Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Sicherheitscenterdienst (https://www.trojaner-board.de/131459-sicherheitscenterdienst.html)

tempotimes 24.02.2013 12:40
Sicherheitscenterdienst
 
Hallo,

also ich hatte letztens so nen Virus aufm Laptop und kurze Zeit später fiel mir dann auf, dass das Sicherheitscenter unten rechts in der Taskleiste nicht mehr aufgeführt wird. Manuell starten lässt es sich auch nicht, denn dann kommt "Der Windows-Sicherheitsdienst kann nicht gestartet werden". Wenn ich dann bei Diensten nach diesem speziellen Dienst suche, wird dieser nicht einmal mehr aufgeführt. Ich hoffe ihr könnt mir weiter helfen. Vielen Dank im voraus.

Hier noch die Logfiles von HJTScanlist, Malwarebytes, HiJackThis und CCleaner.
Bei HiJackThis entfernte ich schon die "mctadmin"-Einträge. Und auch bei Malwarebytes führte ich die Säuberungen durch.


Code:
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.1.7601]
 
 
C:

  24.02.2013 12:23    C:\Program Files (x86) --------- 20480 
  24.02.2013 12:22    C:\ProgramData --------- 12288 
  24.02.2013 12:22    C:\END --------- 0 
  24.02.2013 12:12    C:\test.log --------- 294 
      C:\pagefile.sys ---------   
      C:\hiberfil.sys ---------   
  24.02.2013 12:10    C:\Windows --------- 32768 
  23.02.2013 23:40    C:\Program Files --------- 12288 
  23.02.2013 22:55    C:\Users --------- 4096 
  17.02.2013 20:30    C:\AILog.txt --------- 0 
  17.02.2013 02:35    C:\System Volume Information --------- 16384 
  14.02.2013 19:29    C:\Downloads --------- 0 
  14.09.2012 15:28    C:\temp --------- 0 
  17.01.2012 20:48    C:\MSOCache --------- 0 
  20.12.2011 14:10    C:\NVIDIA --------- 0 
  27.09.2011 14:20    C:\$Recycle.Bin --------- 0 
  16.09.2011 16:27    C:\Recovery --------- 0 
  16.09.2011 16:27    C:\Programme --------- 0 
  16.09.2011 16:27    C:\Dokumente und Einstellungen --------- 0 
  13.09.2011 04:46    C:\windiag --------- 0 
  30.03.2010 08:36    C:\found.000 --------- 0 
  15.12.2009 08:49    C:\Setup.log --------- 166 
  15.12.2009 08:19    C:\RHDSetup.log --------- 2144 
  15.12.2009 08:17    C:\Intel --------- 0 
  14.07.2009 06:08    C:\Documents and Settings --------- 0 
  14.07.2009 04:20    C:\PerfLogs --------- 0 
----------------------------------------

 
C:\windows

  24.02.2013 12:16    C:\windows\WindowsUpdate.log --------- 1257931 
  24.02.2013 12:10    C:\windows\setupact.log --------- 6527 
  24.02.2013 12:10    C:\windows\bootstat.dat --------- 67584 
  24.02.2013 01:40    C:\windows\PFRO.log --------- 2262 
  23.02.2013 23:40    C:\windows\epplauncher.mif --------- 1912 
  15.01.2013 20:35    C:\windows\setuperr.log --------- 0 
  11.02.2012 07:36    C:\windows\splwow64.exe --------- 67072 
  25.12.2011 14:33    C:\windows\VobEdit.INI --------- 133 
  25.12.2011 13:45    C:\windows\IfoEdit.INI --------- 280 
  13.09.2011 03:02    C:\windows\win.ini --------- 717 
  25.02.2011 07:19    C:\windows\explorer.exe --------- 2871808 
  20.11.2010 14:24    C:\windows\bfsvc.exe --------- 71168 
  20.11.2010 13:21    C:\windows\twain_32.dll --------- 51200 
  15.12.2009 09:04    C:\windows\Csup.txt --------- 10 
  15.12.2009 08:15    C:\windows\HotFixList.ini --------- 2 
  20.11.2009 10:17    C:\windows\R-series.bmp --------- 480056 
  20.11.2009 09:39    C:\windows\R-series.c1 --------- 673 
  20.11.2009 09:39    C:\windows\R-series.c3 --------- 673 
  20.11.2009 09:39    C:\windows\R-series.ico --------- 10446 
  20.11.2009 05:56    C:\windows\R-series.swf --------- 10478708 
  16.11.2009 08:27    C:\windows\Crystal Delight.scr --------- 19480587 
  10.11.2009 02:32    C:\windows\surbey.ico --------- 562718 
  17.09.2009 20:00    C:\windows\SetLCDStretchMode.exe --------- 345600 
  19.08.2009 02:16    C:\windows\RtlExUpd.dll --------- 831488 
  14.07.2009 05:54    C:\windows\WindowsShell.Manifest --------- 749 
  14.07.2009 02:39    C:\windows\write.exe --------- 10240 
  14.07.2009 02:39    C:\windows\regedit.exe --------- 427008 
  14.07.2009 02:39    C:\windows\notepad.exe --------- 193536 
  14.07.2009 02:39    C:\windows\HelpPane.exe --------- 733696 
  14.07.2009 02:39    C:\windows\hh.exe --------- 16896 
  14.07.2009 02:39    C:\windows\fveupdate.exe --------- 15360 
  14.07.2009 02:14    C:\windows\winhlp32.exe --------- 9728 
  14.07.2009 02:14    C:\windows\twunk_32.exe --------- 31232 
  14.07.2009 00:06    C:\windows\mib.bin --------- 43131 
  10.06.2009 22:41    C:\windows\twunk_16.exe --------- 49680 
  10.06.2009 22:41    C:\windows\twain.dll --------- 94784 
  10.06.2009 22:08    C:\windows\system.ini --------- 219 
  10.06.2009 21:52    C:\windows\WMSysPr9.prx --------- 316640 
  10.06.2009 21:36    C:\windows\msdfmap.ini --------- 1405 
  10.06.2009 21:31    C:\windows\Starter.xml --------- 48201 
  10.06.2009 21:30    C:\windows\HomePremium.xml --------- 48265 
  10.06.2009 21:30    C:\windows\HomeBasic.xml --------- 48223 
  15.04.2009 03:21    C:\windows\SetDisplayResolution.exe --------- 307200 
  19.12.2008 20:04    C:\windows\SetDisplayResolutionDT.xml --------- 3282 
  19.12.2008 20:04    C:\windows\SetDisplayResolutionNP.xml --------- 3282 
  20.02.2008 08:50    C:\windows\R-series.scr --------- 903680 
  20.02.2008 08:49    C:\windows\R-series.exe --------- 495104 
  14.11.2007 08:13    C:\windows\Reseal64.exe --------- 423936 
  09.11.2006 23:31    C:\windows\Samsung.png --------- 16018 
  24.10.2006 09:06    C:\windows\R-series.c4 --------- 639 
  08.10.2006 11:33    C:\windows\R-series.ini --------- 0 
  17.12.1999 07:13    C:\windows\unvise32.exe --------- 86016 
----------------------------------------

 
C:\windows\System

 21.09.1994 00:00      C:\windows\System\Wing32.dll --------- 12800
----------------------------------------

 
C:\windows\System32

 24.02.2013 12:18    C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 13936 
 24.02.2013 12:18    C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 13936 
 24.02.2013 12:26    C:\windows\system32\config --------- 28672 
 24.02.2013 05:32    C:\windows\system32\FNTCACHE.DAT --------- 389920 
 24.02.2013 05:30    C:\windows\system32\migration --------- 0 
 24.02.2013 05:30    C:\windows\system32\drivers --------- 65536 
 24.02.2013 02:30    C:\windows\system32\MRT.exe --------- 70004024 
 24.02.2013 02:28    C:\windows\system32\perfh009.dat --------- 616242 
 24.02.2013 02:28    C:\windows\system32\perfc009.dat --------- 106622 
 24.02.2013 02:28    C:\windows\system32\perfc007.dat --------- 130240 
 24.02.2013 02:28    C:\windows\system32\perfh007.dat --------- 654400 
 24.02.2013 02:28    C:\windows\system32\PerfStringBackup.INI --------- 1520734 
 23.02.2013 23:16    C:\windows\system32\catroot --------- 4096 
 23.02.2013 22:58    C:\windows\system32\catroot2 --------- 40960 
 23.02.2013 22:56    C:\windows\system32\DriverStore --------- 4096 
 10.02.2013 04:25    C:\windows\system32\nvd3dumx.dll --------- 17987192 
 10.02.2013 04:25    C:\windows\system32\nvdispco6420294.dll --------- 1807136 
 10.02.2013 04:25    C:\windows\system32\nvcuda.dll --------- 9422672 
 10.02.2013 04:25    C:\windows\system32\nvinfo.pb --------- 17738 
 10.02.2013 04:25    C:\windows\system32\nvcompiler.dll --------- 25256736 
 10.02.2013 04:25    C:\windows\system32\nvcuvenc.dll --------- 2350368 
 10.02.2013 04:25    C:\windows\system32\nvoglv64.dll --------- 26947360 
 10.02.2013 04:25    C:\windows\system32\nvcuvid.dll --------- 2911008 
 10.02.2013 04:25    C:\windows\system32\nvdispgenco6420162.dll --------- 1510176 
 10.02.2013 04:25    C:\windows\system32\nvopencl.dll --------- 7569184 
 10.02.2013 04:25    C:\windows\system32\nvapi64.dll --------- 2854344 
 10.02.2013 04:25    C:\windows\system32\nvwgf2umx.dll --------- 15275744 
 10.02.2013 02:04    C:\windows\system32\nvsvc64.dll --------- 3472672 
 10.02.2013 02:04    C:\windows\system32\nvcpl.dll --------- 6393120 
 10.02.2013 02:04    C:\windows\system32\nvvsvc.exe --------- 877856 
 10.02.2013 02:04    C:\windows\system32\nvsvcr.dll --------- 2555680 
 10.02.2013 02:04    C:\windows\system32\nvshext.dll --------- 63776 
 10.02.2013 02:04    C:\windows\system32\nvmctray.dll --------- 237856 
 30.01.2013 11:53    C:\windows\system32\MpSigStub.exe --------- 273840 
 09.01.2013 00:08    C:\windows\system32\de-DE --------- 262144 
 08.01.2013 06:40    C:\windows\system32\mshtmled.dll --------- 97792 
 05.01.2013 06:53    C:\windows\system32\ntoskrnl.exe --------- 5553512 
 04.01.2013 06:46    C:\windows\system32\winsrv.dll --------- 215040 
 04.01.2013 04:26    C:\windows\system32\win32k.sys --------- 3153408 
 20.12.2012 14:59    C:\windows\system32\wininet.dll --------- 1188864 
 20.12.2012 14:59    C:\windows\system32\urlmon.dll --------- 1492992 
 20.12.2012 14:59    C:\windows\system32\url.dll --------- 134144 
 20.12.2012 14:56    C:\windows\system32\mshtml.dll --------- 9058304 
 20.12.2012 14:56    C:\windows\system32\msfeeds.dll --------- 735744 
 20.12.2012 14:55    C:\windows\system32\jsproxy.dll --------- 64512 
 20.12.2012 14:55    C:\windows\system32\ieui.dll --------- 247808 
 20.12.2012 14:55    C:\windows\system32\iertutil.dll --------- 2458112 
 20.12.2012 14:55    C:\windows\system32\ieframe.dll --------- 12295168 
 20.12.2012 13:02    C:\windows\system32\mshtml.tlb --------- 1638912 
 19.12.2012 06:42    C:\windows\system32\nvhdap64.dll --------- 31672 
 18.12.2012 09:31    C:\windows\system32\nvhdagenco6420103.dll --------- 1510328 
 16.12.2012 18:11    C:\windows\system32\atmlib.dll --------- 46080 
 16.12.2012 15:45    C:\windows\system32\atmfd.dll --------- 367616 
 07.12.2012 14:20    C:\windows\system32\Wpc.dll --------- 441856 
 07.12.2012 14:15    C:\windows\system32\gameux.dll --------- 2746368 
 07.12.2012 12:20    C:\windows\system32\usk.rs --------- 30720 
 07.12.2012 12:20    C:\windows\system32\csrr.rs --------- 43520 
 07.12.2012 12:20    C:\windows\system32\oflc.rs --------- 23552 
 07.12.2012 12:20    C:\windows\system32\oflc-nz.rs --------- 45568 
 07.12.2012 12:20    C:\windows\system32\pegi-fi.rs --------- 20480 
 07.12.2012 12:20    C:\windows\system32\pegibbfc.rs --------- 44544 
 07.12.2012 12:20    C:\windows\system32\pegi-pt.rs --------- 20480 
 07.12.2012 12:19    C:\windows\system32\pegi.rs --------- 20480 
 07.12.2012 12:19    C:\windows\system32\fpb.rs --------- 46592 
 07.12.2012 12:19    C:\windows\system32\djctq.rs --------- 15360 
 07.12.2012 12:19    C:\windows\system32\grb.rs --------- 21504 
 07.12.2012 12:19    C:\windows\system32\cob-au.rs --------- 40960 
 07.12.2012 12:19    C:\windows\system32\cero.rs --------- 55296 
 07.12.2012 12:19    C:\windows\system32\esrb.rs --------- 51712 
 30.11.2012 06:45    C:\windows\system32\wow64win.dll --------- 362496 
 30.11.2012 06:45    C:\windows\system32\wow64cpu.dll --------- 13312 
 30.11.2012 06:45    C:\windows\system32\wow64.dll --------- 243200 
 30.11.2012 06:43    C:\windows\system32\ntvdm64.dll --------- 16384 
 30.11.2012 06:41    C:\windows\system32\KernelBase.dll --------- 424448 
 30.11.2012 06:41    C:\windows\system32\kernel32.dll --------- 1161216 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-security-base-l1-1-0.dll --------- 6144 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-util-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll --------- 4608 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll --------- 4096 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll --------- 4096 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-string-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll --------- 3584 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll --------- 4608 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll --------- 3584 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll --------- 3584 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll --------- 3584 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll --------- 3584 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll --------- 4096 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll --------- 4096 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll --------- 3584 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-io-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll --------- 3584 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-file-l1-1-0.dll --------- 5120 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll --------- 3072 
 30.11.2012 06:38    C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll --------- 3072 
----------------------------------------

