 Services                  0        6.040 K
mbamservice.exe              2052 Services                  0      113.768 K
Rezip.exe                    2084 Services                  0        4.656 K
SearchAnonymizerHelper.ex    2184 Services                  0        15.572 K
AvkBap64.exe                  2380 Services                  0        37.216 K
taskhost.exe                  2468 Console                    1        7.888 K
mbamgui.exe                  2536 Console                    1        10.236 K
dwm.exe                      2872 Console                    1        38.368 K
StarRAMService.exe            2944 Services                  0        3.856 K
svchost.exe                  2104 Services                  0        5.556 K
taskeng.exe                  2660 Console                    1        6.564 K
APLanMgrC.exe                2444 Console                    1          528 K
explorer.exe                  2428 Console                    1        91.760 K
SSCKbdHk.exe                  2608 Console                    1        1.088 K
EasySpeedUpManager.exe        2024 Console                    1        1.092 K
dmhkcore.exe                  2556 Console                    1        1.892 K
WCScheduler.exe              3012 Console                    1        1.096 K
nvtray.exe                    2680 Console                    1        12.140 K
RAVCpl64.exe                  3620 Console                    1        10.336 K
SynTPEnh.exe                  3768 Console                    1        12.016 K
SynTPHelper.exe              3952 Console                    1        3.572 K
SteelSeriesEngine.exe        4024 Console                    1      110.484 K
SearchIndexer.exe            3764 Services                  0        90.060 K
AVKTray.exe                  3500 Console                    1        1.528 K
wmpnetwk.exe                  3400 Services                  0        10.792 K
svchost.exe                  3636 Services                  0        52.768 K
mscorsvw.exe                  4200 Services                  0        7.440 K
mscorsvw.exe                  4488 Services                  0        9.080 K
daemonu.exe                  4880 Services                  0        7.876 K
firefox.exe                  5076 Console                    1      297.512 K
plugin-container.exe          4864 Console                    1        12.768 K
FlashPlayerPlugin_11_5_50    2096 Console                    1        10.028 K
FlashPlayerPlugin_11_5_50    4408 Console                    1        18.184 K
audiodg.exe                  4724 Services                  0        31.284 K
taskeng.exe                  4264 Services                  0        5.264 K
foobar2000.exe                2060 Console                    1        29.944 K
pidgin.exe                    3488 Console                    1        30.216 K
SearchProtocolHost.exe        4924 Services                  0        9.356 K
SearchFilterHost.exe          3868 Services                  0        8.860 K
cmd.exe                        592 Console                    1        3.860 K
conhost.exe                  4116 Console                    1        5.828 K
dllhost.exe                  4788 Console                    1        5.980 K
tasklist.exe                  4616 Console                    1        5.772 K
WmiPrvSE.exe                  3572 Services                  0        6.328 K

 
***** Ende des Scans 24.02.2013 um 12:28:29,20 ***

Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
tim_oO :: TIM_OO-PC [Administrator]

Schutz: Aktiviert

23.02.2013 23:45:10
mbam-log-2013-02-23 (23-45-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 468052
Laufzeit: 1 Stunde(n), 27 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 16
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\tim_oO\Desktop\Programme\Cryptload\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\tim_oO\Downloads\HOMM2GOLD-dm.exe (Adware.TryMedia) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Games\Age of Empires 2\Tools\DirectDraw Patcher\w7ddpatcher.exe (HackTool.Patch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:12, on 24.02.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\Users\tim_oO\Desktop\Programme\Pc Cleaner\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKCU\..\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-3322448490-314981258-3538992574-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Rezip - Unknown owner - C:\Windows\SysWOW64\Rezip.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SearchAnonymizer - Unknown owner - C:\Users\tim_oO\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: StarRAM Service (StarRAMService) - StarWind Software - C:\Program Files\StarWind Software\RAM Disk\StarRAMService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10369 bytes