 
C:\windows\Prefetch

 24.02.2013 12:28    C:\windows\Prefetch\CMD.EXE-0BD30981.pf --------- 7172 
 24.02.2013 12:27    C:\windows\Prefetch\CONHOST.EXE-0C6456FB.pf --------- 19700 
 24.02.2013 12:27    C:\windows\Prefetch\WINRAR.EXE-BA8CDB31.pf --------- 31858 
 24.02.2013 12:27    C:\windows\Prefetch\AVK.EXE-DB53F0E8.pf --------- 399878 
 24.02.2013 12:27    C:\windows\Prefetch\SEARCHFILTERHOST.EXE-44162447.pf --------- 20118 
 24.02.2013 12:27    C:\windows\Prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf --------- 46574 
 24.02.2013 12:27    C:\windows\Prefetch\FIREFOX.EXE-359C61A4.pf --------- 442576 
 24.02.2013 12:27    C:\windows\Prefetch\DLLHOST.EXE-E173F32A.pf --------- 135824 
 24.02.2013 12:27    C:\windows\Prefetch\THUNDERBIRD.EXE-69F6F4B4.pf --------- 149848 
 24.02.2013 12:27    C:\windows\Prefetch\PIDGIN.EXE-8C222CF4.pf --------- 227176 
 24.02.2013 12:25    C:\windows\Prefetch\FOOBAR2000.EXE-899D0564.pf --------- 102586 
 24.02.2013 12:25    C:\windows\Prefetch\TASKENG.EXE-35FA9C06.pf --------- 233388 
 24.02.2013 12:25    C:\windows\Prefetch\GOOGLEUPDATE.EXE-0E1E7B82.pf --------- 46810 
 24.02.2013 12:24    C:\windows\Prefetch\RUNDLL32.EXE-EB9F1AB4.pf --------- 194006 
 24.02.2013 12:24    C:\windows\Prefetch\WERMGR.EXE-F439C551.pf --------- 31630 
 24.02.2013 12:23    C:\windows\Prefetch\DLLHOST.EXE-1B239C31.pf --------- 22918 
 24.02.2013 12:23    C:\windows\Prefetch\AU_.EXE-933B346D.pf --------- 57452 
 24.02.2013 12:23    C:\windows\Prefetch\REGSVR32.EXE-B31EC963.pf --------- 23564 
 24.02.2013 12:23    C:\windows\Prefetch\DLLHOST.EXE-6FE41093.pf --------- 43244 
 24.02.2013 12:23    C:\windows\Prefetch\UNINSTALL.EXE-B3F0F389.pf --------- 25040 
 24.02.2013 12:23    C:\windows\Prefetch\DESKTOP.EXE-6503D411.pf --------- 77848 
 24.02.2013 12:22    C:\windows\Prefetch\EXINFO.EXE-203A584B.pf --------- 27898 
 24.02.2013 12:22    C:\windows\Prefetch\HJTSCANLIST.EXE-16EE552A.pf --------- 41734 
 24.02.2013 12:22    C:\windows\Prefetch\MISM.EXE-56B771DC.pf --------- 47736 
 24.02.2013 12:22    C:\windows\Prefetch\ISM.EXE-4A53D039.pf --------- 48150 
 24.02.2013 12:20    C:\windows\Prefetch\AUDIODG.EXE-AB22E9A6.pf --------- 88656 
 24.02.2013 12:20    C:\windows\Prefetch\FLASHPLAYERPLUGIN_11_5_502_14-9CE66719.pf --------- 42640 
 24.02.2013 12:20    C:\windows\Prefetch\PLUGIN-CONTAINER.EXE-6B605020.pf --------- 428938 
 24.02.2013 12:20    C:\windows\Prefetch\WMIPRVSE.EXE-E8B8DD29.pf --------- 102628 
 24.02.2013 12:20    C:\windows\Prefetch\NOTEPAD.EXE-032BB3D8.pf --------- 58190 
 24.02.2013 12:20    C:\windows\Prefetch\HIJACKTHIS204.EXE-3CC9FE52.pf --------- 39808 
 24.02.2013 12:20    C:\windows\Prefetch\TASKHOST.EXE-A0F5E092.pf --------- 1096374 
 24.02.2013 12:15    C:\windows\Prefetch\WMIADAP.EXE-BB21CD77.pf --------- 211378 
 24.02.2013 12:15    C:\windows\Prefetch\MBAM.EXE-493D9B94.pf --------- 108628 
 24.02.2013 12:14    C:\windows\Prefetch\REGSVR32.EXE-03D3FB87.pf --------- 25150 
 24.02.2013 12:14    C:\windows\Prefetch\WUAUCLT.EXE-5D573F0E.pf --------- 167208 
 24.02.2013 12:13    C:\windows\Prefetch\SPPSVC.EXE-96070FE0.pf --------- 31946 
 24.02.2013 12:13    C:\windows\Prefetch\DAEMONU.EXE-73AC4A81.pf --------- 45680 
 24.02.2013 12:13    C:\windows\Prefetch\MSCORSVW.EXE-16B291C4.pf --------- 204582 
 24.02.2013 12:13    C:\windows\Prefetch\MSCORSVW.EXE-8CE1A322.pf --------- 174582 
 24.02.2013 12:13    C:\windows\Prefetch\DLLHOST.EXE-F99091EF.pf --------- 69168 
 24.02.2013 12:13    C:\windows\Prefetch\DRSUPDATE.14956297_RUNASUSER.-600335B2.pf --------- 23408 
 24.02.2013 12:13    C:\windows\Prefetch\DBINSTALLER.EXE-E7FEEF0F.pf --------- 29238 
 24.02.2013 12:13    C:\windows\Prefetch\ReadyBoot --------- 4096 
 24.02.2013 12:12    C:\windows\Prefetch\CSC.EXE-0E09149C.pf --------- 41334 
 24.02.2013 12:12    C:\windows\Prefetch\CVTRES.EXE-F4BA0E72.pf --------- 14512 
 24.02.2013 12:12    C:\windows\Prefetch\SVCHOST.EXE-E52A3372.pf --------- 369656 
 24.02.2013 12:12    C:\windows\Prefetch\ICACLS.EXE-96ACDEBC.pf --------- 2214 
 24.02.2013 12:12    C:\windows\Prefetch\SEARCHINDEXER.EXE-1CF42BC6.pf --------- 100784 
 24.02.2013 12:12    C:\windows\Prefetch\RUNDLL32.EXE-F632BF02.pf --------- 14318 
 24.02.2013 12:12    C:\windows\Prefetch\NVTRAY.EXE-39D19720.pf --------- 34786 
 24.02.2013 12:12    C:\windows\Prefetch\SEARCHANONYMIZER.EXE-9EFE71C4.pf --------- 86884 
 24.02.2013 12:12    C:\windows\Prefetch\CMD.EXE-6D6290C5.pf --------- 14688 
 24.02.2013 12:12    C:\windows\Prefetch\RAVCPL64.EXE-4BB80510.pf --------- 13592 
 24.02.2013 05:34    C:\windows\Prefetch\AgGlFgAppHistory.db --------- 2096274 
 24.02.2013 05:34    C:\windows\Prefetch\AgGlFaultHistory.db --------- 722350 
 24.02.2013 05:34    C:\windows\Prefetch\AgGlGlobalHistory.db --------- 4351914 
 24.02.2013 05:34    C:\windows\Prefetch\AgRobust.db --------- 611056 
 24.02.2013 05:34    C:\windows\Prefetch\PfSvPerfStats.bin --------- 584 
 24.02.2013 05:33    C:\windows\Prefetch\SVCHOST.EXE-EBB13DE6.pf --------- 15376 
 24.02.2013 05:33    C:\windows\Prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf --------- 30314 
 24.02.2013 05:33    C:\windows\Prefetch\SVCHOST.EXE-BFD62F9A.pf --------- 16884 
 24.02.2013 05:33    C:\windows\Prefetch\SVCHOST.EXE-7AB41905.pf --------- 17322 
 24.02.2013 05:33    C:\windows\Prefetch\SVCHOST.EXE-282D6A34.pf --------- 19218 
 24.02.2013 05:33    C:\windows\Prefetch\SVCHOST.EXE-C02BA069.pf --------- 58574 
 24.02.2013 05:30    C:\windows\Prefetch\POQEXEC.EXE-567EE1A6.pf --------- 26004 
 24.02.2013 05:30    C:\windows\Prefetch\LOGONUI.EXE-F639BD7E.pf --------- 51776 
 24.02.2013 04:58    C:\windows\Prefetch\AgGlUAD_P_S-1-5-21-3322448490-314981258-3538992574-1001.db --------- 1031332 
 24.02.2013 04:58    C:\windows\Prefetch\AgGlUAD_S-1-5-21-3322448490-314981258-3538992574-1001.db --------- 1541526 
 24.02.2013 04:46    C:\windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-0129C0B2.pf --------- 24738 
 24.02.2013 04:16    C:\windows\Prefetch\Layout.ini --------- 882522 
 24.02.2013 02:53    C:\windows\Prefetch\SVCHOST.EXE-6D6FB3A1.pf --------- 603948 
 24.02.2013 02:46    C:\windows\Prefetch\MSIEXEC.EXE-CDBFC0F7.pf --------- 567482 
 24.02.2013 02:43    C:\windows\Prefetch\MSIEXEC.EXE-8FFB1633.pf --------- 440752 
 24.02.2013 01:57    C:\windows\Prefetch\WMPNSCFG.EXE-18FC9E64.pf --------- 51660 
 24.02.2013 01:39    C:\windows\Prefetch\NOTEPAD.EXE-C5670914.pf --------- 55464 
 23.02.2013 22:48    C:\windows\Prefetch\DRSUPDATE.13406784_RUNASUSER.-827DBA40.pf --------- 29422 
 22.02.2013 14:36    C:\windows\Prefetch\AgCx_SC4.db --------- 311071 
 10.11.2012 00:55    C:\windows\Prefetch\AgCx_SC2.db --------- 805029 
 14.08.2012 05:20    C:\windows\Prefetch\AgCx_SC1.db --------- 677092 
 14.08.2012 04:14    C:\windows\Prefetch\AgCx_SC1.db.trx --------- 178826 
 16.09.2011 16:25    C:\windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 533870 
 16.09.2011 16:25    C:\windows\Prefetch\AgAppLaunch.db --------- 334168 
----------------------------------------

 
C:\windows\Tasks

 24.02.2013 12:25    C:\windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1110 
 24.02.2013 12:11    C:\windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1106 
 24.02.2013 12:10    C:\windows\Tasks\SA.DAT --------- 6 
 24.02.2013 04:46    C:\windows\Tasks\Adobe Flash Player Updater.job --------- 884 
 21.12.2012 15:23    C:\windows\Tasks\SCHEDLGU.TXT --------- 32640 
----------------------------------------