Code:
7-Zip 9.20 (x64 edition)        Igor Pavlov        01.02.2013        4,53MB        9.20.00.0
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        08.02.2013        6,00MB        11.5.502.149
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        08.02.2013        6,00MB        11.5.502.149
Adobe Reader X (10.1.5) - Deutsch        Adobe Systems Incorporated        16.01.2013        122MB        10.1.5
Age of Empires 2 & The Conquerors v1.1 Userpatch AiO version 0.2        line0        11.04.2012        696MB        0.2
Age of Empires II - the Conquerors WideScreen Patcher        Boekabart        11.04.2012        208KB        1.0.40
AIDA64 Extreme Edition v2.00        FinalWire Ltd.        12.11.2011        22,3MB        2.00
Anno 1701        Sunflowers        18.09.2011                1.00
ANNO 2070        Ubisoft        20.12.2011                1.0.0.0
AnyDVD        SlySoft        24.12.2011                6.8.9.0
AnyPC Client        Doctorsoft        15.12.2009                1.0.0.23
Atheros Client Installation Program        Atheros        15.12.2009                1.0.1.0805
BatteryLifeExtender        Samsung        15.12.2009        14,2MB        1.0.1
BrettspielWelt                26.10.2011               
CCleaner        Piriform        22.08.2012                3.22
Celestia 1.6.1        Shatters Software        02.02.2013        66,5MB       
ChargeableUSB        SAMSUNG        15.12.2009                1.0.0.0
CloneDVD2        Elaborate Bytes        24.12.2011                2.9.3.0
Compatibility Pack für 2007 Office System        Microsoft Corporation        08.01.2013        177MB        12.0.6612.1000
Counter-Strike        Valve        18.09.2011               
Diablo II        Blizzard Entertainment        18.09.2011               
Diablo III        Blizzard Entertainment        15.02.2013                1.0.7.14633
Easy Display Manager        Samsung Electronics Co., Ltd.        15.12.2009                3.0
Easy Network Manager        Samsung        15.12.2009        19,0MB        4.2.4
Easy SpeedUp Manager        Samsung Electronics Co.,Ltd.        15.12.2009                3.0.0.5
EasyBatteryManager        Samsung        15.12.2009                4.0.0.3
EVEREST Ultimate Edition v5.50        Lavalys, Inc.        28.05.2012                5.50
F.E.A.R. 3                18.09.2011               
foobar2000 v1.1.7        Peter Pawlowski        16.09.2011        7,85MB        1.1.7
G Data AntiVirus 2012        G Data Software AG        16.09.2011        73,7MB        22.0.0.0
GIMP 2.6.8                21.09.2011               
Google Earth Plug-in        Google        12.09.2012        48,7MB        6.2.2.6613
Grand Theft Auto Vice City                11.10.2011                1.00.000
Half-Life 2        Valve        15.01.2013               
Half-Life 2: Episode One        Valve        15.01.2013               
Half-Life 2: Episode Two        Valve        15.01.2013               
Heroes II Gold                14.02.2013               
Intel(R) Rapid Storage Technology        Intel Corporation        23.02.2013                9.5.4.1001
Intel(R) Turbo Boost Technology Driver        Intel Corporation        15.12.2009                01.00.01.1002
Java(TM) 6 Update 30        Sun Microsystems, Inc.        26.10.2011        94,9MB        6.0.300
Java(TM) 6 Update 30 (64-bit)        Oracle        18.01.2012        91,8MB        6.0.300
JDownloader 0.9        AppWork GmbH        19.12.2011                0.9
League of Legends        Riot Games        09.01.2012                1.02.0000
LogMeIn Hamachi        LogMeIn, Inc.        22.02.2013                2.1.0.294
Malwarebytes Anti-Malware Version 1.70.0.1100        Malwarebytes Corporation        23.02.2013        18,4MB        1.70.0.1100
Marvell Miniport Driver        Marvell        15.12.2009                11.22.3.3
McAfee Security Scan Plus        McAfee, Inc.        11.09.2012        10,2MB        3.0.207.4
MeldaProduction MFreeEffectsBundle64 7        MeldaProduction        26.12.2012               
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        18.09.2011        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        18.09.2011        2,93MB        4.0.30319
Microsoft IntelliPoint 8.2        Microsoft Corporation        18.09.2011                8.20.468.0
Microsoft Office Home and Student 2010        Microsoft Corporation        17.01.2012                14.0.6029.1000
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        23.09.2011        300KB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        18.09.2011        788KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        23.09.2011        788KB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        19.12.2011        240KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        16.09.2011        596KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        23.09.2011        600KB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        15.11.2012        13,8MB        10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        15.11.2012        15,0MB        10.0.40219
Microsoft Works        Microsoft Corporation        11.10.2012        878MB        9.7.0621
Mozilla Firefox 19.0 (x86 de)        Mozilla        20.02.2013        45,1MB        19.0
Mozilla Maintenance Service        Mozilla        20.02.2013        330KB        19.0
Mozilla Thunderbird 17.0.2 (x86 de)        Mozilla        10.01.2013        41,9MB        17.0.2
Mp3tag v2.49a        Florian Heidenreich        19.11.2011                v2.49a
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        25.09.2011        1,27MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.09.2011        1,33MB        4.20.9876.0
Nero BurningROM 12        Nero AG        03.11.2012        239MB        12.0.00300
Nokia Connectivity Cable Driver        Nokia        29.01.2012        3,94MB        7.1.69.0
Nokia Suite        Nokia        29.01.2012                3.3.86.0
NVIDIA Grafiktreiber 314.07        NVIDIA Corporation        23.02.2013                314.07
NVIDIA HD-Audiotreiber 1.3.23.1        NVIDIA Corporation        23.02.2013                1.3.23.1
NVIDIA PhysX-Systemsoftware 9.12.1031        NVIDIA Corporation        23.02.2013                9.12.1031
NVIDIA Update 1.12.12        NVIDIA Corporation        23.02.2013                1.12.12
Office 2010 Trial Extender        DiSTANTX        21.05.2012        834KB        1.0.0.4
PC Connectivity Solution        Nokia        29.01.2012        20,8MB        11.5.29.0
Pidgin                21.11.2012                2.10.6
Pidgin-Encryption Plugin (nur entfernen)                21.11.2012               
pidgin-otr 4.0.0-1        Cypherpunks CA        01.02.2013                4.0.0-1
PokerStars.eu        PokerStars.eu        05.12.2012               
Portal        Valve        15.01.2013               
Portal 2                13.05.2012               
Postal 2                16.06.2012               
Project64 1.6        Project64        18.09.2011        3,46MB        1.6
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        15.12.2009                6.0.1.5969
REALTEK Wireless LAN Software        REALTEK Semiconductor Corp.        15.12.2009                1.01.0088
Risen        Deep Silver        22.02.2012                1.00.0000
Samsung R-Series        Samsung        15.12.2009        24,2MB        1.0
Samsung Recovery Solution 4        Samsung        15.12.2009                4.0.0.41
Samsung Support Center        Samsung        15.12.2009        40,8MB        1.0.21
Samsung Update Plus        Samsung Electronics Co., Ltd.        15.12.2009                2.0
SearchAnonymizer                18.09.2011                1.0.1 (de)
Serious Sam 2                01.02.2013               
Skype™ 5.10        Skype Technologies S.A.        28.08.2012        19,3MB        5.10.116
SopCast 3.4.0        www.sopcast.com        18.10.2011                3.4.0
Source SDK Base 2007        Valve        10.10.2012               
StarCraft II        Blizzard Entertainment        01.02.2013                1.4.4.22418
StarWind RAM Disk (build 2010-03-10)        StarWind Software        14.08.2012               
Steam        Valve Corporation        16.09.2011        1,59MB        1.0.0.0
SteelSeries Engine        SteelSeries        08.05.2012                2.2.927.31327
Stellarium 0.11.4        Stellarium team        11.09.2012        91,2MB        0.11.4
Synaptics Pointing Device Driver        Synaptics Incorporated        15.12.2009                14.0.10.0
Team Fortress 2        Valve        15.01.2013               
teXXas        metaspinner media GmbH        16.09.2011                1
TmNationsForever        Nadeo        05.09.2012               
Ubisoft Game Launcher        UBISOFT        20.12.2011                1.0.0.0
Veetle TV        Veetle, Inc        18.10.2011                0.9.18
VirtualCloneDrive        Elaborate Bytes        16.09.2011               
VLC media player 2.0.3        VideoLAN        12.08.2012                2.0.3
vShare.tv plugin 1.3        vShare.tv, Inc.        20.09.2011                1.3
Wer wird Millionär        Eidos Interactive        24.06.2012        401MB        1.0.0.0000
WIDCOMM Bluetooth Software        Broadcom Corporation        12.01.2013        258MB        6.2.1.800
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)        Broadcom        16.09.2011                07/30/2009 6.2.0.9405
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)        Broadcom        16.09.2011                09/11/2009 6.2.0.9407
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)        Broadcom        16.09.2011                07/28/2009 6.2.0.9800
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)        Nokia        29.01.2012                08/22/2008 7.0.0.0
WinRAR 4.01 (64-Bit)        win.rar GmbH        16.09.2011                4.01.0
Xvid 1.1.3 final uninstall        Xvid team (Koepi)        03.03.2012                1.1
Zak McKracken - Between Time and Space                03.03.2012

markusg 24.02.2013 19:46
Hi
hijackthis will keiner mehr sehen, wird nämlich nicht mehr weiterentwickelt und sollte unter win7 gar nicht genutzt werden.
was heißt "son virus" wer hat wo was gefunden?

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

tempotimes 24.02.2013 21:47
Hi,


zunächst mal vielen Dank für die Antwort.

G-Data:
Code:
 
Pfad: C:\Users\tim_oO\AppData\Roaming\Thunderbird\Profiles\2zduw2d0.default\ImapMail\imap.web.de
    Status: Virus gefunden
    Virus: PDF:Exploit.JS.CM (Engine A)

Objekt: avk17D3.tmp
    Pfad: C:\windows\Temp
    Status: Virus entfernt
    Virus: Trojan.Generic.8052410 (Engine A)

Datei: C:\Users\tim_oO\AppData\Local\Temp\cxhyr.exe
Virus: Gen:Heur.PIF.6 (Engine A)

Datei: C:\Users\tim_oO\AppData\Local\Temp\cxhyr.exe
Virus: DeepScan:Generic.FakeAv.5.EBBCEDBF (Engine A)

Beim Schließen der Datei "D:\Games\Steam\steamapps\giantdk\counter-strike\cstrike\motd_temp.html" wurde der Virus "HTML:Iframe-inf (Engine B)" entdeckt. Zugriff verweigert.

Datei: C:\$Recycle.Bin\S-1-5-21-3322448490-314981258-3538992574-1001\$83990150359794c1504d02c803aa139f\U\800000cb.@
Virus: Trojan.Sirefef.ML (Engine A)

Datei: C:\Users\tim_oO\AppData\Local\Temp\24962250.bat
Virus: Trojan.BAT.AAGK (Engine A

Beim Schließen der Datei "C:\Users\tim_oO\AppData\Local\Temp\HouseCall\VS5F8F50.022" wurde der Virus "Gen:Variant.Symmi.9112 (Engine A)" entdeckt. Zugriff verweigert.

Beim Schließen der Datei "C:\$Recycle.Bin\S-1-5-21-3322448490-314981258-3538992574-1001\$83990150359794c1504d02c803aa139f\U\80000000.@" wurde der Virus "Trojan.Generic.8052410 (Engine A)" entdeckt. Zugriff verweigert.

Beim Schließen der Datei "C:\Users\tim_oO\AppData\Local\Temp\HouseCall\VS5F8F50.043" wurde der Virus "Trojan.Generic.KDV.832329 (Engine A)" entdeckt. Zugriff verweigert.

Datei: C:\Users\tim_oO\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\4d831927-6e65d920
Virus: Java:Agent-COW [Expl] (Engine B)
Code:
*** Prozess ***

Prozess: 6004
Dateiname: mor.exe
Pfad: c:\users\tim_oo\appdata\local\temp\mor.exe

Herausgeber: Unbekannter Herausgeber
Erstelldatum: 02/05/13 23:06:58
Änderungsdatum: 02/05/13 23:06:58

Gestartet von: java.exe
Herausgeber: Sun Microsystems, Inc.


*** Aktionen ***

Das Programm versucht zu erreichen, dass ein Programm beim Systemstart automatisch gestartet wird.
Das Programm stellt eine Verbindung über ein Netzwerk her.
Das Programm hat eine ausführbare Datei angelegt oder manipuliert.
Das Programm hat eine Kopie von sich selbst angelegt.
Eine ausführbare Datei wurde an einem verdächtigen Ort gespeichert.
Ein Autostart Eintrag verweist auf einen verdächtigen Ort.


*** Quarantäne ***

Folgende Dateien wurden in Quarantäne verschoben:
C:\Users\tim_oO\AppData\Local\Temp\24959551.exe
C:\Users\tim_oO\AppData\Local\Temp\24962031.exe
C:\Users\tim_oO\AppData\Local\Temp\24962250.bat
C:\Users\tim_oO\AppData\Local\Temp\mor.exe
C:\Users\tim_oO\lovikzakvuci.exe

Folgende Registry Einträge wurden gelöscht:

\REGISTRY\USER\S-1-5-21-3322448490-314981258-3538992574-1001\Software\Microsoft\Windows\CurrentVersion\Run || lovikzakvuci

YGLxn+IHJyf3cpJycgwoJ9dygnJyCyknaCYnlyonzKBygiknLie3wHJyYmJyctByonKScnLgcvIpJ5xykganQicrdHJCJwq3crJycnKigCwnKycnJwrocnJiYnJykCsW/ynokC0nB+lykmJicpKgLCcpJiYnCdpyci8nKSfHsCknKiYmJwrbcoJygmJiwConKSYmJwn8cpJygnJy0CYnKScpJgbPcnJiYnJycKdycnCocnJiYnJycLhyknKSYmJwyHJyYmJycnDocnJiYnJycOlygmJicoJw+XKCYmJygnB6coJwupLBWWOmwsKRNWYqJxmcNWYqC6cuJysmJicLty8nKCYmJwjHKCcpJykmBgA
Version der Regeln: 3.1.15
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 64bit OS
BB Revision: 28249

C:\Users\tim_oO\AppData\Local\Temp\mor.exe
"C:\Program Files (x86)\Java\jre6\bin\java.exe" -D__jvm_launched=24936828903 "-Xbootclasspath/a:C:\\PROGRA~2\\Java\\jre6\\lib\\deploy.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\javaws.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\plugin.jar" "-Djava.class.path=C:\\PROGRA~2\\Java\\jre6\\classes" -Dsun.awt.warmup=true "-Dsun.plugin2.jvm.args=-D__jvm_launched=24936828903 \"-Xbootclasspath/a:C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\deploy.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\javaws.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\plugin.jar\" \"-Djava.class.path=C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\classes\" -Dsun.awt.warmup=true --- --" sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid5028_pipe2,read_pipe_name=jpi2_pid5028_pipe1
OTL Logfile:
Code:
OTL logfile created on: 2/24/2013 8:58:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\tim_oO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 64.07% Memory free
7.71 Gb Paging File | 5.89 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98.78 Gb Total Space | 36.96 Gb Free Space | 37.41% Space Free | Partition Type: NTFS
Drive D: | 300.29 Gb Total Space | 89.68 Gb Free Space | 29.86% Space Free | Partition Type: NTFS
Drive F: | 182.00 Gb Total Space | 52.36 Gb Free Space | 28.77% Space Free | Partition Type: NTFS
 
Computer Name: TIM_OO-PC | User Name: tim_oO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/24 20:54:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tim_oO\Desktop\OTL.exe
PRC - [2013/02/10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012/11/29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
PRC - [2012/03/29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2009/11/04 05:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 12:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/20 10:13:00 | 000,079,360 | ---- | M] (DoctorSoft) -- C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe
PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 02:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/02/19 17:47:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/08 15:47:35 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012/11/29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012/11/29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/09/18 20:16:08 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\tim_oO\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011/06/17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/29 14:18:50 | 000,094,720 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\StarWind Software\RAM Disk\StarRAMService.exe -- (StarRAMService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/10/02 18:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/12 14:32:52 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013/01/12 14:32:51 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013/01/12 14:32:25 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013/01/12 14:32:25 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013/01/12 14:32:25 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012/12/19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/23 16:40:42 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012/08/28 03:00:32 | 000,112,640 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:64bit: - [2012/08/28 03:00:26 | 000,034,560 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/22 17:53:21 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR250.SYS -- (SMR250)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 21:09:56 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/02/22 21:09:52 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/12/13 03:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/12/04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/09/16 18:03:35 | 000,031,608 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/03/29 14:20:10 | 000,065,368 | ---- | M] (StarWind Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\StarRAM.sys -- (StarRAM)
DRV:64bit: - [2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/10 04:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/02 08:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/28 19:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/28 19:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 21:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011/12/04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{02BFE015-07A4-4687-909A-6EE9B5FC0442}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&k=0
IE - HKCU\..\SearchScopes\{1BF1A860-37CE-4EE7-B914-9C72BA51D79D}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{247BBEF0-9B17-41CE-ADF0-EBE921F37472}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D314937534D534E5F64654445343439&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&k=0
IE - HKCU\..\SearchScopes\{6C2D1982-5FBC-4D96-A5F3-8147C2AA512A}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{A07B6181-59BF-4CB3-B86D-16776628B5F9}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C162E0C4-337A-4790-93FD-DAFC61871FED}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:7.6.0.2
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..network.proxy.ftp: "176.31.111.181"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "176.31.111.181"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "176.31.111.181"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "176.31.111.181"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/01/29 14:59:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/19 17:47:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/19 17:47:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/09 18:56:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/01/29 14:59:32 | 000,000,000 | ---D | M]
 
[2011/09/17 01:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Extensions
[2013/02/24 12:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Firefox\Profiles\clbrt290.default\extensions
[2012/11/16 23:55:21 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Firefox\Profiles\clbrt290.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012/09/16 10:21:25 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Firefox\Profiles\clbrt290.default\extensions\ich@maltegoetz.de
[2012/07/05 15:54:08 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013/02/10 10:11:46 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\stealthyextension@gmail.com.xpi
[2013/01/30 22:46:20 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013/01/05 15:19:13 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/14 09:39:40 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/09/18 20:16:11 | 000,002,071 | ---- | M] () -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\searchplugins\{2967D1BD-ACCB-4C10-A2BB-A616EAA0FCC0}.xml
[2011/09/18 20:16:11 | 000,002,182 | ---- | M] () -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\searchplugins\{7D78468A-EB75-4471-BDE7-709B08A1152D}.xml
[2011/09/18 20:16:11 | 000,001,864 | ---- | M] () -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\searchplugins\{E168B10A-97BC-400A-B82A-3A0E2812B203}.xml
[2013/02/19 17:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/02/19 17:47:45 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2013/02/19 17:47:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2013/02/19 17:47:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012/06/10 13:09:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/29 23:38:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/10 13:09:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/10 13:09:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/10 13:09:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/10 13:09:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\tim_oO\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [SteelSeries Engine] C:\Programme\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3EDA5FB-2992-4B99-9B89-788630AD6D22}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF03C53C-6E49-4CC4-A855-9F9FFD0625AF}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\30937D~1.207\SSSCHE~1.EXE - (McAfee, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
MsConfig:64bit - StartUpReg: APLangApp - hkey= - key= - C:\Program Files (x86)\AnyPC Client\APLangApp.exe (DoctorSoft)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: mcagent_exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: MSC - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDVD8LanguageShortcut - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RemoteControl8 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RESTART_STICKY_NOTES - hkey= - key= - C:\Windows\SysNative\StikyNot.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/24 20:54:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tim_oO\Desktop\OTL.exe
[2013/02/24 12:53:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/24 12:27:38 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\Desktop\hjtscanlist
[2013/02/24 12:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\4shared Desktop
[2013/02/23 23:42:28 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Malwarebytes
[2013/02/23 23:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/23 23:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/23 23:42:15 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/02/23 23:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/23 23:42:06 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Local\Programs
[2013/02/23 22:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/02/23 22:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/02/22 22:47:31 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\hamachi.sys
[2013/02/22 22:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/02/22 22:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/02/22 22:47:08 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Local\LogMeIn Hamachi
[2013/02/19 17:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/14 20:00:33 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3DO
[2013/02/14 20:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
[2013/02/14 19:29:10 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/02/02 02:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celestia
[2013/02/02 02:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Celestia
[2013/02/01 23:46:10 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2 Patch 2.066.00
[2013/02/01 23:44:08 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll
[2013/02/01 23:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/01 23:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/02/01 22:56:54 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2013/02/01 22:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2013/02/01 22:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pidgin-otr
[2013/02/01 22:38:06 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
[2013/02/01 22:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/24 20:54:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tim_oO\Desktop\OTL.exe
[2013/02/24 20:46:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/02/24 20:25:00 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/24 19:10:51 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/24 19:10:51 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/24 19:04:28 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/24 19:02:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/24 19:02:50 | 3106,103,296 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/24 12:22:42 | 000,000,000 | ---- | M] () -- C:\END
[2013/02/24 12:16:29 | 000,992,122 | ---- | M] () -- C:\windows\SysWow64\sig.bin
[2013/02/24 12:16:29 | 000,052,387 | ---- | M] () -- C:\windows\SysWow64\nmp.map
[2013/02/24 05:32:07 | 000,389,920 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/02/24 02:28:35 | 001,520,734 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/02/24 02:28:35 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/02/24 02:28:35 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/02/24 02:28:35 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/02/24 02:28:35 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/02/23 23:40:29 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/02/23 23:13:04 | 000,002,539 | ---- | M] () -- C:\Users\tim_oO\Hkey.reg
[2013/02/17 01:06:49 | 022,553,929 | ---- | M] () -- C:\Users\tim_oO\Desktop\Rainbow Chicken dance (30 min loop) Longest on youtube! (at time of upload).M4A
[2013/02/14 14:21:05 | 249,837,325 | ---- | M] () -- C:\Users\tim_oO\Desktop\Live @ Beatgetrieben - SHUT UP AND DANCE!.mp3
[2013/02/11 00:57:07 | 000,124,201 | ---- | M] () -- C:\Users\tim_oO\AppData\Local\ars.cache
[2013/02/10 04:25:27 | 000,017,738 | ---- | M] () -- C:\windows\SysNative\nvinfo.pb
[2013/02/09 13:15:55 | 000,000,036 | ---- | M] () -- C:\Users\tim_oO\AppData\Local\housecall.guid.cache
[2013/02/01 23:44:08 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll
[2013/02/01 00:01:44 | 000,002,072 | ---- | M] () -- C:\Users\tim_oO\.recently-used.xbel
[2013/01/27 22:52:09 | 000,007,606 | ---- | M] () -- C:\Users\tim_oO\AppData\Local\Resmon.ResmonCfg
[2013/01/27 15:14:48 | 000,081,333 | ---- | M] () -- C:\Users\tim_oO\treib.jpg
 