 
C:\windows\Temp

 24.02.2013 12:27    C:\windows\Temp\_avast_ --------- 4096 
 24.02.2013 12:16    C:\windows\Temp\tmp000015bc --------- 0 
 24.02.2013 12:16    C:\windows\Temp\GDATA_Online_Update --------- 0 
 24.02.2013 12:11    C:\windows\Temp\lpksetup-20130224-121052-0.log --------- 3516 
 24.02.2013 05:32    C:\windows\Temp\lpksetup-20130224-053224-0.log --------- 3516 
 24.02.2013 01:56    C:\windows\Temp\lpksetup-20130224-015548-0.log --------- 3516 
 24.02.2013 01:40    C:\windows\Temp\lpksetup-20130224-014033-0.log --------- 3516 
 23.02.2013 23:39    C:\windows\Temp\MPTelemetrySubmit --------- 0 
 23.02.2013 23:31    C:\windows\Temp\MpCmdRun.log --------- 106098 
 23.02.2013 23:24    C:\windows\Temp\7668EFBA-83FC-436F-80DD-008A361A3B35-Sigs --------- 0 
 23.02.2013 23:24    C:\windows\Temp\MpSigStub.log --------- 27906 
 23.02.2013 22:59    C:\windows\Temp\lpksetup-20130223-225915-0.log --------- 3516 
 23.02.2013 22:46    C:\windows\Temp\lpksetup-20130223-224556-0.log --------- 3516 
 23.02.2013 17:33    C:\windows\Temp\lpksetup-20130223-173145-0.log --------- 3516 
 23.02.2013 13:40    C:\windows\Temp\lpksetup-20130223-133900-0.log --------- 3516 
 23.02.2013 04:00    C:\windows\Temp\lpksetup-20130223-035947-0.log --------- 3516 
 22.02.2013 22:47    C:\windows\Temp\HamachiSetup.log --------- 2383 
 22.02.2013 19:13    C:\windows\Temp\lpksetup-20130222-191334-0.log --------- 3516 
 22.02.2013 18:17    C:\windows\Temp\lpksetup-20130222-181609-0.log --------- 3516 
 22.02.2013 14:34    C:\windows\Temp\lpksetup-20130222-143402-0.log --------- 3516 
 21.02.2013 17:23    C:\windows\Temp\lpksetup-20130221-172340-0.log --------- 3516 
 20.02.2013 17:21    C:\windows\Temp\lpksetup-20130220-172052-0.log --------- 3516 
 19.02.2013 17:02    C:\windows\Temp\lpksetup-20130219-170202-0.log --------- 3516 
 18.02.2013 23:06    C:\windows\Temp\lpksetup-20130218-230621-0.log --------- 3516 
 18.02.2013 14:59    C:\windows\Temp\lpksetup-20130218-145943-0.log --------- 3516 
 17.02.2013 19:42    C:\windows\Temp\lpksetup-20130217-194233-0.log --------- 3516 
 17.02.2013 13:00    C:\windows\Temp\lpksetup-20130217-130035-0.log --------- 3516 
 16.02.2013 23:11    C:\windows\Temp\lpksetup-20130216-231126-0.log --------- 3516 
 16.02.2013 11:34    C:\windows\Temp\lpksetup-20130216-113347-0.log --------- 3516 
 15.02.2013 18:13    C:\windows\Temp\lpksetup-20130215-181323-0.log --------- 3516 
 15.02.2013 10:10    C:\windows\Temp\lpksetup-20130215-101012-0.log --------- 3516 
 14.02.2013 09:32    C:\windows\Temp\lpksetup-20130214-093224-0.log --------- 3516 
 14.02.2013 07:50    C:\windows\Temp\lpksetup-20130214-074921-0.log --------- 3516 
 13.02.2013 13:05    C:\windows\Temp\lpksetup-20130213-130518-0.log --------- 3516 
 12.02.2013 19:04    C:\windows\Temp\lpksetup-20130212-190435-0.log --------- 3516 
 12.02.2013 11:24    C:\windows\Temp\lpksetup-20130212-112403-0.log --------- 3516 
 12.02.2013 00:41    C:\windows\Temp\lpksetup-20130212-004117-0.log --------- 3516 
 11.02.2013 12:10    C:\windows\Temp\lpksetup-20130211-120943-0.log --------- 3516 
 10.02.2013 10:10    C:\windows\Temp\lpksetup-20130210-101036-0.log --------- 3516 
 09.02.2013 12:41    C:\windows\Temp\lpksetup-20130209-124121-0.log --------- 3516 
 08.02.2013 14:45    C:\windows\Temp\lpksetup-20130208-144416-0.log --------- 3516 
 07.02.2013 09:02    C:\windows\Temp\lpksetup-20130207-090136-0.log --------- 3516 
 07.02.2013 00:28    C:\windows\Temp\lpksetup-20130207-002815-0.log --------- 3516 
 06.02.2013 19:27    C:\windows\Temp\lpksetup-20130206-192721-0.log --------- 3516 
 06.02.2013 17:26    C:\windows\Temp\lpksetup-20130206-172630-0.log --------- 3516 
 06.02.2013 07:51    C:\windows\Temp\avk17D3.tmp --------- 0 
 06.02.2013 00:22    C:\windows\Temp\lpksetup-20130206-002211-0.log --------- 3516 
 06.02.2013 00:18    C:\windows\Temp\lpksetup-20130206-001740-0.log --------- 3516 
 06.02.2013 00:07    C:\windows\Temp\fwtsqmfile11.sqm --------- 608 
 05.02.2013 17:11    C:\windows\Temp\lpksetup-20130205-171134-0.log --------- 3516 
 04.02.2013 15:59    C:\windows\Temp\lpksetup-20130204-155919-0.log --------- 3516 
 03.02.2013 20:33    C:\windows\Temp\lpksetup-20130203-203334-0.log --------- 3516 
 03.02.2013 17:22    C:\windows\Temp\lpksetup-20130203-172112-0.log --------- 3516 
 03.02.2013 10:31    C:\windows\Temp\fwtsqmfile10.sqm --------- 608 
 03.02.2013 10:26    C:\windows\Temp\lpksetup-20130203-102614-0.log --------- 3516 
 02.02.2013 12:57    C:\windows\Temp\lpksetup-20130202-125549-0.log --------- 3508 
 02.02.2013 04:58    C:\windows\Temp\fwtsqmfile09.sqm --------- 608 
 02.02.2013 04:50    C:\windows\Temp\lpksetup-20130202-045008-0.log --------- 3516 
 02.02.2013 04:36    C:\windows\Temp\fwtsqmfile08.sqm --------- 608 
 01.02.2013 23:22    C:\windows\Temp\lpksetup-20130201-232131-0.log --------- 3516 
 01.02.2013 23:20    C:\windows\Temp\fwtsqmfile07.sqm --------- 608 
 01.02.2013 19:20    C:\windows\Temp\lpksetup-20130201-192036-0.log --------- 3516 
 01.02.2013 19:19    C:\windows\Temp\fwtsqmfile06.sqm --------- 608 
 01.02.2013 19:14    C:\windows\Temp\lpksetup-20130201-191339-0.log --------- 3516 
 01.02.2013 16:57    C:\windows\Temp\fwtsqmfile05.sqm --------- 608 
 01.02.2013 16:12    C:\windows\Temp\lpksetup-20130201-161217-0.log --------- 3516 
 31.01.2013 16:32    C:\windows\Temp\lpksetup-20130131-163219-0.log --------- 3516 
 31.01.2013 01:05    C:\windows\Temp\fwtsqmfile04.sqm --------- 608 
 30.01.2013 22:45    C:\windows\Temp\lpksetup-20130130-224447-0.log --------- 3516 
 29.01.2013 17:11    C:\windows\Temp\lpksetup-20130129-171119-0.log --------- 3516 
 29.01.2013 01:59    C:\windows\Temp\fwtsqmfile03.sqm --------- 608 
 29.01.2013 01:47    C:\windows\Temp\lpksetup-20130129-014738-0.log --------- 3516 
 28.01.2013 15:58    C:\windows\Temp\lpksetup-20130128-155806-0.log --------- 3516 
 28.01.2013 00:02    C:\windows\Temp\fwtsqmfile02.sqm --------- 608 
 27.01.2013 19:35    C:\windows\Temp\lpksetup-20130127-193522-0.log --------- 3516 
 27.01.2013 17:48    C:\windows\Temp\fwtsqmfile00.sqm --------- 608 
 27.01.2013 12:28    C:\windows\Temp\lpksetup-20130127-122729-0.log --------- 3516 
 27.01.2013 00:56    C:\windows\Temp\lpksetup-20130127-005508-0.log --------- 3516 
 27.01.2013 00:56    C:\windows\Temp\fwtsqmfile01.sqm --------- 608 
 26.01.2013 12:56    C:\windows\Temp\fwtsqmfile19.sqm --------- 608 
 26.01.2013 12:29    C:\windows\Temp\lpksetup-20130126-122916-0.log --------- 3516 
 26.01.2013 02:18    C:\windows\Temp\fwtsqmfile18.sqm --------- 608 
 26.01.2013 01:17    C:\windows\Temp\lpksetup-20130126-011722-0.log --------- 3516 
 25.01.2013 19:11    C:\windows\Temp\fwtsqmfile17.sqm --------- 608 
 25.01.2013 18:19    C:\windows\Temp\lpksetup-20130125-181847-0.log --------- 3516 
 25.01.2013 16:58    C:\windows\Temp\fwtsqmfile16.sqm --------- 608 
 25.01.2013 15:45    C:\windows\Temp\lpksetup-20130125-154451-0.log --------- 3516 
 24.01.2013 18:38    C:\windows\Temp\fwtsqmfile15.sqm --------- 608 
 24.01.2013 16:33    C:\windows\Temp\lpksetup-20130124-163327-0.log --------- 3516 
 23.01.2013 16:20    C:\windows\Temp\fwtsqmfile14.sqm --------- 608 
 23.01.2013 11:05    C:\windows\Temp\lpksetup-20130123-110421-0.log --------- 3516 
 23.01.2013 07:18    C:\windows\Temp\fwtsqmfile13.sqm --------- 608 
 23.01.2013 07:08    C:\windows\Temp\lpksetup-20130123-070827-0.log --------- 3516 
 22.01.2013 12:52    C:\windows\Temp\fwtsqmfile12.sqm --------- 608 
 22.01.2013 12:28    C:\windows\Temp\lpksetup-20130122-122821-0.log --------- 3516 
 22.01.2013 07:51    C:\windows\Temp\lpksetup-20130122-075121-0.log --------- 3516 
 21.01.2013 14:16    C:\windows\Temp\lpksetup-20130121-141542-0.log --------- 3508 
 20.01.2013 21:56    C:\windows\Temp\lpksetup-20130120-215505-0.log --------- 3516 
 20.01.2013 21:48    C:\windows\Temp\lpksetup-20130120-214746-0.log --------- 3516 
 20.01.2013 11:10    C:\windows\Temp\lpksetup-20130120-110924-0.log --------- 3516 
 19.01.2013 19:00    C:\windows\Temp\lpksetup-20130119-185950-0.log --------- 3516 
 19.01.2013 06:54    C:\windows\Temp\lpksetup-20130119-065410-0.log --------- 3516 
 18.01.2013 18:25    C:\windows\Temp\lpksetup-20130118-182429-0.log --------- 3516 
 17.01.2013 17:34    C:\windows\Temp\lpksetup-20130117-173416-0.log --------- 3516 
 16.01.2013 17:25    C:\windows\Temp\lpksetup-20130116-172458-0.log --------- 3516 
 15.01.2013 20:35    C:\windows\Temp\_avast5_ --------- 0 
 15.01.2013 20:35    C:\windows\Temp\lpksetup-20130115-203519-0.log --------- 3516 
 15.01.2013 17:32    C:\windows\Temp\lpksetup-20130115-173216-0.log --------- 3516 
----------------------------------------

 
C:\Users\tim_oO\AppData\Local\Temp

 24.02.2013 12:23    C:\Users\tim_oO\AppData\Local\Temp\~nsu.tmp --------- 0 
 24.02.2013 12:22    C:\Users\tim_oO\AppData\Local\Temp\acro_rd_dir --------- 4096 
 24.02.2013 12:22    C:\Users\tim_oO\AppData\Local\Temp\nspA46B.tmp --------- 4096 
 24.02.2013 12:22    C:\Users\tim_oO\AppData\Local\Temp\nspBE02.tmp --------- 0 
 24.02.2013 12:22    C:\Users\tim_oO\AppData\Local\Temp\ct2233703 --------- 0 
 24.02.2013 12:13    C:\Users\tim_oO\AppData\Local\Temp\izdd004o.1os --------- 9 
 24.02.2013 12:11    C:\Users\tim_oO\AppData\Local\Temp\WPDNSE --------- 0 
 24.02.2013 02:30    C:\Users\tim_oO\AppData\Local\Temp\KB2789642_20130224_022645521.html --------- 65210 
 24.02.2013 02:30    C:\Users\tim_oO\AppData\Local\Temp\KB2789642_20130224_022645521-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 30932976 
 24.02.2013 02:26    C:\Users\tim_oO\AppData\Local\Temp\KB2789642_10.0.30319 --------- 0 
 24.02.2013 02:26    C:\Users\tim_oO\AppData\Local\Temp\dd_clwireg.txt --------- 3017 
 24.02.2013 01:56    C:\Users\tim_oO\AppData\Local\Temp\teypaznk.qhv --------- 9 
 24.02.2013 01:40    C:\Users\tim_oO\AppData\Local\Temp\{19E8247B-C31B-4010-9B59-AF46CDF335C5} --------- 0 
 24.02.2013 00:04    C:\Users\tim_oO\AppData\Local\Temp\plugtmp-7 --------- 0 
 23.02.2013 23:40    C:\Users\tim_oO\AppData\Local\Temp\MpCmdRun.log --------- 1148 
 23.02.2013 23:24    C:\Users\tim_oO\AppData\Local\Temp\MPTelemetrySubmit --------- 0 
 23.02.2013 23:18    C:\Users\tim_oO\AppData\Local\Temp\msdtadmin --------- 0 
 23.02.2013 23:03    C:\Users\tim_oO\AppData\Local\Temp\GDATA_Online_Update --------- 0 
 23.02.2013 23:01    C:\Users\tim_oO\AppData\Local\Temp\441ibvsb.eti --------- 9 
 23.02.2013 22:46    C:\Users\tim_oO\AppData\Local\Temp\zthoreg0.ogn --------- 9 
 23.02.2013 22:33    C:\Users\tim_oO\AppData\Local\Temp\{9d3cb86d-0b1f-4b68-af5d-fbbf164324ee} --------- 0 
 23.02.2013 22:33    C:\Users\tim_oO\AppData\Local\Temp\{02478504-3a97-4d15-96c4-125f586ef3ae} --------- 0 
 23.02.2013 21:54    C:\Users\tim_oO\AppData\Local\Temp\plugtmp-6 --------- 0 
 23.02.2013 17:33    C:\Users\tim_oO\AppData\Local\Temp\bemtybw2.suy --------- 9 
 23.02.2013 13:40    C:\Users\tim_oO\AppData\Local\Temp\feoxf0tm.b15 --------- 9 
 23.02.2013 04:00    C:\Users\tim_oO\AppData\Local\Temp\zicydw4m.5gf --------- 9 
 22.02.2013 22:47    C:\Users\tim_oO\AppData\Local\Temp\HamachiSetup.log --------- 4212 
 22.02.2013 18:29    C:\Users\tim_oO\AppData\Local\Temp\WER5A30.tmp.resp.erc.xml --------- 0 
 22.02.2013 18:18    C:\Users\tim_oO\AppData\Local\Temp\wddpdkxz.bka --------- 9 
 22.02.2013 14:37    C:\Users\tim_oO\AppData\Local\Temp\zpz1lug4.fpx --------- 9 
 21.02.2013 17:26    C:\Users\tim_oO\AppData\Local\Temp\0ypgirvr.hjb --------- 9 
 20.02.2013 23:00    C:\Users\tim_oO\AppData\Local\Temp\plugtmp-5 --------- 0 
 20.02.2013 17:24    C:\Users\tim_oO\AppData\Local\Temp\eu1kodno.4uo --------- 9 
 19.02.2013 17:05    C:\Users\tim_oO\AppData\Local\Temp\1oq3xm2a.n0e --------- 9 
 18.02.2013 23:09    C:\Users\tim_oO\AppData\Local\Temp\12gpfppn.om0 --------- 9 
 18.02.2013 16:38    C:\Users\tim_oO\AppData\Local\Temp\nY990X+X.htm.part --------- 0 
 18.02.2013 15:02    C:\Users\tim_oO\AppData\Local\Temp\3x043h4d.k2f --------- 9 
 17.02.2013 19:45    C:\Users\tim_oO\AppData\Local\Temp\g3dw4f43.ksv --------- 9 
 17.02.2013 13:04    C:\Users\tim_oO\AppData\Local\Temp\x2tmy5bc.ixh --------- 9 
 16.02.2013 23:12    C:\Users\tim_oO\AppData\Local\Temp\mrwwd3hi.os1 --------- 9 
 16.02.2013 11:40    C:\Users\tim_oO\AppData\Local\Temp\vxtjffkg.pnk --------- 9 
 16.02.2013 01:22    C:\Users\tim_oO\AppData\Local\Temp\plugtmp-4 --------- 0 
 15.02.2013 18:22    C:\Users\tim_oO\AppData\Local\Temp\Blizzard --------- 0 
 15.02.2013 18:14    C:\Users\tim_oO\AppData\Local\Temp\2pw23m4o.idp --------- 9 
 15.02.2013 13:44    C:\Users\tim_oO\AppData\Local\Temp\hsperfdata_tim_oO --------- 0 
 15.02.2013 13:02    C:\Users\tim_oO\AppData\Local\Temp\plugtmp-3 --------- 0 
 14.02.2013 09:33    C:\Users\tim_oO\AppData\Local\Temp\irtwvbut.ukk --------- 9 
 12.02.2013 19:07    C:\Users\tim_oO\AppData\Local\Temp\0iel0xa4.0fo --------- 9 
 12.02.2013 11:26    C:\Users\tim_oO\AppData\Local\Temp\snrur0ys.10c --------- 9 
 12.02.2013 00:43    C:\Users\tim_oO\AppData\Local\Temp\ao3qcxll.egc --------- 9 
 11.02.2013 12:10    C:\Users\tim_oO\AppData\Local\Temp\bmxbeoly.k4d --------- 9 
 11.02.2013 01:56    C:\Users\tim_oO\AppData\Local\Temp\HouseCall --------- 0 
 11.02.2013 01:31    C:\Users\tim_oO\AppData\Local\Temp\HCLauncher.log --------- 6901 
 11.02.2013 01:31    C:\Users\tim_oO\AppData\Local\Temp\HCBackup --------- 0 
 10.02.2013 10:12    C:\Users\tim_oO\AppData\Local\Temp\ggwjmuez.daw --------- 9 
 09.02.2013 12:42    C:\Users\tim_oO\AppData\Local\Temp\3uwphvof.3j0 --------- 9 
 08.02.2013 14:45    C:\Users\tim_oO\AppData\Local\Temp\khzw2olk.uqp --------- 9 
 07.02.2013 09:02    C:\Users\tim_oO\AppData\Local\Temp\d0ecnplu.swh --------- 9 
 07.02.2013 00:31    C:\Users\tim_oO\AppData\Local\Temp\igfcdhur.s2t --------- 9 
 06.02.2013 19:29    C:\Users\tim_oO\AppData\Local\Temp\lxlxlabw.r3b --------- 9 
 06.02.2013 17:28    C:\Users\tim_oO\AppData\Local\Temp\nf3t03nr.bid --------- 9 
 06.02.2013 00:23    C:\Users\tim_oO\AppData\Local\Temp\AdobeARM.log --------- 34228 
 06.02.2013 00:19    C:\Users\tim_oO\AppData\Local\Temp\xgs1zn2m.20o --------- 9 
 05.02.2013 18:00    C:\Users\tim_oO\AppData\Local\Temp\MozillaMailnews --------- 0 
 05.02.2013 17:37    C:\Users\tim_oO\AppData\Local\Temp\ihp0l4gg.eq5 --------- 9 
 04.02.2013 16:02    C:\Users\tim_oO\AppData\Local\Temp\iuthg50a.hf2 --------- 9 
 03.02.2013 23:53    C:\Users\tim_oO\AppData\Local\Temp\plugtmp-2 --------- 0 
 03.02.2013 20:36    C:\Users\tim_oO\AppData\Local\Temp\0fgkwlsf.2zq --------- 9 
 03.02.2013 17:23    C:\Users\tim_oO\AppData\Local\Temp\qmq5uv1g.tq1 --------- 9 
 03.02.2013 10:27    C:\Users\tim_oO\AppData\Local\Temp\0vnqtzpo.1yn --------- 9 
 02.02.2013 12:57    C:\Users\tim_oO\AppData\Local\Temp\s3ncf4p5.ayw --------- 9 
 02.02.2013 04:51    C:\Users\tim_oO\AppData\Local\Temp\jtdkk5ul.uam --------- 9 
 01.02.2013 23:23    C:\Users\tim_oO\AppData\Local\Temp\jnbutcbo.llu --------- 9 
 01.02.2013 19:22    C:\Users\tim_oO\AppData\Local\Temp\vexdxkot.0e0 --------- 9 
 01.02.2013 16:14    C:\Users\tim_oO\AppData\Local\Temp\t4s5fjvg.exq --------- 9 
 31.01.2013 16:34    C:\Users\tim_oO\AppData\Local\Temp\zw0mgegr.wll --------- 9 
 30.01.2013 22:46    C:\Users\tim_oO\AppData\Local\Temp\rsfsch1t.fjq --------- 9 
 29.01.2013 17:15    C:\Users\tim_oO\AppData\Local\Temp\2k1pwf5n.vqe --------- 9 
 29.01.2013 01:50    C:\Users\tim_oO\AppData\Local\Temp\v2sfnpml.ky0 --------- 9 
 28.01.2013 16:07    C:\Users\tim_oO\AppData\Local\Temp\lxfjz421.tal --------- 9 
 27.01.2013 21:19    C:\Users\tim_oO\AppData\Local\Temp\jar_cache1708816180670125365.tmp --------- 0 
 27.01.2013 19:39    C:\Users\tim_oO\AppData\Local\Temp\mirorlhz.3j0 --------- 9 
 27.01.2013 15:11    C:\Users\tim_oO\AppData\Local\Temp\fontconfig --------- 0 
 27.01.2013 12:29    C:\Users\tim_oO\AppData\Local\Temp\gxczjw4a.40b --------- 9 
 27.01.2013 00:56    C:\Users\tim_oO\AppData\Local\Temp\bq4gdrum.bp4 --------- 9 
 26.01.2013 12:32    C:\Users\tim_oO\AppData\Local\Temp\ekqe0mm0.4p5 --------- 9 
 26.01.2013 01:24    C:\Users\tim_oO\AppData\Local\Temp\rhzrjvnv.su3 --------- 9 
 25.01.2013 18:21    C:\Users\tim_oO\AppData\Local\Temp\uvapbbwp.wiw --------- 9 
 25.01.2013 16:13    C:\Users\tim_oO\AppData\Local\Temp\GtKy22Uw.htm.part --------- 0 
 25.01.2013 16:11    C:\Users\tim_oO\AppData\Local\Temp\plugtmp-1 --------- 0 
 25.01.2013 15:47    C:\Users\tim_oO\AppData\Local\Temp\ww5s4ion.vks --------- 9 
 24.01.2013 19:33    C:\Users\tim_oO\AppData\Local\Temp\plugtmp --------- 0 
 24.01.2013 19:16    C:\Users\tim_oO\AppData\Local\Temp\f93wtg0z.mp3.part --------- 0 
 24.01.2013 16:34    C:\Users\tim_oO\AppData\Local\Temp\wuffrars.mgp --------- 9 
 23.01.2013 07:10    C:\Users\tim_oO\AppData\Local\Temp\ysirhvtp.v5n --------- 9 
 22.01.2013 15:22    C:\Users\tim_oO\AppData\Local\Temp\qtsingleapp-combli-839e-1-lockfile --------- 0 
 22.01.2013 07:52    C:\Users\tim_oO\AppData\Local\Temp\facbhuee.ck2 --------- 9 
 21.01.2013 14:19    C:\Users\tim_oO\AppData\Local\Temp\2jg1is2e.prq --------- 9 
 20.01.2013 21:56    C:\Users\tim_oO\AppData\Local\Temp\jn0c2svw.yu4 --------- 9 
 20.01.2013 21:50    C:\Users\tim_oO\AppData\Local\Temp\ai2hojq1.4nd --------- 9 
 20.01.2013 11:11    C:\Users\tim_oO\AppData\Local\Temp\nyegmbba.1td --------- 9 
 19.01.2013 19:01    C:\Users\tim_oO\AppData\Local\Temp\t1jn5d15.1cb --------- 9 
 19.01.2013 06:55    C:\Users\tim_oO\AppData\Local\Temp\d3f3jnig.mfr --------- 9 
 18.01.2013 18:26    C:\Users\tim_oO\AppData\Local\Temp\uf25yxkk.w2m --------- 9 
 17.01.2013 21:15    C:\Users\tim_oO\AppData\Local\Temp\BTN%Copy%1 --------- 0 
 17.01.2013 17:37    C:\Users\tim_oO\AppData\Local\Temp\cbvztqg2.dpn --------- 9 
 16.01.2013 22:58    C:\Users\tim_oO\AppData\Local\Temp\d444rpey.arf --------- 12554 
 16.01.2013 22:58    C:\Users\tim_oO\AppData\Local\Temp\qomszfid.ffe --------- 9 
 16.01.2013 22:57    C:\Users\tim_oO\AppData\Local\Temp\AdobeARM_NotLocked.log --------- 580 
 16.01.2013 22:54    C:\Users\tim_oO\AppData\Local\Temp\History --------- 0 
 16.01.2013 22:54    C:\Users\tim_oO\AppData\Local\Temp\Cookies --------- 0 
 16.01.2013 22:54    C:\Users\tim_oO\AppData\Local\Temp\Temporary Internet Files --------- 0 
 16.01.2013 22:54    C:\Users\tim_oO\AppData\Local\Temp\Adobe --------- 0 
 16.01.2013 17:32    C:\Users\tim_oO\AppData\Local\Temp\tbitso1e.2wc --------- 9 
 15.01.2013 20:36    C:\Users\tim_oO\AppData\Local\Temp\4avqxrpn.wbf --------- 9 
 15.01.2013 17:34    C:\Users\tim_oO\AppData\Local\Temp\xup14avh.g5j --------- 9 
 13.08.2012 18:50    C:\Users\tim_oO\AppData\Local\Temp\STP5715.csv --------- 2027 
 13.08.2012 18:50    C:\Users\tim_oO\AppData\Local\Temp\STP5715.tmp --------- 601224 
 08.05.2012 14:39    C:\Users\tim_oO\AppData\Local\Temp\3d0a1899-e862-43d1-b9db-9650cceb2a80 --------- 0 
 28.10.2011 14:13    C:\Users\tim_oO\AppData\Local\Temp\Low --------- 0 
 16.09.2011 16:39    C:\Users\tim_oO\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 
----------------------------------------