========== Files Created - No Company Name ==========
 
[2013/02/24 12:22:42 | 000,000,000 | ---- | C] () -- C:\END
[2013/02/23 23:17:34 | 000,001,912 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/02/23 22:50:54 | 000,017,738 | ---- | C] () -- C:\windows\SysNative\nvinfo.pb
[2013/02/17 01:06:15 | 022,553,929 | ---- | C] () -- C:\Users\tim_oO\Desktop\Rainbow Chicken dance (30 min loop) Longest on youtube! (at time of upload).M4A
[2013/02/14 14:06:12 | 249,837,325 | ---- | C] () -- C:\Users\tim_oO\Desktop\Live @ Beatgetrieben - SHUT UP AND DANCE!.mp3
[2013/02/09 13:32:06 | 000,124,201 | ---- | C] () -- C:\Users\tim_oO\AppData\Local\ars.cache
[2013/02/09 13:15:55 | 000,000,036 | ---- | C] () -- C:\Users\tim_oO\AppData\Local\housecall.guid.cache
[2013/02/09 13:10:11 | 000,002,539 | ---- | C] () -- C:\Users\tim_oO\Hkey.reg
[2013/02/01 00:01:44 | 000,002,072 | ---- | C] () -- C:\Users\tim_oO\.recently-used.xbel
[2013/01/27 15:14:48 | 000,081,333 | ---- | C] () -- C:\Users\tim_oO\treib.jpg
[2013/01/01 19:18:02 | 000,104,440 | ---- | C] () -- C:\Users\tim_oO\268539_539437299401772_1724037471_n.jpg
[2012/12/20 23:07:27 | 000,036,058 | ---- | C] () -- C:\Users\tim_oO\281742_3948986651780_688252857_n.jpg
[2012/09/12 13:46:37 | 000,025,802 | ---- | C] () -- C:\Users\tim_oO\smiley.jpg
[2012/08/19 21:41:37 | 000,007,606 | ---- | C] () -- C:\Users\tim_oO\AppData\Local\Resmon.ResmonCfg
[2012/06/19 12:04:08 | 002,351,742 | ---- | C] () -- C:\Users\tim_oO\5851448161_8a81580842_o.jpg
[2012/04/11 19:48:06 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\iyvu9_32.dll
[2012/03/22 17:53:36 | 000,000,108 | ---- | C] () -- C:\Users\tim_oO\AppData\Roaming\SMRBackup250.dat
[2012/03/03 21:18:28 | 000,765,952 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012/03/03 21:18:28 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/12/25 13:55:37 | 000,000,133 | ---- | C] () -- C:\windows\VobEdit.INI
[2011/12/24 18:34:31 | 000,000,280 | ---- | C] () -- C:\windows\IfoEdit.INI
[2011/12/24 17:52:42 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/11/19 15:52:20 | 000,000,284 | ---- | C] () -- C:\Users\tim_oO\AppData\Roaming\groovedown.settings
[2011/11/19 15:52:20 | 000,000,000 | ---- | C] () -- C:\Users\tim_oO\AppData\Roaming\gd.db
[2011/09/22 22:50:44 | 000,029,100 | ---- | C] () -- C:\Users\tim_oO\de_Nordwest_Europa_900.html
[2011/09/16 18:10:38 | 000,992,122 | ---- | C] () -- C:\windows\SysWow64\sig.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3322448490-314981258-3538992574-1001\$83990150359794c1504d02c803aa139f\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/24 20:55:59 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\.purple
[2011/10/23 14:43:59 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\BOM
[2012/02/14 19:12:46 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\BSW
[2011/11/12 11:29:14 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\DesktopIconForAmazon
[2013/02/24 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\foobar2000
[2013/01/31 17:58:51 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\gtk-2.0
[2011/11/19 15:52:20 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\lang
[2012/12/26 23:48:14 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\MeldaProduction
[2013/01/25 16:25:40 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Mp3tag
[2012/01/29 15:00:42 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Nokia
[2011/09/18 20:16:08 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\OCS
[2011/09/18 20:16:11 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Opera
[2012/01/29 14:16:25 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\PC Suite
[2012/05/08 14:40:06 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\SteelSeries
[2012/09/12 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Stellarium
[2011/09/18 20:24:02 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Thunderbird
[2011/12/19 13:39:26 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011/09/27 14:20:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013/02/24 19:02:50 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/09/16 16:27:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013/02/14 19:29:17 | 000,000,000 | ---D | M] -- C:\Downloads
[2010/03/30 08:36:22 | 000,000,000 | -HSD | M] -- C:\found.000
[2009/12/15 08:17:00 | 000,000,000 | ---D | M] -- C:\Intel
[2012/01/17 20:48:51 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/12/20 14:10:06 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/02/23 23:40:26 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/02/24 12:54:15 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013/02/24 12:22:55 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/09/16 16:27:34 | 000,000,000 | -HSD | M] -- C:\Programme
[2011/09/16 16:27:34 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013/02/24 20:59:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/09/14 15:28:00 | 000,000,000 | ---D | M] -- C:\temp
[2013/02/23 22:55:15 | 000,000,000 | R--D | M] -- C:\Users
[2011/09/13 04:46:06 | 000,000,000 | ---D | M] -- C:\windiag
[2013/02/24 19:02:49 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010/11/20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,640 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/03/30 23:23:14 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2012/09/12 12:07:13 | 000,001,106 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/09/12 12:07:16 | 000,001,110 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/10/06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 07:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 07:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\windows\SysNative\drivers\iaStor.sys
[2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013/02/01 00:01:44 | 000,002,072 | ---- | M] () -- C:\Users\tim_oO\.recently-used.xbel
[2013/01/01 19:18:03 | 000,104,440 | ---- | M] () -- C:\Users\tim_oO\268539_539437299401772_1724037471_n.jpg
[2012/12/20 23:07:28 | 000,036,058 | ---- | M] () -- C:\Users\tim_oO\281742_3948986651780_688252857_n.jpg
[2012/06/19 12:04:10 | 002,351,742 | ---- | M] () -- C:\Users\tim_oO\5851448161_8a81580842_o.jpg
[2011/09/22 22:50:45 | 000,029,100 | ---- | M] () -- C:\Users\tim_oO\de_Nordwest_Europa_900.html
[2013/02/23 23:13:04 | 000,002,539 | ---- | M] () -- C:\Users\tim_oO\Hkey.reg
[2012/02/25 16:29:58 | 000,000,345 | ---- | M] () -- C:\Users\tim_oO\muziK.txt
[2013/02/09 02:47:10 | 000,000,168 | ---- | M] () -- C:\Users\tim_oO\Neues Textdokument.txt
[2013/02/22 16:03:40 | 000,001,268 | ---- | M] () -- C:\Users\tim_oO\Notizen.txt
[2013/02/24 21:10:05 | 002,097,152 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT
[2013/02/24 21:10:05 | 000,262,144 | -HS- | M] () -- C:\Users\tim_oO\ntuser.dat.LOG1
[2011/09/16 16:28:53 | 000,000,000 | -HS- | M] () -- C:\Users\tim_oO\ntuser.dat.LOG2
[2011/09/16 16:43:48 | 000,065,536 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/09/16 16:43:48 | 000,524,288 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/09/16 16:43:48 | 000,524,288 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/09/16 16:28:53 | 000,000,020 | -HS- | M] () -- C:\Users\tim_oO\ntuser.ini
[2012/12/10 17:31:15 | 000,000,192 | ---- | M] () -- C:\Users\tim_oO\ogame.txt
[2012/09/12 13:46:38 | 000,025,802 | ---- | M] () -- C:\Users\tim_oO\smiley.jpg
[2013/01/27 15:14:49 | 000,109,568 | -HS- | M] () -- C:\Users\tim_oO\Thumbs.db
[2013/01/27 15:14:48 | 000,081,333 | ---- | M] () -- C:\Users\tim_oO\treib.jpg
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 2/24/2013 8:58:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\tim_oO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 64.07% Memory free
7.71 Gb Paging File | 5.89 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98.78 Gb Total Space | 36.96 Gb Free Space | 37.41% Space Free | Partition Type: NTFS
Drive D: | 300.29 Gb Total Space | 89.68 Gb Free Space | 29.86% Space Free | Partition Type: NTFS
Drive F: | 182.00 Gb Total Space | 52.36 Gb Free Space | 28.77% Space Free | Partition Type: NTFS
 