 
C:\Program Files

 24.02.2013 05:30    C:\Program Files\Internet Explorer --------- 4096 
 23.02.2013 22:55    C:\Program Files\NVIDIA Corporation --------- 4096 
 01.02.2013 23:19    C:\Program Files\7-Zip --------- 4096 
 26.12.2012 23:47    C:\Program Files\VstPlugins --------- 0 
 26.12.2012 23:47    C:\Program Files\Common Files --------- 4096 
 26.12.2012 23:47    C:\Program Files\MeldaProduction --------- 0 
 11.09.2012 20:14    C:\Program Files\Stellarium --------- 8192 
 11.09.2012 19:26    C:\Program Files\CCleaner --------- 4096 
 14.08.2012 18:16    C:\Program Files\StarWind Software --------- 0 
 09.05.2012 18:27    C:\Program Files\Windows Journal --------- 4096 
 08.05.2012 14:37    C:\Program Files\SteelSeries --------- 0 
 02.02.2012 21:40    C:\Program Files\WinRAR --------- 4096 
 18.01.2012 21:32    C:\Program Files\Windows Mail --------- 0 
 18.01.2012 21:32    C:\Program Files\Windows Sidebar --------- 4096 
 18.01.2012 21:32    C:\Program Files\DVD Maker --------- 0 
 18.01.2012 21:32    C:\Program Files\Windows Portable Devices --------- 0 
 18.01.2012 21:32    C:\Program Files\Windows Media Player --------- 4096 
 18.01.2012 21:32    C:\Program Files\Windows Photo Viewer --------- 0 
 18.01.2012 21:32    C:\Program Files\Windows Defender --------- 4096 
 18.01.2012 17:49    C:\Program Files\Java --------- 0 
 17.01.2012 20:49    C:\Program Files\Microsoft Office --------- 0 
 27.12.2011 15:54    C:\Program Files\Samsung --------- 0 
 24.09.2011 13:34    C:\Program Files\DIFX --------- 0 
 21.09.2011 22:30    C:\Program Files\GIMP-2.0 --------- 0 
 18.09.2011 20:46    C:\Program Files\Microsoft IntelliPoint --------- 12288 
 16.09.2011 16:29    C:\Program Files\WIDCOMM --------- 0 
 16.09.2011 16:27    C:\Program Files\Windows NT --------- 4096 
 16.09.2011 16:27    C:\Program Files\Gemeinsame Dateien --------- 0 
 15.12.2009 22:47    C:\Program Files\Microsoft Games --------- 4096 
 15.12.2009 08:22    C:\Program Files\Synaptics --------- 0 
 15.12.2009 08:19    C:\Program Files\Realtek --------- 0 
 14.07.2009 06:32    C:\Program Files\Reference Assemblies --------- 0 
 14.07.2009 06:32    C:\Program Files\MSBuild --------- 0 
 14.07.2009 06:09    C:\Program Files\Uninstall Information --------- 0 
 14.07.2009 05:54    C:\Program Files\desktop.ini --------- 174 
----------------------------------------

 
C:\ProgramData\..

UpdatusUser   
tim_oO   
Public   
Default   
Default User   
All Users   
desktop.ini   
----------------------------------------

 
C:\windows\system32\drivers\etc\hosts


----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            24 K
System                          4 Services                  0          304 K
smss.exe                      280 Services                  0        1.208 K
csrss.exe                      500 Services                  0        4.640 K
wininit.exe                    560 Services                  0        4.500 K
csrss.exe                      584 Console                    1        7.600 K
services.exe                  628 Services                  0        9.068 K
lsass.exe                      644 Services                  0        10.376 K
lsm.exe                        652 Services                  0        4.456 K
svchost.exe                    760 Services                  0        9.896 K
nvvsvc.exe                    820 Services                  0        7.080 K
winlogon.exe                  864 Console                    1        7.280 K
svchost.exe                    888 Services                  0        7.280 K
GDScan.exe                    972 Services                  0        36.712 K
AVKWCtlx64.exe                120 Services                  0        18.296 K
svchost.exe                    512 Services                  0        15.616 K
svchost.exe                    648 Services                  0      150.960 K
svchost.exe                    844 Services                  0        35.036 K
svchost.exe                  1084 Services                  0        5.208 K
svchost.exe                  1152 Services                  0        11.336 K
svchost.exe                  1224 Services                  0        16.876 K
nvxdsync.exe                  1412 Console                    1        17.212 K
nvvsvc.exe                    1420 Console                    1        12.152 K
spoolsv.exe                  1568 Services                  0        11.212 K
armsvc.exe                    1840 Services                  0        3.876 K
AVKProxy.exe                  1864 Services                  0        4.324 K
AVKService.exe                1892 Services                  0        3.124 K
btwdins.exe                  1920 Services                  0        5.680 K
svchost.exe                  1964 Services                  0        5.992 K
hamachi-2.exe                1532 Services                  0        9.324 K
mbamscheduler.exe              336 Services                  0        6.040 K
mbamservice.exe              2052 Services                  0      113.768 K
Rezip.exe                    2084 Services                  0        4.656 K
SearchAnonymizerHelper.ex    2184 Services                  0        15.572 K
AvkBap64.exe                  2380 Services                  0        37.216 K
taskhost.exe                  2468 Console                    1        7.888 K
mbamgui.exe                  2536 Console                    1        10.236 K
dwm.exe                      2872 Console                    1        38.368 K
StarRAMService.exe            2944 Services                  0        3.856 K
svchost.exe                  2104 Services                  0        5.556 K
taskeng.exe                  2660 Console                    1        6.564 K
APLanMgrC.exe                2444 Console                    1          528 K
explorer.exe                  2428 Console                    1        91.760 K
SSCKbdHk.exe                  2608 Console                    1        1.088 K
EasySpeedUpManager.exe        2024 Console                    1        1.092 K
dmhkcore.exe                  2556 Console                    1        1.892 K
WCScheduler.exe              3012 Console                    1        1.096 K
nvtray.exe                    2680 Console                    1        12.140 K
RAVCpl64.exe                  3620 Console                    1        10.336 K
SynTPEnh.exe                  3768 Console                    1        12.016 K
SynTPHelper.exe              3952 Console                    1        3.572 K
SteelSeriesEngine.exe        4024 Console                    1      110.484 K
SearchIndexer.exe            3764 Services                  0        90.060 K
AVKTray.exe                  3500 Console                    1        1.528 K
wmpnetwk.exe                  3400 Services                  0        10.792 K
svchost.exe                  3636 Services                  0        52.768 K
mscorsvw.exe                  4200 Services                  0        7.440 K
mscorsvw.exe                  4488 Services                  0        9.080 K
daemonu.exe                  4880 Services                  0        7.876 K
firefox.exe                  5076 Console                    1      297.512 K
plugin-container.exe          4864 Console                    1        12.768 K
FlashPlayerPlugin_11_5_50    2096 Console                    1        10.028 K
FlashPlayerPlugin_11_5_50    4408 Console                    1        18.184 K
audiodg.exe                  4724 Services                  0        31.284 K
taskeng.exe                  4264 Services                  0        5.264 K
foobar2000.exe                2060 Console                    1        29.944 K
pidgin.exe                    3488 Console                    1        30.216 K
SearchProtocolHost.exe        4924 Services                  0        9.356 K
SearchFilterHost.exe          3868 Services                  0        8.860 K
cmd.exe                        592 Console                    1        3.860 K
conhost.exe                  4116 Console                    1        5.828 K
dllhost.exe                  4788 Console                    1        5.980 K
tasklist.exe                  4616 Console                    1        5.772 K
WmiPrvSE.exe                  3572 Services                  0        6.328 K

 
***** Ende des Scans 24.02.2013 um 12:28:29,20 ***

Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
tim_oO :: TIM_OO-PC [Administrator]

Schutz: Aktiviert

23.02.2013 23:45:10
mbam-log-2013-02-23 (23-45-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 468052
Laufzeit: 1 Stunde(n), 27 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 16
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\tim_oO\Desktop\Programme\Cryptload\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\tim_oO\Downloads\HOMM2GOLD-dm.exe (Adware.TryMedia) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Games\Age of Empires 2\Tools\DirectDraw Patcher\w7ddpatcher.exe (HackTool.Patch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:12, on 24.02.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\Users\tim_oO\Desktop\Programme\Pc Cleaner\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKCU\..\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-3322448490-314981258-3538992574-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Rezip - Unknown owner - C:\Windows\SysWOW64\Rezip.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SearchAnonymizer - Unknown owner - C:\Users\tim_oO\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: StarRAM Service (StarRAMService) - StarWind Software - C:\Program Files\StarWind Software\RAM Disk\StarRAMService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10369 bytes

Code:
7-Zip 9.20 (x64 edition)        Igor Pavlov        01.02.2013        4,53MB        9.20.00.0
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        08.02.2013        6,00MB        11.5.502.149
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        08.02.2013        6,00MB        11.5.502.149
Adobe Reader X (10.1.5) - Deutsch        Adobe Systems Incorporated        16.01.2013        122MB        10.1.5
Age of Empires 2 & The Conquerors v1.1 Userpatch AiO version 0.2        line0        11.04.2012        696MB        0.2
Age of Empires II - the Conquerors WideScreen Patcher        Boekabart        11.04.2012        208KB        1.0.40
AIDA64 Extreme Edition v2.00        FinalWire Ltd.        12.11.2011        22,3MB        2.00
Anno 1701        Sunflowers        18.09.2011                1.00
ANNO 2070        Ubisoft        20.12.2011                1.0.0.0
AnyDVD        SlySoft        24.12.2011                6.8.9.0
AnyPC Client        Doctorsoft        15.12.2009                1.0.0.23
Atheros Client Installation Program        Atheros        15.12.2009                1.0.1.0805
BatteryLifeExtender        Samsung        15.12.2009        14,2MB        1.0.1
BrettspielWelt                26.10.2011               
CCleaner        Piriform        22.08.2012                3.22
Celestia 1.6.1        Shatters Software        02.02.2013        66,5MB       
ChargeableUSB        SAMSUNG        15.12.2009                1.0.0.0
CloneDVD2        Elaborate Bytes        24.12.2011                2.9.3.0
Compatibility Pack für 2007 Office System        Microsoft Corporation        08.01.2013        177MB        12.0.6612.1000
Counter-Strike        Valve        18.09.2011               
Diablo II        Blizzard Entertainment        18.09.2011               
Diablo III        Blizzard Entertainment        15.02.2013                1.0.7.14633
Easy Display Manager        Samsung Electronics Co., Ltd.        15.12.2009                3.0
Easy Network Manager        Samsung        15.12.2009        19,0MB        4.2.4
Easy SpeedUp Manager        Samsung Electronics Co.,Ltd.        15.12.2009                3.0.0.5
EasyBatteryManager        Samsung        15.12.2009                4.0.0.3
EVEREST Ultimate Edition v5.50        Lavalys, Inc.        28.05.2012                5.50
F.E.A.R. 3                18.09.2011               
foobar2000 v1.1.7        Peter Pawlowski        16.09.2011        7,85MB        1.1.7
G Data AntiVirus 2012        G Data Software AG        16.09.2011        73,7MB        22.0.0.0
GIMP 2.6.8                21.09.2011               
Google Earth Plug-in        Google        12.09.2012        48,7MB        6.2.2.6613
Grand Theft Auto Vice City                11.10.2011                1.00.000
Half-Life 2        Valve        15.01.2013               
Half-Life 2: Episode One        Valve        15.01.2013               
Half-Life 2: Episode Two        Valve        15.01.2013               
Heroes II Gold                14.02.2013               
Intel(R) Rapid Storage Technology        Intel Corporation        23.02.2013                9.5.4.1001
Intel(R) Turbo Boost Technology Driver        Intel Corporation        15.12.2009                01.00.01.1002
Java(TM) 6 Update 30        Sun Microsystems, Inc.        26.10.2011        94,9MB        6.0.300
Java(TM) 6 Update 30 (64-bit)        Oracle        18.01.2012        91,8MB        6.0.300
JDownloader 0.9        AppWork GmbH        19.12.2011                0.9
League of Legends        Riot Games        09.01.2012                1.02.0000
LogMeIn Hamachi        LogMeIn, Inc.        22.02.2013                2.1.0.294
Malwarebytes Anti-Malware Version 1.70.0.1100        Malwarebytes Corporation        23.02.2013        18,4MB        1.70.0.1100
Marvell Miniport Driver        Marvell        15.12.2009                11.22.3.3
McAfee Security Scan Plus        McAfee, Inc.        11.09.2012        10,2MB        3.0.207.4
MeldaProduction MFreeEffectsBundle64 7        MeldaProduction        26.12.2012               
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        18.09.2011        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        18.09.2011        2,93MB        4.0.30319
Microsoft IntelliPoint 8.2        Microsoft Corporation        18.09.2011                8.20.468.0
Microsoft Office Home and Student 2010        Microsoft Corporation        17.01.2012                14.0.6029.1000
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        23.09.2011        300KB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        18.09.2011        788KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        23.09.2011        788KB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        19.12.2011        240KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        16.09.2011        596KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        23.09.2011        600KB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        15.11.2012        13,8MB        10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        15.11.2012        15,0MB        10.0.40219
Microsoft Works        Microsoft Corporation        11.10.2012        878MB        9.7.0621
Mozilla Firefox 19.0 (x86 de)        Mozilla        20.02.2013        45,1MB        19.0
Mozilla Maintenance Service        Mozilla        20.02.2013        330KB        19.0
Mozilla Thunderbird 17.0.2 (x86 de)        Mozilla        10.01.2013        41,9MB        17.0.2
Mp3tag v2.49a        Florian Heidenreich        19.11.2011                v2.49a
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        25.09.2011        1,27MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.09.2011        1,33MB        4.20.9876.0
Nero BurningROM 12        Nero AG        03.11.2012        239MB        12.0.00300
Nokia Connectivity Cable Driver        Nokia        29.01.2012        3,94MB        7.1.69.0
Nokia Suite        Nokia        29.01.2012                3.3.86.0
NVIDIA Grafiktreiber 314.07        NVIDIA Corporation        23.02.2013                314.07
NVIDIA HD-Audiotreiber 1.3.23.1        NVIDIA Corporation        23.02.2013                1.3.23.1
NVIDIA PhysX-Systemsoftware 9.12.1031        NVIDIA Corporation        23.02.2013                9.12.1031
NVIDIA Update 1.12.12        NVIDIA Corporation        23.02.2013                1.12.12
Office 2010 Trial Extender        DiSTANTX        21.05.2012        834KB        1.0.0.4
PC Connectivity Solution        Nokia        29.01.2012        20,8MB        11.5.29.0
Pidgin                21.11.2012                2.10.6
Pidgin-Encryption Plugin (nur entfernen)                21.11.2012               
pidgin-otr 4.0.0-1        Cypherpunks CA        01.02.2013                4.0.0-1
PokerStars.eu        PokerStars.eu        05.12.2012               
Portal        Valve        15.01.2013               
Portal 2                13.05.2012               
Postal 2                16.06.2012               
Project64 1.6        Project64        18.09.2011        3,46MB        1.6
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        15.12.2009                6.0.1.5969
REALTEK Wireless LAN Software        REALTEK Semiconductor Corp.        15.12.2009                1.01.0088
Risen        Deep Silver        22.02.2012                1.00.0000
Samsung R-Series        Samsung        15.12.2009        24,2MB        1.0
Samsung Recovery Solution 4        Samsung        15.12.2009                4.0.0.41
Samsung Support Center        Samsung        15.12.2009        40,8MB        1.0.21
Samsung Update Plus        Samsung Electronics Co., Ltd.        15.12.2009                2.0
SearchAnonymizer                18.09.2011                1.0.1 (de)
Serious Sam 2                01.02.2013               
Skype™ 5.10        Skype Technologies S.A.        28.08.2012        19,3MB        5.10.116
SopCast 3.4.0        www.sopcast.com        18.10.2011                3.4.0
Source SDK Base 2007        Valve        10.10.2012               
StarCraft II        Blizzard Entertainment        01.02.2013                1.4.4.22418
StarWind RAM Disk (build 2010-03-10)        StarWind Software        14.08.2012               
Steam        Valve Corporation        16.09.2011        1,59MB        1.0.0.0
SteelSeries Engine        SteelSeries        08.05.2012                2.2.927.31327
Stellarium 0.11.4        Stellarium team        11.09.2012        91,2MB        0.11.4
Synaptics Pointing Device Driver        Synaptics Incorporated        15.12.2009                14.0.10.0
Team Fortress 2        Valve        15.01.2013               
teXXas        metaspinner media GmbH        16.09.2011                1
TmNationsForever        Nadeo        05.09.2012               
Ubisoft Game Launcher        UBISOFT        20.12.2011                1.0.0.0
Veetle TV        Veetle, Inc        18.10.2011                0.9.18
VirtualCloneDrive        Elaborate Bytes        16.09.2011               
VLC media player 2.0.3        VideoLAN        12.08.2012                2.0.3
vShare.tv plugin 1.3        vShare.tv, Inc.        20.09.2011                1.3
Wer wird Millionär        Eidos Interactive        24.06.2012        401MB        1.0.0.0000
WIDCOMM Bluetooth Software        Broadcom Corporation        12.01.2013        258MB        6.2.1.800
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)        Broadcom        16.09.2011                07/30/2009 6.2.0.9405
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)        Broadcom        16.09.2011                09/11/2009 6.2.0.9407
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)        Broadcom        16.09.2011                07/28/2009 6.2.0.9800
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)        Nokia        29.01.2012                08/22/2008 7.0.0.0
WinRAR 4.01 (64-Bit)        win.rar GmbH        16.09.2011                4.01.0
Xvid 1.1.3 final uninstall        Xvid team (Koepi)        03.03.2012                1.1
Zak McKracken - Between Time and Space                03.03.2012

markusg 24.02.2013 19:46
Hi
hijackthis will keiner mehr sehen, wird nämlich nicht mehr weiterentwickelt und sollte unter win7 gar nicht genutzt werden.
was heißt "son virus" wer hat wo was gefunden?

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

tempotimes 24.02.2013 21:47
Hi,


zunächst mal vielen Dank für die Antwort.

G-Data:
Code:
 
Pfad: C:\Users\tim_oO\AppData\Roaming\Thunderbird\Profiles\2zduw2d0.default\ImapMail\imap.web.de
    Status: Virus gefunden
    Virus: PDF:Exploit.JS.CM (Engine A)

Objekt: avk17D3.tmp
    Pfad: C:\windows\Temp
    Status: Virus entfernt
    Virus: Trojan.Generic.8052410 (Engine A)

Datei: C:\Users\tim_oO\AppData\Local\Temp\cxhyr.exe
Virus: Gen:Heur.PIF.6 (Engine A)

Datei: C:\Users\tim_oO\AppData\Local\Temp\cxhyr.exe
Virus: DeepScan:Generic.FakeAv.5.EBBCEDBF (Engine A)

Beim Schließen der Datei "D:\Games\Steam\steamapps\giantdk\counter-strike\cstrike\motd_temp.html" wurde der Virus "HTML:Iframe-inf (Engine B)" entdeckt. Zugriff verweigert.

Datei: C:\$Recycle.Bin\S-1-5-21-3322448490-314981258-3538992574-1001\$83990150359794c1504d02c803aa139f\U\800000cb.@
Virus: Trojan.Sirefef.ML (Engine A)

Datei: C:\Users\tim_oO\AppData\Local\Temp\24962250.bat
Virus: Trojan.BAT.AAGK (Engine A

Beim Schließen der Datei "C:\Users\tim_oO\AppData\Local\Temp\HouseCall\VS5F8F50.022" wurde der Virus "Gen:Variant.Symmi.9112 (Engine A)" entdeckt. Zugriff verweigert.

Beim Schließen der Datei "C:\$Recycle.Bin\S-1-5-21-3322448490-314981258-3538992574-1001\$83990150359794c1504d02c803aa139f\U\80000000.@" wurde der Virus "Trojan.Generic.8052410 (Engine A)" entdeckt. Zugriff verweigert.

Beim Schließen der Datei "C:\Users\tim_oO\AppData\Local\Temp\HouseCall\VS5F8F50.043" wurde der Virus "Trojan.Generic.KDV.832329 (Engine A)" entdeckt. Zugriff verweigert.

Datei: C:\Users\tim_oO\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\4d831927-6e65d920
Virus: Java:Agent-COW [Expl] (Engine B)
Code:
*** Prozess ***

Prozess: 6004
Dateiname: mor.exe
Pfad: c:\users\tim_oo\appdata\local\temp\mor.exe

Herausgeber: Unbekannter Herausgeber
Erstelldatum: 02/05/13 23:06:58
Änderungsdatum: 02/05/13 23:06:58

Gestartet von: java.exe
Herausgeber: Sun Microsystems, Inc.


*** Aktionen ***

Das Programm versucht zu erreichen, dass ein Programm beim Systemstart automatisch gestartet wird.
Das Programm stellt eine Verbindung über ein Netzwerk her.
Das Programm hat eine ausführbare Datei angelegt oder manipuliert.
Das Programm hat eine Kopie von sich selbst angelegt.
Eine ausführbare Datei wurde an einem verdächtigen Ort gespeichert.
Ein Autostart Eintrag verweist auf einen verdächtigen Ort.


*** Quarantäne ***

Folgende Dateien wurden in Quarantäne verschoben:
C:\Users\tim_oO\AppData\Local\Temp\24959551.exe
C:\Users\tim_oO\AppData\Local\Temp\24962031.exe
C:\Users\tim_oO\AppData\Local\Temp\24962250.bat
C:\Users\tim_oO\AppData\Local\Temp\mor.exe
C:\Users\tim_oO\lovikzakvuci.exe

Folgende Registry Einträge wurden gelöscht:

\REGISTRY\USER\S-1-5-21-3322448490-314981258-3538992574-1001\Software\Microsoft\Windows\CurrentVersion\Run || lovikzakvuci

YGLxn+IHJyf3cpJycgwoJ9dygnJyCyknaCYnlyonzKBygiknLie3wHJyYmJyctByonKScnLgcvIpJ5xykganQicrdHJCJwq3crJycnKigCwnKycnJwrocnJiYnJykCsW/ynokC0nB+lykmJicpKgLCcpJiYnCdpyci8nKSfHsCknKiYmJwrbcoJygmJiwConKSYmJwn8cpJygnJy0CYnKScpJgbPcnJiYnJycKdycnCocnJiYnJycLhyknKSYmJwyHJyYmJycnDocnJiYnJycOlygmJicoJw+XKCYmJygnB6coJwupLBWWOmwsKRNWYqJxmcNWYqC6cuJysmJicLty8nKCYmJwjHKCcpJykmBgA
Version der Regeln: 3.1.15
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 64bit OS
BB Revision: 28249

C:\Users\tim_oO\AppData\Local\Temp\mor.exe
"C:\Program Files (x86)\Java\jre6\bin\java.exe" -D__jvm_launched=24936828903 "-Xbootclasspath/a:C:\\PROGRA~2\\Java\\jre6\\lib\\deploy.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\javaws.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\plugin.jar" "-Djava.class.path=C:\\PROGRA~2\\Java\\jre6\\classes" -Dsun.awt.warmup=true "-Dsun.plugin2.jvm.args=-D__jvm_launched=24936828903 \"-Xbootclasspath/a:C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\deploy.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\javaws.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\plugin.jar\" \"-Djava.class.path=C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\classes\" -Dsun.awt.warmup=true --- --" sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid5028_pipe2,read_pipe_name=jpi2_pid5028_pipe1
OTL Logfile:
Code:
OTL logfile created on: 2/24/2013 8:58:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\tim_oO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 64.07% Memory free
7.71 Gb Paging File | 5.89 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98.78 Gb Total Space | 36.96 Gb Free Space | 37.41% Space Free | Partition Type: NTFS
Drive D: | 300.29 Gb Total Space | 89.68 Gb Free Space | 29.86% Space Free | Partition Type: NTFS
Drive F: | 182.00 Gb Total Space | 52.36 Gb Free Space | 28.77% Space Free | Partition Type: NTFS
 