Computer Name: TIM_OO-PC | User Name: tim_oO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"SearchAnonymizer" = SearchAnonymizer
"StarWind RAM Disk_is1" = StarWind RAM Disk (build 2010-03-10)
"SteelSeries Engine" = SteelSeries Engine
"Stellarium_is1" = Stellarium 0.11.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CEC2F82-AEB2-4C4B-B450-62C6CEF159FE}_is1" = Age of Empires 2 & The Conquerors v1.1 Userpatch AiO version 0.2
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1AD8819A-70E8-4380-92DA-F5B2421DAE35}" = G Data AntiVirus 2012
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1" = Office 2010 Trial Extender
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766FF098-68AB-48BE-BF41-05708D178198}" = Wer wird Millionär
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{BA2F3EBC-FE07-4AB5-B906-14DF2C74C523}" = Age of Empires II - the Conquerors WideScreen Patcher
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F3DCD04C-BE9C-408C-BC8C-B77AF972DBC2}" = teXXas
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.00
"AnyDVD" = AnyDVD
"BSW" = BrettspielWelt
"Celestia_is1" = Celestia 1.6.1
"CloneDVD2" = CloneDVD2
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"F.E.A.R. 3_is1" = F.E.A.R. 3
"foobar2000" = foobar2000 v1.1.7
"Heroes II Gold" = Heroes II Gold
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"MeldaProduction MFreeEffectsBundle64 7" = MeldaProduction MFreeEffectsBundle64 7
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"Nokia Suite" = Nokia Suite
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pidgin" = Pidgin
"pidgin-encryption" = Pidgin-Encryption Plugin (nur entfernen)
"pidgin-otr" = pidgin-otr 4.0.0-1
"PokerStars.eu" = PokerStars.eu
"Postal 2" = Postal 2
"Postal 2_is1" = Portal 2
"SeriousSam2" = Serious Sam 2
"SopCast" = SopCast 3.4.0
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"TmNationsForever_is1" = TmNationsForever
"Veetle TV" = Veetle TV
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.3
"vShare.tv plugin" = vShare.tv plugin 1.3
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/2/2012 3:15:27 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/2/2012 3:15:27 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 11:40:08 AM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 5:43:53 PM | Computer Name = tim_oO-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Diablo III.exe, Version: 1.0.6.13300,
 Zeitstempel: 0x50a45e28  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000222b2  ID des fehlerhaften
 Prozesses: 0x6fc  Startzeit der fehlerhaften Anwendung: 0x01cdd17678533bf9  Pfad der
 fehlerhaften Anwendung: D:\Games\Diablo III\Diablo III.exe  Pfad des fehlerhaften
 Moduls: C:\windows\SysWOW64\ntdll.dll  Berichtskennung: 87d6b93d-3d92-11e2-9cf6-b482fe9a12fa
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/4/2012 12:22:10 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 2/24/2013 7:10:55 AM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
Error - 2/24/2013 7:10:56 AM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 2/24/2013 7:12:21 AM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
Error - 2/24/2013 7:12:21 AM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%-2147024891
 
Error - 2/24/2013 2:03:10 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
Error - 2/24/2013 2:03:11 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/24/2013 2:03:11 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/24/2013 2:03:15 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 2/24/2013 2:05:21 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
Error - 2/24/2013 2:05:21 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%-2147024891
 
 
< End of report >
--- --- ---

markusg 25.02.2013 16:29
hi
wann war dieser Fund:
Datei: C:\$Recycle.Bin\S-1-5-21-3322448490-314981258-3538992574-1001\$83990150359794c1504d02c803aa139f\U\800000cb.@
Virus: Trojan.Sirefef.ML (Engine A)

tempotimes 25.02.2013 16:46
Hi,
der Fund war am 06.02. Wurde im Laufe des Tages mehrfach gemeldet. Generell waren viele Virenmeldungen doppelt und dreifach. Falls es hilfreich ist kann ich ja mal alle Meldungen teilen.

markusg 25.02.2013 19:01
Hi
nutzt du das Gerät für onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?

tempotimes 25.02.2013 19:05
Naja PayPal...

markusg 25.02.2013 19:09
Hi
paypal von nem andern pc aus passwort ändern.
du hast ein Rootkit auf dem PC.
The ZeroAccess rootkit | Naked Security

Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC
für zahlungsverkehr, verwendest
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.
Wenn es meiner währe,würd ich ihn neu machen.

tempotimes 25.02.2013 19:12
Okay, danke schon mal.
Ich würde es gerne erst mal mit einer Bereinigung versuchen, da ich momentan keine Möglichkeit habe Dateien zu sichern.

markusg 25.02.2013 19:41
aber dann solltest du vom den pc aus nie wieder paypal nutzen, dass sollte dir bewusst sein.
bzw nichts anderes sensibles mehr, also zb auch nicht einkaufen.

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

tempotimes 25.02.2013 19:47
Hat nichts gefunden.
Wollte mein Paypal-Passwort von nem anderen Rechner aus ändern, leider sind mir die genauen Schreibweisen der Sicherheitsfragen entfallen. Naja ich habs dann so weit getrieben, dass man sich nicht mehr einloggen kann und dem Support bescheid gegeben.

markusg 25.02.2013 19:49
wo ist das log?

tempotimes 25.02.2013 19:50
Komisch, erst nicht gefunden.