Computer Name: TIM_OO-PC | User Name: tim_oO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/24 20:54:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tim_oO\Desktop\OTL.exe
PRC - [2013/02/10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012/11/29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
PRC - [2012/03/29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2009/11/04 05:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 12:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/20 10:13:00 | 000,079,360 | ---- | M] (DoctorSoft) -- C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe
PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 02:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/02/19 17:47:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/08 15:47:35 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012/11/29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012/11/29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/09/18 20:16:08 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\tim_oO\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011/06/17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/29 14:18:50 | 000,094,720 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\StarWind Software\RAM Disk\StarRAMService.exe -- (StarRAMService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/10/02 18:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/12 14:32:52 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013/01/12 14:32:51 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013/01/12 14:32:25 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013/01/12 14:32:25 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013/01/12 14:32:25 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012/12/19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/23 16:40:42 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012/08/28 03:00:32 | 000,112,640 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:64bit: - [2012/08/28 03:00:26 | 000,034,560 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/22 17:53:21 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR250.SYS -- (SMR250)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 21:09:56 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/02/22 21:09:52 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/12/13 03:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/12/04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/09/16 18:03:35 | 000,031,608 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/03/29 14:20:10 | 000,065,368 | ---- | M] (StarWind Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\StarRAM.sys -- (StarRAM)
DRV:64bit: - [2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/10 04:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/02 08:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/28 19:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/28 19:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 21:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011/12/04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{02BFE015-07A4-4687-909A-6EE9B5FC0442}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&k=0
IE - HKCU\..\SearchScopes\{1BF1A860-37CE-4EE7-B914-9C72BA51D79D}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{247BBEF0-9B17-41CE-ADF0-EBE921F37472}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D314937534D534E5F64654445343439&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&k=0
IE - HKCU\..\SearchScopes\{6C2D1982-5FBC-4D96-A5F3-8147C2AA512A}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{A07B6181-59BF-4CB3-B86D-16776628B5F9}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C162E0C4-337A-4790-93FD-DAFC61871FED}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:7.6.0.2
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..network.proxy.ftp: "176.31.111.181"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "176.31.111.181"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "176.31.111.181"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "176.31.111.181"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/01/29 14:59:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/19 17:47:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/19 17:47:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/09 18:56:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/01/29 14:59:32 | 000,000,000 | ---D | M]
 
[2011/09/17 01:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Extensions
[2013/02/24 12:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Firefox\Profiles\clbrt290.default\extensions
[2012/11/16 23:55:21 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Firefox\Profiles\clbrt290.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012/09/16 10:21:25 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Firefox\Profiles\clbrt290.default\extensions\ich@maltegoetz.de
[2012/07/05 15:54:08 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013/02/10 10:11:46 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\stealthyextension@gmail.com.xpi
[2013/01/30 22:46:20 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013/01/05 15:19:13 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/14 09:39:40 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/09/18 20:16:11 | 000,002,071 | ---- | M] () -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\searchplugins\{2967D1BD-ACCB-4C10-A2BB-A616EAA0FCC0}.xml
[2011/09/18 20:16:11 | 000,002,182 | ---- | M] () -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\searchplugins\{7D78468A-EB75-4471-BDE7-709B08A1152D}.xml
[2011/09/18 20:16:11 | 000,001,864 | ---- | M] () -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\searchplugins\{E168B10A-97BC-400A-B82A-3A0E2812B203}.xml
[2013/02/19 17:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/02/19 17:47:45 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2013/02/19 17:47:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2013/02/19 17:47:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012/06/10 13:09:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/29 23:38:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/10 13:09:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/10 13:09:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/10 13:09:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/10 13:09:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\tim_oO\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [SteelSeries Engine] C:\Programme\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3EDA5FB-2992-4B99-9B89-788630AD6D22}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF03C53C-6E49-4CC4-A855-9F9FFD0625AF}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\30937D~1.207\SSSCHE~1.EXE - (McAfee, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
MsConfig:64bit - StartUpReg: APLangApp - hkey= - key= - C:\Program Files (x86)\AnyPC Client\APLangApp.exe (DoctorSoft)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: mcagent_exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: MSC - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDVD8LanguageShortcut - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RemoteControl8 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RESTART_STICKY_NOTES - hkey= - key= - C:\Windows\SysNative\StikyNot.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/24 20:54:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tim_oO\Desktop\OTL.exe
[2013/02/24 12:53:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/24 12:27:38 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\Desktop\hjtscanlist
[2013/02/24 12:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\4shared Desktop
[2013/02/23 23:42:28 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Malwarebytes
[2013/02/23 23:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/23 23:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/23 23:42:15 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/02/23 23:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/23 23:42:06 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Local\Programs
[2013/02/23 22:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/02/23 22:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/02/22 22:47:31 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\hamachi.sys
[2013/02/22 22:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/02/22 22:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/02/22 22:47:08 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Local\LogMeIn Hamachi
[2013/02/19 17:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/14 20:00:33 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3DO
[2013/02/14 20:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
[2013/02/14 19:29:10 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/02/02 02:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celestia
[2013/02/02 02:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Celestia
[2013/02/01 23:46:10 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2 Patch 2.066.00
[2013/02/01 23:44:08 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll
[2013/02/01 23:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/01 23:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/02/01 22:56:54 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2013/02/01 22:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2013/02/01 22:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pidgin-otr
[2013/02/01 22:38:06 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
[2013/02/01 22:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/24 20:54:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tim_oO\Desktop\OTL.exe
[2013/02/24 20:46:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/02/24 20:25:00 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/24 19:10:51 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/24 19:10:51 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/24 19:04:28 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/24 19:02:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/24 19:02:50 | 3106,103,296 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/24 12:22:42 | 000,000,000 | ---- | M] () -- C:\END
[2013/02/24 12:16:29 | 000,992,122 | ---- | M] () -- C:\windows\SysWow64\sig.bin
[2013/02/24 12:16:29 | 000,052,387 | ---- | M] () -- C:\windows\SysWow64\nmp.map
[2013/02/24 05:32:07 | 000,389,920 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/02/24 02:28:35 | 001,520,734 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/02/24 02:28:35 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/02/24 02:28:35 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/02/24 02:28:35 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/02/24 02:28:35 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/02/23 23:40:29 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/02/23 23:13:04 | 000,002,539 | ---- | M] () -- C:\Users\tim_oO\Hkey.reg
[2013/02/17 01:06:49 | 022,553,929 | ---- | M] () -- C:\Users\tim_oO\Desktop\Rainbow Chicken dance (30 min loop) Longest on youtube! (at time of upload).M4A
[2013/02/14 14:21:05 | 249,837,325 | ---- | M] () -- C:\Users\tim_oO\Desktop\Live @ Beatgetrieben - SHUT UP AND DANCE!.mp3
[2013/02/11 00:57:07 | 000,124,201 | ---- | M] () -- C:\Users\tim_oO\AppData\Local\ars.cache
[2013/02/10 04:25:27 | 000,017,738 | ---- | M] () -- C:\windows\SysNative\nvinfo.pb
[2013/02/09 13:15:55 | 000,000,036 | ---- | M] () -- C:\Users\tim_oO\AppData\Local\housecall.guid.cache
[2013/02/01 23:44:08 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll
[2013/02/01 00:01:44 | 000,002,072 | ---- | M] () -- C:\Users\tim_oO\.recently-used.xbel
[2013/01/27 22:52:09 | 000,007,606 | ---- | M] () -- C:\Users\tim_oO\AppData\Local\Resmon.ResmonCfg
[2013/01/27 15:14:48 | 000,081,333 | ---- | M] () -- C:\Users\tim_oO\treib.jpg
 
========== Files Created - No Company Name ==========
 
[2013/02/24 12:22:42 | 000,000,000 | ---- | C] () -- C:\END
[2013/02/23 23:17:34 | 000,001,912 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/02/23 22:50:54 | 000,017,738 | ---- | C] () -- C:\windows\SysNative\nvinfo.pb
[2013/02/17 01:06:15 | 022,553,929 | ---- | C] () -- C:\Users\tim_oO\Desktop\Rainbow Chicken dance (30 min loop) Longest on youtube! (at time of upload).M4A
[2013/02/14 14:06:12 | 249,837,325 | ---- | C] () -- C:\Users\tim_oO\Desktop\Live @ Beatgetrieben - SHUT UP AND DANCE!.mp3
[2013/02/09 13:32:06 | 000,124,201 | ---- | C] () -- C:\Users\tim_oO\AppData\Local\ars.cache
[2013/02/09 13:15:55 | 000,000,036 | ---- | C] () -- C:\Users\tim_oO\AppData\Local\housecall.guid.cache
[2013/02/09 13:10:11 | 000,002,539 | ---- | C] () -- C:\Users\tim_oO\Hkey.reg
[2013/02/01 00:01:44 | 000,002,072 | ---- | C] () -- C:\Users\tim_oO\.recently-used.xbel
[2013/01/27 15:14:48 | 000,081,333 | ---- | C] () -- C:\Users\tim_oO\treib.jpg
[2013/01/01 19:18:02 | 000,104,440 | ---- | C] () -- C:\Users\tim_oO\268539_539437299401772_1724037471_n.jpg
[2012/12/20 23:07:27 | 000,036,058 | ---- | C] () -- C:\Users\tim_oO\281742_3948986651780_688252857_n.jpg
[2012/09/12 13:46:37 | 000,025,802 | ---- | C] () -- C:\Users\tim_oO\smiley.jpg
[2012/08/19 21:41:37 | 000,007,606 | ---- | C] () -- C:\Users\tim_oO\AppData\Local\Resmon.ResmonCfg
[2012/06/19 12:04:08 | 002,351,742 | ---- | C] () -- C:\Users\tim_oO\5851448161_8a81580842_o.jpg
[2012/04/11 19:48:06 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\iyvu9_32.dll
[2012/03/22 17:53:36 | 000,000,108 | ---- | C] () -- C:\Users\tim_oO\AppData\Roaming\SMRBackup250.dat
[2012/03/03 21:18:28 | 000,765,952 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012/03/03 21:18:28 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/12/25 13:55:37 | 000,000,133 | ---- | C] () -- C:\windows\VobEdit.INI
[2011/12/24 18:34:31 | 000,000,280 | ---- | C] () -- C:\windows\IfoEdit.INI
[2011/12/24 17:52:42 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/11/19 15:52:20 | 000,000,284 | ---- | C] () -- C:\Users\tim_oO\AppData\Roaming\groovedown.settings
[2011/11/19 15:52:20 | 000,000,000 | ---- | C] () -- C:\Users\tim_oO\AppData\Roaming\gd.db
[2011/09/22 22:50:44 | 000,029,100 | ---- | C] () -- C:\Users\tim_oO\de_Nordwest_Europa_900.html
[2011/09/16 18:10:38 | 000,992,122 | ---- | C] () -- C:\windows\SysWow64\sig.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3322448490-314981258-3538992574-1001\$83990150359794c1504d02c803aa139f\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/24 20:55:59 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\.purple
[2011/10/23 14:43:59 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\BOM
[2012/02/14 19:12:46 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\BSW
[2011/11/12 11:29:14 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\DesktopIconForAmazon
[2013/02/24 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\foobar2000
[2013/01/31 17:58:51 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\gtk-2.0
[2011/11/19 15:52:20 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\lang
[2012/12/26 23:48:14 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\MeldaProduction
[2013/01/25 16:25:40 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Mp3tag
[2012/01/29 15:00:42 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Nokia
[2011/09/18 20:16:08 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\OCS
[2011/09/18 20:16:11 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Opera
[2012/01/29 14:16:25 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\PC Suite
[2012/05/08 14:40:06 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\SteelSeries
[2012/09/12 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Stellarium
[2011/09/18 20:24:02 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Thunderbird
[2011/12/19 13:39:26 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011/09/27 14:20:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013/02/24 19:02:50 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/09/16 16:27:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013/02/14 19:29:17 | 000,000,000 | ---D | M] -- C:\Downloads
[2010/03/30 08:36:22 | 000,000,000 | -HSD | M] -- C:\found.000
[2009/12/15 08:17:00 | 000,000,000 | ---D | M] -- C:\Intel
[2012/01/17 20:48:51 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/12/20 14:10:06 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/02/23 23:40:26 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/02/24 12:54:15 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013/02/24 12:22:55 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/09/16 16:27:34 | 000,000,000 | -HSD | M] -- C:\Programme
[2011/09/16 16:27:34 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013/02/24 20:59:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/09/14 15:28:00 | 000,000,000 | ---D | M] -- C:\temp
[2013/02/23 22:55:15 | 000,000,000 | R--D | M] -- C:\Users
[2011/09/13 04:46:06 | 000,000,000 | ---D | M] -- C:\windiag
[2013/02/24 19:02:49 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010/11/20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,640 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/03/30 23:23:14 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2012/09/12 12:07:13 | 000,001,106 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/09/12 12:07:16 | 000,001,110 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/10/06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 07:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 07:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\windows\SysNative\drivers\iaStor.sys
[2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013/02/01 00:01:44 | 000,002,072 | ---- | M] () -- C:\Users\tim_oO\.recently-used.xbel
[2013/01/01 19:18:03 | 000,104,440 | ---- | M] () -- C:\Users\tim_oO\268539_539437299401772_1724037471_n.jpg
[2012/12/20 23:07:28 | 000,036,058 | ---- | M] () -- C:\Users\tim_oO\281742_3948986651780_688252857_n.jpg
[2012/06/19 12:04:10 | 002,351,742 | ---- | M] () -- C:\Users\tim_oO\5851448161_8a81580842_o.jpg
[2011/09/22 22:50:45 | 000,029,100 | ---- | M] () -- C:\Users\tim_oO\de_Nordwest_Europa_900.html
[2013/02/23 23:13:04 | 000,002,539 | ---- | M] () -- C:\Users\tim_oO\Hkey.reg
[2012/02/25 16:29:58 | 000,000,345 | ---- | M] () -- C:\Users\tim_oO\muziK.txt
[2013/02/09 02:47:10 | 000,000,168 | ---- | M] () -- C:\Users\tim_oO\Neues Textdokument.txt
[2013/02/22 16:03:40 | 000,001,268 | ---- | M] () -- C:\Users\tim_oO\Notizen.txt
[2013/02/24 21:10:05 | 002,097,152 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT
[2013/02/24 21:10:05 | 000,262,144 | -HS- | M] () -- C:\Users\tim_oO\ntuser.dat.LOG1
[2011/09/16 16:28:53 | 000,000,000 | -HS- | M] () -- C:\Users\tim_oO\ntuser.dat.LOG2
[2011/09/16 16:43:48 | 000,065,536 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/09/16 16:43:48 | 000,524,288 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/09/16 16:43:48 | 000,524,288 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/09/16 16:28:53 | 000,000,020 | -HS- | M] () -- C:\Users\tim_oO\ntuser.ini
[2012/12/10 17:31:15 | 000,000,192 | ---- | M] () -- C:\Users\tim_oO\ogame.txt
[2012/09/12 13:46:38 | 000,025,802 | ---- | M] () -- C:\Users\tim_oO\smiley.jpg
[2013/01/27 15:14:49 | 000,109,568 | -HS- | M] () -- C:\Users\tim_oO\Thumbs.db
[2013/01/27 15:14:48 | 000,081,333 | ---- | M] () -- C:\Users\tim_oO\treib.jpg
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 2/24/2013 8:58:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\tim_oO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 64.07% Memory free
7.71 Gb Paging File | 5.89 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98.78 Gb Total Space | 36.96 Gb Free Space | 37.41% Space Free | Partition Type: NTFS
Drive D: | 300.29 Gb Total Space | 89.68 Gb Free Space | 29.86% Space Free | Partition Type: NTFS
Drive F: | 182.00 Gb Total Space | 52.36 Gb Free Space | 28.77% Space Free | Partition Type: NTFS
 
Computer Name: TIM_OO-PC | User Name: tim_oO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"SearchAnonymizer" = SearchAnonymizer
"StarWind RAM Disk_is1" = StarWind RAM Disk (build 2010-03-10)
"SteelSeries Engine" = SteelSeries Engine
"Stellarium_is1" = Stellarium 0.11.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CEC2F82-AEB2-4C4B-B450-62C6CEF159FE}_is1" = Age of Empires 2 & The Conquerors v1.1 Userpatch AiO version 0.2
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1AD8819A-70E8-4380-92DA-F5B2421DAE35}" = G Data AntiVirus 2012
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1" = Office 2010 Trial Extender
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766FF098-68AB-48BE-BF41-05708D178198}" = Wer wird Millionär
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{BA2F3EBC-FE07-4AB5-B906-14DF2C74C523}" = Age of Empires II - the Conquerors WideScreen Patcher
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F3DCD04C-BE9C-408C-BC8C-B77AF972DBC2}" = teXXas
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.00
"AnyDVD" = AnyDVD
"BSW" = BrettspielWelt
"Celestia_is1" = Celestia 1.6.1
"CloneDVD2" = CloneDVD2
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"F.E.A.R. 3_is1" = F.E.A.R. 3
"foobar2000" = foobar2000 v1.1.7
"Heroes II Gold" = Heroes II Gold
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"MeldaProduction MFreeEffectsBundle64 7" = MeldaProduction MFreeEffectsBundle64 7
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"Nokia Suite" = Nokia Suite
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pidgin" = Pidgin
"pidgin-encryption" = Pidgin-Encryption Plugin (nur entfernen)
"pidgin-otr" = pidgin-otr 4.0.0-1
"PokerStars.eu" = PokerStars.eu
"Postal 2" = Postal 2
"Postal 2_is1" = Portal 2
"SeriousSam2" = Serious Sam 2
"SopCast" = SopCast 3.4.0
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"TmNationsForever_is1" = TmNationsForever
"Veetle TV" = Veetle TV
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.3
"vShare.tv plugin" = vShare.tv plugin 1.3
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/2/2012 3:15:27 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/2/2012 3:15:27 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 11:40:08 AM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 5:43:53 PM | Computer Name = tim_oO-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Diablo III.exe, Version: 1.0.6.13300,
 Zeitstempel: 0x50a45e28  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000222b2  ID des fehlerhaften
 Prozesses: 0x6fc  Startzeit der fehlerhaften Anwendung: 0x01cdd17678533bf9  Pfad der
 fehlerhaften Anwendung: D:\Games\Diablo III\Diablo III.exe  Pfad des fehlerhaften
 Moduls: C:\windows\SysWOW64\ntdll.dll  Berichtskennung: 87d6b93d-3d92-11e2-9cf6-b482fe9a12fa
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/3/2012 6:09:53 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/4/2012 12:22:10 PM | Computer Name = tim_oO-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 2/24/2013 7:10:55 AM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
Error - 2/24/2013 7:10:56 AM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 2/24/2013 7:12:21 AM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
Error - 2/24/2013 7:12:21 AM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%-2147024891
 
Error - 2/24/2013 2:03:10 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
Error - 2/24/2013 2:03:11 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/24/2013 2:03:11 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/24/2013 2:03:15 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 2/24/2013 2:05:21 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
Error - 2/24/2013 2:05:21 PM | Computer Name = tim_oO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%-2147024891
 
 
< End of report >
--- --- ---

markusg 25.02.2013 16:29
hi
wann war dieser Fund:
Datei: C:\$Recycle.Bin\S-1-5-21-3322448490-314981258-3538992574-1001\$83990150359794c1504d02c803aa139f\U\800000cb.@
Virus: Trojan.Sirefef.ML (Engine A)

tempotimes 25.02.2013 16:46
Hi,
der Fund war am 06.02. Wurde im Laufe des Tages mehrfach gemeldet. Generell waren viele Virenmeldungen doppelt und dreifach. Falls es hilfreich ist kann ich ja mal alle Meldungen teilen.

markusg 25.02.2013 19:01
Hi
nutzt du das Gerät für onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?

tempotimes 25.02.2013 19:05
Naja PayPal...

markusg 25.02.2013 19:09
Hi
paypal von nem andern pc aus passwort ändern.
du hast ein Rootkit auf dem PC.
The ZeroAccess rootkit | Naked Security

Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC
für zahlungsverkehr, verwendest
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.
Wenn es meiner währe,würd ich ihn neu machen.

tempotimes 25.02.2013 19:12
Okay, danke schon mal.
Ich würde es gerne erst mal mit einer Bereinigung versuchen, da ich momentan keine Möglichkeit habe Dateien zu sichern.

markusg 25.02.2013 19:41
aber dann solltest du vom den pc aus nie wieder paypal nutzen, dass sollte dir bewusst sein.
bzw nichts anderes sensibles mehr, also zb auch nicht einkaufen.

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

tempotimes 25.02.2013 19:47
Hat nichts gefunden.
Wollte mein Paypal-Passwort von nem anderen Rechner aus ändern, leider sind mir die genauen Schreibweisen der Sicherheitsfragen entfallen. Naja ich habs dann so weit getrieben, dass man sich nicht mehr einloggen kann und dem Support bescheid gegeben.

markusg 25.02.2013 19:49
wo ist das log?

tempotimes 25.02.2013 19:50
Komisch, erst nicht gefunden.