Code:
19:48:00.0675 4036  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:48:00.0835 4036  ============================================================
19:48:00.0835 4036  Current date / time: 2013/02/25 19:48:00.0835
19:48:00.0835 4036  SystemInfo:
19:48:00.0835 4036 
19:48:00.0835 4036  OS Version: 6.1.7601 ServicePack: 1.0
19:48:00.0835 4036  Product type: Workstation
19:48:00.0835 4036  ComputerName: TIM_OO-PC
19:48:00.0835 4036  UserName: tim_oO
19:48:00.0835 4036  Windows directory: C:\windows
19:48:00.0835 4036  System windows directory: C:\windows
19:48:00.0835 4036  Running under WOW64
19:48:00.0835 4036  Processor architecture: Intel x64
19:48:00.0835 4036  Number of processors: 4
19:48:00.0835 4036  Page size: 0x1000
19:48:00.0835 4036  Boot type: Normal boot
19:48:00.0835 4036  ============================================================
19:48:01.0135 4036  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:48:01.0145 4036  ============================================================
19:48:01.0145 4036  \Device\Harddisk0\DR0:
19:48:01.0145 4036  MBR partitions:
19:48:01.0145 4036  Initialize success
19:48:01.0145 4036  ============================================================
19:48:05.0305 3736  ============================================================
19:48:05.0305 3736  Scan started
19:48:05.0305 3736  Mode: Manual; SigCheck; TDLFS;
19:48:05.0305 3736  ============================================================
19:48:05.0315 3736  ================ Scan system memory ========================
19:48:05.0315 3736  System memory - ok
19:48:05.0315 3736  ================ Scan services =============================
19:48:05.0365 3736  1394ohci - ok
19:48:05.0385 3736  ACPI - ok
19:48:05.0385 3736  AcpiPmi - ok
19:48:05.0415 3736  AdobeARMservice - ok
19:48:05.0445 3736  AdobeFlashPlayerUpdateSvc - ok
19:48:05.0455 3736  adp94xx - ok
19:48:05.0455 3736  adpahci - ok
19:48:05.0465 3736  adpu320 - ok
19:48:05.0465 3736  AeLookupSvc - ok
19:48:05.0485 3736  AFD - ok
19:48:05.0485 3736  agp440 - ok
19:48:05.0495 3736  ALG - ok
19:48:05.0495 3736  aliide - ok
19:48:05.0495 3736  amdide - ok
19:48:05.0495 3736  AmdK8 - ok
19:48:05.0505 3736  AmdPPM - ok
19:48:05.0515 3736  amdsata - ok
19:48:05.0515 3736  amdsbs - ok
19:48:05.0515 3736  amdxata - ok
19:48:05.0555 3736  AnyDVD - ok
19:48:05.0565 3736  AppID - ok
19:48:05.0575 3736  AppIDSvc - ok
19:48:05.0575 3736  Appinfo - ok
19:48:05.0575 3736  arc - ok
19:48:05.0585 3736  arcsas - ok
19:48:05.0585 3736  AsyncMac - ok
19:48:05.0595 3736  atapi - ok
19:48:05.0605 3736  athr - ok
19:48:05.0625 3736  atksgt - ok
19:48:05.0625 3736  AudioEndpointBuilder - ok
19:48:05.0635 3736  AudioSrv - ok
19:48:05.0645 3736  AVKProxy - ok
19:48:05.0645 3736  AVKService - ok
19:48:05.0645 3736  AVKWCtl - ok
19:48:05.0665 3736  AxInstSV - ok
19:48:05.0665 3736  b06bdrv - ok
19:48:05.0675 3736  b57nd60a - ok
19:48:05.0675 3736  BDESVC - ok
19:48:05.0685 3736  Beep - ok
19:48:05.0685 3736  BITS - ok
19:48:05.0685 3736  blbdrive - ok
19:48:05.0695 3736  bowser - ok
19:48:05.0695 3736  BrFiltLo - ok
19:48:05.0705 3736  BrFiltUp - ok
19:48:05.0705 3736  Browser - ok
19:48:05.0705 3736  Brserid - ok
19:48:05.0715 3736  BrSerWdm - ok
19:48:05.0715 3736  BrUsbMdm - ok
19:48:05.0715 3736  BrUsbSer - ok
19:48:05.0735 3736  BthEnum - ok
19:48:05.0735 3736  BTHMODEM - ok
19:48:05.0755 3736  BthPan - ok
19:48:05.0755 3736  BTHPORT - ok
19:48:05.0755 3736  bthserv - ok
19:48:05.0765 3736  BTHUSB - ok
19:48:05.0765 3736  btusbflt - ok
19:48:05.0795 3736  btwaudio - ok
19:48:05.0805 3736  btwavdt - ok
19:48:05.0835 3736  btwdins - ok
19:48:05.0855 3736  btwl2cap - ok
19:48:05.0855 3736  btwrchid - ok
19:48:05.0865 3736  busenum - ok
19:48:05.0865 3736  cdfs - ok
19:48:05.0875 3736  cdrom - ok
19:48:05.0885 3736  CertPropSvc - ok
19:48:05.0895 3736  circlass - ok
19:48:05.0895 3736  CLFS - ok
19:48:05.0895 3736  clr_optimization_v2.0.50727_32 - ok
19:48:05.0905 3736  clr_optimization_v2.0.50727_64 - ok
19:48:05.0915 3736  clr_optimization_v4.0.30319_32 - ok
19:48:05.0915 3736  clr_optimization_v4.0.30319_64 - ok
19:48:05.0935 3736  CmBatt - ok
19:48:05.0935 3736  cmdide - ok
19:48:05.0935 3736  CNG - ok
19:48:05.0945 3736  Compbatt - ok
19:48:05.0955 3736  CompositeBus - ok
19:48:05.0955 3736  COMSysApp - ok
19:48:05.0965 3736  crcdisk - ok
19:48:05.0975 3736  CryptSvc - ok
19:48:05.0975 3736  DcomLaunch - ok
19:48:05.0985 3736  defragsvc - ok
19:48:05.0985 3736  DfsC - ok
19:48:05.0985 3736  Dhcp - ok
19:48:06.0005 3736  discache - ok
19:48:06.0005 3736  Disk - ok
19:48:06.0015 3736  Dnscache - ok
19:48:06.0015 3736  dot3svc - ok
19:48:06.0025 3736  DPS - ok
19:48:06.0025 3736  drmkaud - ok
19:48:06.0025 3736  DXGKrnl - ok
19:48:06.0035 3736  EapHost - ok
19:48:06.0045 3736  ebdrv - ok
19:48:06.0045 3736  EFS - ok
19:48:06.0045 3736  ehRecvr - ok
19:48:06.0055 3736  ehSched - ok
19:48:06.0055 3736  ElbyCDIO - ok
19:48:06.0065 3736  elxstor - ok
19:48:06.0065 3736  ErrDev - ok
19:48:06.0075 3736  EventSystem - ok
19:48:06.0075 3736  exfat - ok
19:48:06.0075 3736  fastfat - ok
19:48:06.0085 3736  Fax - ok
19:48:06.0085 3736  fdc - ok
19:48:06.0085 3736  fdPHost - ok
19:48:06.0095 3736  FDResPub - ok
19:48:06.0095 3736  FileInfo - ok
19:48:06.0095 3736  Filetrace - ok
19:48:06.0095 3736  flpydisk - ok
19:48:06.0105 3736  FltMgr - ok
19:48:06.0105 3736  FontCache - ok
19:48:06.0105 3736  FontCache3.0.0.0 - ok
19:48:06.0115 3736  FsDepends - ok
19:48:06.0115 3736  Fs_Rec - ok
19:48:06.0115 3736  fvevol - ok
19:48:06.0115 3736  gagp30kx - ok
19:48:06.0125 3736  GDBehave - ok
19:48:06.0135 3736  GDMnIcpt - ok
19:48:06.0145 3736  GdNetMon - ok
19:48:06.0145 3736  GDPkIcpt - ok
19:48:06.0155 3736  GDScan - ok
19:48:06.0165 3736  gdwfpcd - ok
19:48:06.0165 3736  gpsvc - ok
19:48:06.0175 3736  GRD - ok
19:48:06.0215 3736  gupdate - ok
19:48:06.0235 3736  gupdatem - ok
19:48:06.0245 3736  hamachi - ok
19:48:06.0265 3736  Hamachi2Svc - ok
19:48:06.0265 3736  hcw85cir - ok
19:48:06.0275 3736  HdAudAddService - ok
19:48:06.0295 3736  HDAudBus - ok
19:48:06.0295 3736  HidBatt - ok
19:48:06.0295 3736  HidBth - ok
19:48:06.0305 3736  HidIr - ok
19:48:06.0305 3736  hidserv - ok
19:48:06.0305 3736  HidUsb - ok
19:48:06.0315 3736  hkmsvc - ok
19:48:06.0315 3736  HomeGroupListener - ok
19:48:06.0315 3736  HomeGroupProvider - ok
19:48:06.0315 3736  HookCentre - ok
19:48:06.0325 3736  HpSAMD - ok
19:48:06.0325 3736  HTTP - ok
19:48:06.0325 3736  hwpolicy - ok
19:48:06.0335 3736  i8042prt - ok
19:48:06.0335 3736  iaStor - ok
19:48:06.0335 3736  iaStorV - ok
19:48:06.0335 3736  idsvc - ok
19:48:06.0345 3736  igfx - ok
19:48:06.0345 3736  iirsp - ok
19:48:06.0365 3736  IKEEXT - ok
19:48:06.0385 3736  Impcd - ok
19:48:06.0405 3736  IntcAzAudAddService - ok
19:48:06.0405 3736  intelide - ok
19:48:06.0405 3736  intelppm - ok
19:48:06.0405 3736  IPBusEnum - ok
19:48:06.0415 3736  IpFilterDriver - ok
19:48:06.0425 3736  IPMIDRV - ok
19:48:06.0425 3736  IPNAT - ok
19:48:06.0425 3736  IRENUM - ok
19:48:06.0435 3736  isapnp - ok
19:48:06.0435 3736  iScsiPrt - ok
19:48:06.0445 3736  kbdclass - ok
19:48:06.0445 3736  kbdhid - ok
19:48:06.0455 3736  KeyIso - ok
19:48:06.0455 3736  KSecDD - ok
19:48:06.0455 3736  KSecPkg - ok
19:48:06.0455 3736  ksthunk - ok
19:48:06.0465 3736  KtmRm - ok
19:48:06.0465 3736  LanmanServer - ok
19:48:06.0465 3736  LanmanWorkstation - ok
19:48:06.0485 3736  lirsgt - ok
19:48:06.0485 3736  lltdio - ok
19:48:06.0485 3736  lltdsvc - ok
19:48:06.0495 3736  lmhosts - ok
19:48:06.0495 3736  LSI_FC - ok
19:48:06.0495 3736  LSI_SAS - ok
19:48:06.0505 3736  LSI_SAS2 - ok
19:48:06.0505 3736  LSI_SCSI - ok
19:48:06.0505 3736  luafv - ok
19:48:06.0525 3736  MBAMProtector - ok
19:48:06.0535 3736  MBAMScheduler - ok
19:48:06.0545 3736  MBAMService - ok
19:48:06.0545 3736  Mcx2Svc - ok
19:48:06.0545 3736  megasas - ok
19:48:06.0555 3736  MegaSR - ok
19:48:06.0555 3736  MMCSS - ok
19:48:06.0555 3736  Modem - ok
19:48:06.0575 3736  monitor - ok
19:48:06.0575 3736  mouclass - ok
19:48:06.0585 3736  mouhid - ok
19:48:06.0585 3736  mountmgr - ok
19:48:06.0605 3736  MozillaMaintenance - ok
19:48:06.0605 3736  mpio - ok
19:48:06.0605 3736  mpsdrv - ok
19:48:06.0605 3736  MRxDAV - ok
19:48:06.0615 3736  mrxsmb - ok
19:48:06.0615 3736  mrxsmb10 - ok
19:48:06.0615 3736  mrxsmb20 - ok
19:48:06.0625 3736  msahci - ok
19:48:06.0625 3736  msdsm - ok
19:48:06.0625 3736  MSDTC - ok
19:48:06.0635 3736  Msfs - ok
19:48:06.0645 3736  mshidkmdf - ok
19:48:06.0645 3736  msisadrv - ok
19:48:06.0645 3736  MSiSCSI - ok
19:48:06.0655 3736  msiserver - ok
19:48:06.0655 3736  MSKSSRV - ok
19:48:06.0655 3736  MSPCLOCK - ok
19:48:06.0655 3736  MSPQM - ok
19:48:06.0665 3736  MsRPC - ok
19:48:06.0665 3736  mssmbios - ok
19:48:06.0665 3736  MSTEE - ok
19:48:06.0675 3736  MTConfig - ok
19:48:06.0675 3736  Mup - ok
19:48:06.0675 3736  napagent - ok
19:48:06.0705 3736  NativeWifiP - ok
19:48:06.0715 3736  NDIS - ok
19:48:06.0715 3736  NdisCap - ok
19:48:06.0725 3736  NdisTapi - ok
19:48:06.0725 3736  Ndisuio - ok
19:48:06.0725 3736  NdisWan - ok
19:48:06.0735 3736  NDProxy - ok
19:48:06.0745 3736  NetBIOS - ok
19:48:06.0755 3736  NetBT - ok
19:48:06.0755 3736  Netlogon - ok
19:48:06.0755 3736  Netman - ok
19:48:06.0765 3736  netprofm - ok
19:48:06.0765 3736  NetTcpPortSharing - ok
19:48:06.0775 3736  nfrd960 - ok
19:48:06.0785 3736  NlaSvc - ok
19:48:06.0795 3736  nmwcd - ok
19:48:06.0795 3736  nmwcdc - ok
19:48:06.0795 3736  Npfs - ok
19:48:06.0805 3736  nsi - ok
19:48:06.0805 3736  nsiproxy - ok
19:48:06.0805 3736  Ntfs - ok
19:48:06.0805 3736  Null - ok
19:48:06.0815 3736  NVHDA - ok
19:48:06.0835 3736  nvlddmkm - ok
19:48:06.0855 3736  nvraid - ok
19:48:06.0855 3736  nvstor - ok
19:48:06.0875 3736  nvsvc - ok
19:48:06.0885 3736  nvUpdatusService - ok
19:48:06.0885 3736  nv_agp - ok
19:48:06.0895 3736  ohci1394 - ok
19:48:06.0915 3736  ose - ok
19:48:06.0925 3736  osppsvc - ok
19:48:06.0935 3736  p2pimsvc - ok
19:48:06.0935 3736  p2psvc - ok
19:48:06.0935 3736  Parport - ok
19:48:06.0935 3736  partmgr - ok
19:48:06.0945 3736  PcaSvc - ok
19:48:06.0955 3736  pccsmcfd - ok
19:48:06.0965 3736  pci - ok
19:48:06.0965 3736  pciide - ok
19:48:06.0965 3736  pcmcia - ok
19:48:06.0965 3736  pcw - ok
19:48:06.0975 3736  PEAUTH - ok
19:48:06.0975 3736  PerfHost - ok
19:48:06.0985 3736  pla - ok
19:48:06.0995 3736  PlugPlay - ok
19:48:06.0995 3736  PNRPAutoReg - ok
19:48:06.0995 3736  PNRPsvc - ok
19:48:07.0005 3736  Point64 - ok
19:48:07.0005 3736  PolicyAgent - ok
19:48:07.0005 3736  Power - ok
19:48:07.0015 3736  PptpMiniport - ok
19:48:07.0015 3736  Processor - ok
19:48:07.0015 3736  ProfSvc - ok
19:48:07.0025 3736  ProtectedStorage - ok
19:48:07.0035 3736  Psched - ok
19:48:07.0045 3736  ql2300 - ok
19:48:07.0045 3736  ql40xx - ok
19:48:07.0045 3736  QWAVE - ok
19:48:07.0045 3736  QWAVEdrv - ok
19:48:07.0055 3736  RasAcd - ok
19:48:07.0055 3736  RasAgileVpn - ok
19:48:07.0055 3736  RasAuto - ok
19:48:07.0065 3736  Rasl2tp - ok
19:48:07.0065 3736  RasMan - ok
19:48:07.0065 3736  RasPppoe - ok
19:48:07.0065 3736  RasSstp - ok
19:48:07.0075 3736  rdbss - ok
19:48:07.0075 3736  rdpbus - ok
19:48:07.0075 3736  RDPCDD - ok
19:48:07.0085 3736  RDPENCDD - ok
19:48:07.0095 3736  RDPREFMP - ok
19:48:07.0105 3736  RdpVideoMiniport - ok
19:48:07.0105 3736  RDPWD - ok
19:48:07.0115 3736  rdyboost - ok
19:48:07.0115 3736  RemoteAccess - ok
19:48:07.0115 3736  RemoteRegistry - ok
19:48:07.0125 3736  Rezip - ok
19:48:07.0135 3736  RFCOMM - ok
19:48:07.0145 3736  RpcEptMapper - ok
19:48:07.0145 3736  RpcLocator - ok
19:48:07.0145 3736  RpcSs - ok
19:48:07.0155 3736  rspndr - ok
19:48:07.0155 3736  RTL8167 - ok
19:48:07.0155 3736  SABI - ok
19:48:07.0175 3736  SAlphamHid - ok
19:48:07.0175 3736  SamSs - ok
19:48:07.0175 3736  sbp2port - ok
19:48:07.0175 3736  SCardSvr - ok
19:48:07.0185 3736  scfilter - ok
19:48:07.0185 3736  Schedule - ok
19:48:07.0185 3736  SCPolicySvc - ok
19:48:07.0195 3736  SDRSVC - ok
19:48:07.0205 3736  SearchAnonymizer - ok
19:48:07.0205 3736  secdrv - ok
19:48:07.0205 3736  seclogon - ok
19:48:07.0215 3736  SENS - ok
19:48:07.0215 3736  SensrSvc - ok
19:48:07.0225 3736  Serenum - ok
19:48:07.0225 3736  Serial - ok
19:48:07.0235 3736  sermouse - ok
19:48:07.0235 3736  ServiceLayer - ok
19:48:07.0245 3736  SessionEnv - ok
19:48:07.0245 3736  sffdisk - ok
19:48:07.0245 3736  sffp_mmc - ok
19:48:07.0255 3736  sffp_sd - ok
19:48:07.0255 3736  sfloppy - ok
19:48:07.0255 3736  ShellHWDetection - ok
19:48:07.0265 3736  SiSRaid2 - ok
19:48:07.0265 3736  SiSRaid4 - ok
19:48:07.0275 3736  SkypeUpdate - ok
19:48:07.0285 3736  Smb - ok
19:48:07.0285 3736  SMR250 - ok
19:48:07.0295 3736  SNMPTRAP - ok
19:48:07.0295 3736  spldr - ok
19:48:07.0305 3736  Spooler - ok
19:48:07.0305 3736  sppsvc - ok
19:48:07.0305 3736  sppuinotify - ok
19:48:07.0305 3736  srv - ok
19:48:07.0315 3736  srv2 - ok
19:48:07.0315 3736  srvnet - ok
19:48:07.0325 3736  SSDPSRV - ok
19:48:07.0325 3736  SstpSvc - ok
19:48:07.0335 3736  StarRAM - ok
19:48:07.0345 3736  StarRAMService - ok
19:48:07.0365 3736  Steam Client Service - ok
19:48:07.0375 3736  stexstor - ok
19:48:07.0375 3736  stisvc - ok
19:48:07.0375 3736  swenum - ok
19:48:07.0385 3736  swprv - ok
19:48:07.0395 3736  SynTP - ok
19:48:07.0395 3736  SysMain - ok
19:48:07.0405 3736  TabletInputService - ok
19:48:07.0405 3736  TapiSrv - ok
19:48:07.0405 3736  TBS - ok
19:48:07.0415 3736  Tcpip - ok
19:48:07.0425 3736  TCPIP6 - ok
19:48:07.0425 3736  tcpipreg - ok
19:48:07.0435 3736  TDPIPE - ok
19:48:07.0435 3736  TDTCP - ok
19:48:07.0435 3736  tdx - ok
19:48:07.0445 3736  TermDD - ok
19:48:07.0445 3736  TermService - ok
19:48:07.0445 3736  Themes - ok
19:48:07.0445 3736  THREADORDER - ok
19:48:07.0455 3736  TrkWks - ok
19:48:07.0455 3736  TrustedInstaller - ok
19:48:07.0455 3736  tssecsrv - ok
19:48:07.0465 3736  TsUsbFlt - ok
19:48:07.0465 3736  tunnel - ok
19:48:07.0475 3736  uagp35 - ok
19:48:07.0475 3736  udfs - ok
19:48:07.0475 3736  UI0Detect - ok
19:48:07.0495 3736  uliagpkx - ok
19:48:07.0495 3736  umbus - ok
19:48:07.0505 3736  UmPass - ok
19:48:07.0505 3736  upnphost - ok
19:48:07.0505 3736  upperdev - ok
19:48:07.0505 3736  usbccgp - ok
19:48:07.0515 3736  usbcir - ok
19:48:07.0515 3736  usbehci - ok
19:48:07.0515 3736  usbhub - ok
19:48:07.0525 3736  usbohci - ok
19:48:07.0525 3736  usbprint - ok
19:48:07.0525 3736  usbser - ok
19:48:07.0535 3736  UsbserFilt - ok
19:48:07.0535 3736  USBSTOR - ok
19:48:07.0535 3736  usbuhci - ok
19:48:07.0555 3736  usbvideo - ok
19:48:07.0555 3736  UxSms - ok
19:48:07.0555 3736  VaultSvc - ok
19:48:07.0565 3736  VClone - ok
19:48:07.0565 3736  vdrvroot - ok
19:48:07.0565 3736  vds - ok
19:48:07.0575 3736  vga - ok
19:48:07.0575 3736  VgaSave - ok
19:48:07.0575 3736  vhdmp - ok
19:48:07.0575 3736  viaide - ok
19:48:07.0585 3736  volmgr - ok
19:48:07.0585 3736  volmgrx - ok
19:48:07.0585 3736  volsnap - ok
19:48:07.0595 3736  vsmraid - ok
19:48:07.0605 3736  VSS - ok
19:48:07.0605 3736  vwifibus - ok
19:48:07.0615 3736  vwififlt - ok
19:48:07.0635 3736  vwifimp - ok
19:48:07.0635 3736  W32Time - ok
19:48:07.0645 3736  WacomPen - ok
19:48:07.0645 3736  WANARP - ok
19:48:07.0645 3736  Wanarpv6 - ok
19:48:07.0655 3736  wbengine - ok
19:48:07.0655 3736  WbioSrvc - ok
19:48:07.0655 3736  wcncsvc - ok
19:48:07.0665 3736  WcsPlugInService - ok
19:48:07.0665 3736  Wd - ok
19:48:07.0665 3736  Wdf01000 - ok
19:48:07.0665 3736  WdiServiceHost - ok
19:48:07.0675 3736  WdiSystemHost - ok
19:48:07.0675 3736  WebClient - ok
19:48:07.0675 3736  Wecsvc - ok
19:48:07.0675 3736  wercplsupport - ok
19:48:07.0685 3736  WerSvc - ok
19:48:07.0685 3736  WfpLwf - ok
19:48:07.0695 3736  WIMMount - ok
19:48:07.0695 3736  WinHttpAutoProxySvc - ok
19:48:07.0695 3736  Winmgmt - ok
19:48:07.0705 3736  WinRM - ok
19:48:07.0725 3736  WinUsb - ok
19:48:07.0725 3736  Wlansvc - ok
19:48:07.0735 3736  WmiAcpi - ok
19:48:07.0735 3736  wmiApSrv - ok
19:48:07.0735 3736  WMPNetworkSvc - ok
19:48:07.0745 3736  WPCSvc - ok
19:48:07.0745 3736  WPDBusEnum - ok
19:48:07.0745 3736  ws2ifsl - ok
19:48:07.0765 3736  WSearch - ok
19:48:07.0765 3736  wuauserv - ok
19:48:07.0765 3736  WudfPf - ok
19:48:07.0775 3736  WUDFRd - ok
19:48:07.0775 3736  wudfsvc - ok
19:48:07.0775 3736  WwanSvc - ok
19:48:07.0795 3736  yukonw7 - ok
19:48:07.0825 3736  ================ Scan global ===============================
19:48:07.0825 3736  [Global] - ok
19:48:07.0825 3736  ================ Scan MBR ==================================
19:48:07.0835 3736  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
19:48:08.0195 3736  \Device\Harddisk0\DR0 - ok
19:48:08.0195 3736  ================ Scan VBR ==================================
19:48:08.0195 3736  ============================================================
19:48:08.0195 3736  Scan finished
19:48:08.0195 3736  ============================================================
19:48:08.0205 4356  Detected object count: 0
19:48:08.0205 4356  Actual detected object count: 0
19:48:14.0875 1564  Deinitialize success

markusg 25.02.2013 19:51
hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

tempotimes 25.02.2013 20:02
Mein Problem ist grad, dass sich G Data nicht ausschalten lässt. Wächter und automatische Virenprüfung sind eigentlich aus, trotzdem kommen ständig Meldungen von G Data. Per Taskmanager killen kann ich den Prozess auch nicht.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:56 Uhr.
Seite 1 von 5 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19