Code:
19:48:00.0675 4036  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:48:00.0835 4036  ============================================================
19:48:00.0835 4036  Current date / time: 2013/02/25 19:48:00.0835
19:48:00.0835 4036  SystemInfo:
19:48:00.0835 4036 
19:48:00.0835 4036  OS Version: 6.1.7601 ServicePack: 1.0
19:48:00.0835 4036  Product type: Workstation
19:48:00.0835 4036  ComputerName: TIM_OO-PC
19:48:00.0835 4036  UserName: tim_oO
19:48:00.0835 4036  Windows directory: C:\windows
19:48:00.0835 4036  System windows directory: C:\windows
19:48:00.0835 4036  Running under WOW64
19:48:00.0835 4036  Processor architecture: Intel x64
19:48:00.0835 4036  Number of processors: 4
19:48:00.0835 4036  Page size: 0x1000
19:48:00.0835 4036  Boot type: Normal boot
19:48:00.0835 4036  ============================================================
19:48:01.0135 4036  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:48:01.0145 4036  ============================================================
19:48:01.0145 4036  \Device\Harddisk0\DR0:
19:48:01.0145 4036  MBR partitions:
19:48:01.0145 4036  Initialize success
19:48:01.0145 4036  ============================================================
19:48:05.0305 3736  ============================================================
19:48:05.0305 3736  Scan started
19:48:05.0305 3736  Mode: Manual; SigCheck; TDLFS;
19:48:05.0305 3736  ============================================================
19:48:05.0315 3736  ================ Scan system memory ========================
19:48:05.0315 3736  System memory - ok
19:48:05.0315 3736  ================ Scan services =============================
19:48:05.0365 3736  1394ohci - ok
19:48:05.0385 3736  ACPI - ok
19:48:05.0385 3736  AcpiPmi - ok
19:48:05.0415 3736  AdobeARMservice - ok
19:48:05.0445 3736  AdobeFlashPlayerUpdateSvc - ok
19:48:05.0455 3736  adp94xx - ok
19:48:05.0455 3736  adpahci - ok
19:48:05.0465 3736  adpu320 - ok
19:48:05.0465 3736  AeLookupSvc - ok
19:48:05.0485 3736  AFD - ok
19:48:05.0485 3736  agp440 - ok
19:48:05.0495 3736  ALG - ok
19:48:05.0495 3736  aliide - ok
19:48:05.0495 3736  amdide - ok
19:48:05.0495 3736  AmdK8 - ok
19:48:05.0505 3736  AmdPPM - ok
19:48:05.0515 3736  amdsata - ok
19:48:05.0515 3736  amdsbs - ok
19:48:05.0515 3736  amdxata - ok
19:48:05.0555 3736  AnyDVD - ok
19:48:05.0565 3736  AppID - ok
19:48:05.0575 3736  AppIDSvc - ok
19:48:05.0575 3736  Appinfo - ok
19:48:05.0575 3736  arc - ok
19:48:05.0585 3736  arcsas - ok
19:48:05.0585 3736  AsyncMac - ok
19:48:05.0595 3736  atapi - ok
19:48:05.0605 3736  athr - ok
19:48:05.0625 3736  atksgt - ok
19:48:05.0625 3736  AudioEndpointBuilder - ok
19:48:05.0635 3736  AudioSrv - ok
19:48:05.0645 3736  AVKProxy - ok
19:48:05.0645 3736  AVKService - ok
19:48:05.0645 3736  AVKWCtl - ok
19:48:05.0665 3736  AxInstSV - ok
19:48:05.0665 3736  b06bdrv - ok
19:48:05.0675 3736  b57nd60a - ok
19:48:05.0675 3736  BDESVC - ok
19:48:05.0685 3736  Beep - ok
19:48:05.0685 3736  BITS - ok
19:48:05.0685 3736  blbdrive - ok
19:48:05.0695 3736  bowser - ok
19:48:05.0695 3736  BrFiltLo - ok
19:48:05.0705 3736  BrFiltUp - ok
19:48:05.0705 3736  Browser - ok
19:48:05.0705 3736  Brserid - ok
19:48:05.0715 3736  BrSerWdm - ok
19:48:05.0715 3736  BrUsbMdm - ok
19:48:05.0715 3736  BrUsbSer - ok
19:48:05.0735 3736  BthEnum - ok
19:48:05.0735 3736  BTHMODEM - ok
19:48:05.0755 3736  BthPan - ok
19:48:05.0755 3736  BTHPORT - ok
19:48:05.0755 3736  bthserv - ok
19:48:05.0765 3736  BTHUSB - ok
19:48:05.0765 3736  btusbflt - ok
19:48:05.0795 3736  btwaudio - ok
19:48:05.0805 3736  btwavdt - ok
19:48:05.0835 3736  btwdins - ok
19:48:05.0855 3736  btwl2cap - ok
19:48:05.0855 3736  btwrchid - ok
19:48:05.0865 3736  busenum - ok
19:48:05.0865 3736  cdfs - ok
19:48:05.0875 3736  cdrom - ok
19:48:05.0885 3736  CertPropSvc - ok
19:48:05.0895 3736  circlass - ok
19:48:05.0895 3736  CLFS - ok
19:48:05.0895 3736  clr_optimization_v2.0.50727_32 - ok
19:48:05.0905 3736  clr_optimization_v2.0.50727_64 - ok
19:48:05.0915 3736  clr_optimization_v4.0.30319_32 - ok
19:48:05.0915 3736  clr_optimization_v4.0.30319_64 - ok
19:48:05.0935 3736  CmBatt - ok
19:48:05.0935 3736  cmdide - ok
19:48:05.0935 3736  CNG - ok
19:48:05.0945 3736  Compbatt - ok
19:48:05.0955 3736  CompositeBus - ok
19:48:05.0955 3736  COMSysApp - ok
19:48:05.0965 3736  crcdisk - ok
19:48:05.0975 3736  CryptSvc - ok
19:48:05.0975 3736  DcomLaunch - ok
19:48:05.0985 3736  defragsvc - ok
19:48:05.0985 3736  DfsC - ok
19:48:05.0985 3736  Dhcp - ok
19:48:06.0005 3736  discache - ok
19:48:06.0005 3736  Disk - ok
19:48:06.0015 3736  Dnscache - ok
19:48:06.0015 3736  dot3svc - ok
19:48:06.0025 3736  DPS - ok
19:48:06.0025 3736  drmkaud - ok
19:48:06.0025 3736  DXGKrnl - ok
19:48:06.0035 3736  EapHost - ok
19:48:06.0045 3736  ebdrv - ok
19:48:06.0045 3736  EFS - ok
19:48:06.0045 3736  ehRecvr - ok
19:48:06.0055 3736  ehSched - ok
19:48:06.0055 3736  ElbyCDIO - ok
19:48:06.0065 3736  elxstor - ok
19:48:06.0065 3736  ErrDev - ok
19:48:06.0075 3736  EventSystem - ok
19:48:06.0075 3736  exfat - ok
19:48:06.0075 3736  fastfat - ok
19:48:06.0085 3736  Fax - ok
19:48:06.0085 3736  fdc - ok
19:48:06.0085 3736  fdPHost - ok
19:48:06.0095 3736  FDResPub - ok
19:48:06.0095 3736  FileInfo - ok
19:48:06.0095 3736  Filetrace - ok
19:48:06.0095 3736  flpydisk - ok
19:48:06.0105 3736  FltMgr - ok
19:48:06.0105 3736  FontCache - ok
19:48:06.0105 3736  FontCache3.0.0.0 - ok
19:48:06.0115 3736  FsDepends - ok
19:48:06.0115 3736  Fs_Rec - ok
19:48:06.0115 3736  fvevol - ok
19:48:06.0115 3736  gagp30kx - ok
19:48:06.0125 3736  GDBehave - ok
19:48:06.0135 3736  GDMnIcpt - ok
19:48:06.0145 3736  GdNetMon - ok
19:48:06.0145 3736  GDPkIcpt - ok
19:48:06.0155 3736  GDScan - ok
19:48:06.0165 3736  gdwfpcd - ok
19:48:06.0165 3736  gpsvc - ok
19:48:06.0175 3736  GRD - ok
19:48:06.0215 3736  gupdate - ok
19:48:06.0235 3736  gupdatem - ok
19:48:06.0245 3736  hamachi - ok
19:48:06.0265 3736  Hamachi2Svc - ok
19:48:06.0265 3736  hcw85cir - ok
19:48:06.0275 3736  HdAudAddService - ok
19:48:06.0295 3736  HDAudBus - ok
19:48:06.0295 3736  HidBatt - ok
19:48:06.0295 3736  HidBth - ok
19:48:06.0305 3736  HidIr - ok
19:48:06.0305 3736  hidserv - ok
19:48:06.0305 3736  HidUsb - ok
19:48:06.0315 3736  hkmsvc - ok
19:48:06.0315 3736  HomeGroupListener - ok
19:48:06.0315 3736  HomeGroupProvider - ok
19:48:06.0315 3736  HookCentre - ok
19:48:06.0325 3736  HpSAMD - ok
19:48:06.0325 3736  HTTP - ok
19:48:06.0325 3736  hwpolicy - ok
19:48:06.0335 3736  i8042prt - ok
19:48:06.0335 3736  iaStor - ok
19:48:06.0335 3736  iaStorV - ok
19:48:06.0335 3736  idsvc - ok
19:48:06.0345 3736  igfx - ok
19:48:06.0345 3736  iirsp - ok
19:48:06.0365 3736  IKEEXT - ok
19:48:06.0385 3736  Impcd - ok
19:48:06.0405 3736  IntcAzAudAddService - ok
19:48:06.0405 3736  intelide - ok
19:48:06.0405 3736  intelppm - ok
19:48:06.0405 3736  IPBusEnum - ok
19:48:06.0415 3736  IpFilterDriver - ok
19:48:06.0425 3736  IPMIDRV - ok
19:48:06.0425 3736  IPNAT - ok
19:48:06.0425 3736  IRENUM - ok
19:48:06.0435 3736  isapnp - ok
19:48:06.0435 3736  iScsiPrt - ok
19:48:06.0445 3736  kbdclass - ok
19:48:06.0445 3736  kbdhid - ok
19:48:06.0455 3736  KeyIso - ok
19:48:06.0455 3736  KSecDD - ok
19:48:06.0455 3736  KSecPkg - ok
19:48:06.0455 3736  ksthunk - ok
19:48:06.0465 3736  KtmRm - ok
19:48:06.0465 3736  LanmanServer - ok
19:48:06.0465 3736  LanmanWorkstation - ok
19:48:06.0485 3736  lirsgt - ok
19:48:06.0485 3736  lltdio - ok
19:48:06.0485 3736  lltdsvc - ok
19:48:06.0495 3736  lmhosts - ok
19:48:06.0495 3736  LSI_FC - ok
19:48:06.0495 3736  LSI_SAS - ok
19:48:06.0505 3736  LSI_SAS2 - ok
19:48:06.0505 3736  LSI_SCSI - ok
19:48:06.0505 3736  luafv - ok
19:48:06.0525 3736  MBAMProtector - ok
19:48:06.0535 3736  MBAMScheduler - ok
19:48:06.0545 3736  MBAMService - ok
19:48:06.0545 3736  Mcx2Svc - ok
19:48:06.0545 3736  megasas - ok
19:48:06.0555 3736  MegaSR - ok
19:48:06.0555 3736  MMCSS - ok
19:48:06.0555 3736  Modem - ok
19:48:06.0575 3736  monitor - ok
19:48:06.0575 3736  mouclass - ok
19:48:06.0585 3736  mouhid - ok
19:48:06.0585 3736  mountmgr - ok
19:48:06.0605 3736  MozillaMaintenance - ok
19:48:06.0605 3736  mpio - ok
19:48:06.0605 3736  mpsdrv - ok
19:48:06.0605 3736  MRxDAV - ok
19:48:06.0615 3736  mrxsmb - ok
19:48:06.0615 3736  mrxsmb10 - ok
19:48:06.0615 3736  mrxsmb20 - ok
19:48:06.0625 3736  msahci - ok
19:48:06.0625 3736  msdsm - ok
19:48:06.0625 3736  MSDTC - ok
19:48:06.0635 3736  Msfs - ok
19:48:06.0645 3736  mshidkmdf - ok
19:48:06.0645 3736  msisadrv - ok
19:48:06.0645 3736  MSiSCSI - ok
19:48:06.0655 3736  msiserver - ok
19:48:06.0655 3736  MSKSSRV - ok
19:48:06.0655 3736  MSPCLOCK - ok
19:48:06.0655 3736  MSPQM - ok
19:48:06.0665 3736  MsRPC - ok
19:48:06.0665 3736  mssmbios - ok
19:48:06.0665 3736  MSTEE - ok
19:48:06.0675 3736  MTConfig - ok
19:48:06.0675 3736  Mup - ok
19:48:06.0675 3736  napagent - ok
19:48:06.0705 3736  NativeWifiP - ok
19:48:06.0715 3736  NDIS - ok
19:48:06.0715 3736  NdisCap - ok
19:48:06.0725 3736  NdisTapi - ok
19:48:06.0725 3736  Ndisuio - ok
19:48:06.0725 3736  NdisWan - ok
19:48:06.0735 3736  NDProxy - ok
19:48:06.0745 3736  NetBIOS - ok
19:48:06.0755 3736  NetBT - ok
19:48:06.0755 3736  Netlogon - ok
19:48:06.0755 3736  Netman - ok
19:48:06.0765 3736  netprofm - ok
19:48:06.0765 3736  NetTcpPortSharing - ok
19:48:06.0775 3736  nfrd960 - ok
19:48:06.0785 3736  NlaSvc - ok
19:48:06.0795 3736  nmwcd - ok
19:48:06.0795 3736  nmwcdc - ok
19:48:06.0795 3736  Npfs - ok
19:48:06.0805 3736  nsi - ok
19:48:06.0805 3736  nsiproxy - ok
19:48:06.0805 3736  Ntfs - ok
19:48:06.0805 3736  Null - ok
19:48:06.0815 3736  NVHDA - ok
19:48:06.0835 3736  nvlddmkm - ok
19:48:06.0855 3736  nvraid - ok
19:48:06.0855 3736  nvstor - ok
19:48:06.0875 3736  nvsvc - ok
19:48:06.0885 3736  nvUpdatusService - ok
19:48:06.0885 3736  nv_agp - ok
19:48:06.0895 3736  ohci1394 - ok
19:48:06.0915 3736  ose - ok
19:48:06.0925 3736  osppsvc - ok
19:48:06.0935 3736  p2pimsvc - ok
19:48:06.0935 3736  p2psvc - ok
19:48:06.0935 3736  Parport - ok
19:48:06.0935 3736  partmgr - ok
19:48:06.0945 3736  PcaSvc - ok
19:48:06.0955 3736  pccsmcfd - ok
19:48:06.0965 3736  pci - ok
19:48:06.0965 3736  pciide - ok
19:48:06.0965 3736  pcmcia - ok
19:48:06.0965 3736  pcw - ok
19:48:06.0975 3736  PEAUTH - ok
19:48:06.0975 3736  PerfHost - ok
19:48:06.0985 3736  pla - ok
19:48:06.0995 3736  PlugPlay - ok
19:48:06.0995 3736  PNRPAutoReg - ok
19:48:06.0995 3736  PNRPsvc - ok
19:48:07.0005 3736  Point64 - ok
19:48:07.0005 3736  PolicyAgent - ok
19:48:07.0005 3736  Power - ok
19:48:07.0015 3736  PptpMiniport - ok
19:48:07.0015 3736  Processor - ok
19:48:07.0015 3736  ProfSvc - ok
19:48:07.0025 3736  ProtectedStorage - ok
19:48:07.0035 3736  Psched - ok
19:48:07.0045 3736  ql2300 - ok
19:48:07.0045 3736  ql40xx - ok
19:48:07.0045 3736  QWAVE - ok
19:48:07.0045 3736  QWAVEdrv - ok
19:48:07.0055 3736  RasAcd - ok
19:48:07.0055 3736  RasAgileVpn - ok
19:48:07.0055 3736  RasAuto - ok
19:48:07.0065 3736  Rasl2tp - ok
19:48:07.0065 3736  RasMan - ok
19:48:07.0065 3736  RasPppoe - ok
19:48:07.0065 3736  RasSstp - ok
19:48:07.0075 3736  rdbss - ok
19:48:07.0075 3736  rdpbus - ok
19:48:07.0075 3736  RDPCDD - ok
19:48:07.0085 3736  RDPENCDD - ok
19:48:07.0095 3736  RDPREFMP - ok
19:48:07.0105 3736  RdpVideoMiniport - ok
19:48:07.0105 3736  RDPWD - ok
19:48:07.0115 3736  rdyboost - ok
19:48:07.0115 3736  RemoteAccess - ok
19:48:07.0115 3736  RemoteRegistry - ok
19:48:07.0125 3736  Rezip - ok
19:48:07.0135 3736  RFCOMM - ok
19:48:07.0145 3736  RpcEptMapper - ok
19:48:07.0145 3736  RpcLocator - ok
19:48:07.0145 3736  RpcSs - ok
19:48:07.0155 3736  rspndr - ok
19:48:07.0155 3736  RTL8167 - ok
19:48:07.0155 3736  SABI - ok
19:48:07.0175 3736  SAlphamHid - ok
19:48:07.0175 3736  SamSs - ok
19:48:07.0175 3736  sbp2port - ok
19:48:07.0175 3736  SCardSvr - ok
19:48:07.0185 3736  scfilter - ok
19:48:07.0185 3736  Schedule - ok
19:48:07.0185 3736  SCPolicySvc - ok
19:48:07.0195 3736  SDRSVC - ok
19:48:07.0205 3736  SearchAnonymizer - ok
19:48:07.0205 3736  secdrv - ok
19:48:07.0205 3736  seclogon - ok
19:48:07.0215 3736  SENS - ok
19:48:07.0215 3736  SensrSvc - ok
19:48:07.0225 3736  Serenum - ok
19:48:07.0225 3736  Serial - ok
19:48:07.0235 3736  sermouse - ok
19:48:07.0235 3736  ServiceLayer - ok
19:48:07.0245 3736  SessionEnv - ok
19:48:07.0245 3736  sffdisk - ok
19:48:07.0245 3736  sffp_mmc - ok
19:48:07.0255 3736  sffp_sd - ok
19:48:07.0255 3736  sfloppy - ok
19:48:07.0255 3736  ShellHWDetection - ok
19:48:07.0265 3736  SiSRaid2 - ok
19:48:07.0265 3736  SiSRaid4 - ok
19:48:07.0275 3736  SkypeUpdate - ok
19:48:07.0285 3736  Smb - ok
19:48:07.0285 3736  SMR250 - ok
19:48:07.0295 3736  SNMPTRAP - ok
19:48:07.0295 3736  spldr - ok
19:48:07.0305 3736  Spooler - ok
19:48:07.0305 3736  sppsvc - ok
19:48:07.0305 3736  sppuinotify - ok
19:48:07.0305 3736  srv - ok
19:48:07.0315 3736  srv2 - ok
19:48:07.0315 3736  srvnet - ok
19:48:07.0325 3736  SSDPSRV - ok
19:48:07.0325 3736  SstpSvc - ok
19:48:07.0335 3736  StarRAM - ok
19:48:07.0345 3736  StarRAMService - ok
19:48:07.0365 3736  Steam Client Service - ok
19:48:07.0375 3736  stexstor - ok
19:48:07.0375 3736  stisvc - ok
19:48:07.0375 3736  swenum - ok
19:48:07.0385 3736  swprv - ok
19:48:07.0395 3736  SynTP - ok
19:48:07.0395 3736  SysMain - ok
19:48:07.0405 3736  TabletInputService - ok
19:48:07.0405 3736  TapiSrv - ok
19:48:07.0405 3736  TBS - ok
19:48:07.0415 3736  Tcpip - ok
19:48:07.0425 3736  TCPIP6 - ok
19:48:07.0425 3736  tcpipreg - ok
19:48:07.0435 3736  TDPIPE - ok
19:48:07.0435 3736  TDTCP - ok
19:48:07.0435 3736  tdx - ok
19:48:07.0445 3736  TermDD - ok
19:48:07.0445 3736  TermService - ok
19:48:07.0445 3736  Themes - ok
19:48:07.0445 3736  THREADORDER - ok
19:48:07.0455 3736  TrkWks - ok
19:48:07.0455 3736  TrustedInstaller - ok
19:48:07.0455 3736  tssecsrv - ok
19:48:07.0465 3736  TsUsbFlt - ok
19:48:07.0465 3736  tunnel - ok
19:48:07.0475 3736  uagp35 - ok
19:48:07.0475 3736  udfs - ok
19:48:07.0475 3736  UI0Detect - ok
19:48:07.0495 3736  uliagpkx - ok
19:48:07.0495 3736  umbus - ok
19:48:07.0505 3736  UmPass - ok
19:48:07.0505 3736  upnphost - ok
19:48:07.0505 3736  upperdev - ok
19:48:07.0505 3736  usbccgp - ok
19:48:07.0515 3736  usbcir - ok
19:48:07.0515 3736  usbehci - ok
19:48:07.0515 3736  usbhub - ok
19:48:07.0525 3736  usbohci - ok
19:48:07.0525 3736  usbprint - ok
19:48:07.0525 3736  usbser - ok
19:48:07.0535 3736  UsbserFilt - ok
19:48:07.0535 3736  USBSTOR - ok
19:48:07.0535 3736  usbuhci - ok
19:48:07.0555 3736  usbvideo - ok
19:48:07.0555 3736  UxSms - ok
19:48:07.0555 3736  VaultSvc - ok
19:48:07.0565 3736  VClone - ok
19:48:07.0565 3736  vdrvroot - ok
19:48:07.0565 3736  vds - ok
19:48:07.0575 3736  vga - ok
19:48:07.0575 3736  VgaSave - ok
19:48:07.0575 3736  vhdmp - ok
19:48:07.0575 3736  viaide - ok
19:48:07.0585 3736  volmgr - ok
19:48:07.0585 3736  volmgrx - ok
19:48:07.0585 3736  volsnap - ok
19:48:07.0595 3736  vsmraid - ok
19:48:07.0605 3736  VSS - ok
19:48:07.0605 3736  vwifibus - ok
19:48:07.0615 3736  vwififlt - ok
19:48:07.0635 3736  vwifimp - ok
19:48:07.0635 3736  W32Time - ok
19:48:07.0645 3736  WacomPen - ok
19:48:07.0645 3736  WANARP - ok
19:48:07.0645 3736  Wanarpv6 - ok
19:48:07.0655 3736  wbengine - ok
19:48:07.0655 3736  WbioSrvc - ok
19:48:07.0655 3736  wcncsvc - ok
19:48:07.0665 3736  WcsPlugInService - ok
19:48:07.0665 3736  Wd - ok
19:48:07.0665 3736  Wdf01000 - ok
19:48:07.0665 3736  WdiServiceHost - ok
19:48:07.0675 3736  WdiSystemHost - ok
19:48:07.0675 3736  WebClient - ok
19:48:07.0675 3736  Wecsvc - ok
19:48:07.0675 3736  wercplsupport - ok
19:48:07.0685 3736  WerSvc - ok
19:48:07.0685 3736  WfpLwf - ok
19:48:07.0695 3736  WIMMount - ok
19:48:07.0695 3736  WinHttpAutoProxySvc - ok
19:48:07.0695 3736  Winmgmt - ok
19:48:07.0705 3736  WinRM - ok
19:48:07.0725 3736  WinUsb - ok
19:48:07.0725 3736  Wlansvc - ok
19:48:07.0735 3736  WmiAcpi - ok
19:48:07.0735 3736  wmiApSrv - ok
19:48:07.0735 3736  WMPNetworkSvc - ok
19:48:07.0745 3736  WPCSvc - ok
19:48:07.0745 3736  WPDBusEnum - ok
19:48:07.0745 3736  ws2ifsl - ok
19:48:07.0765 3736  WSearch - ok
19:48:07.0765 3736  wuauserv - ok
19:48:07.0765 3736  WudfPf - ok
19:48:07.0775 3736  WUDFRd - ok
19:48:07.0775 3736  wudfsvc - ok
19:48:07.0775 3736  WwanSvc - ok
19:48:07.0795 3736  yukonw7 - ok
19:48:07.0825 3736  ================ Scan global ===============================
19:48:07.0825 3736  [Global] - ok
19:48:07.0825 3736  ================ Scan MBR ==================================
19:48:07.0835 3736  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
19:48:08.0195 3736  \Device\Harddisk0\DR0 - ok
19:48:08.0195 3736  ================ Scan VBR ==================================
19:48:08.0195 3736  ============================================================
19:48:08.0195 3736  Scan finished
19:48:08.0195 3736  ============================================================
19:48:08.0205 4356  Detected object count: 0
19:48:08.0205 4356  Actual detected object count: 0
19:48:14.0875 1564  Deinitialize success

markusg 25.02.2013 19:51
hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

tempotimes 25.02.2013 20:02
Mein Problem ist grad, dass sich G Data nicht ausschalten lässt. Wächter und automatische Virenprüfung sind eigentlich aus, trotzdem kommen ständig Meldungen von G Data. Per Taskmanager killen kann ich den Prozess auch nicht.

markusg 25.02.2013 20:07
dann lasse alles für combofix zu.
wo man die verhaltensanalyse in GDATA deaktiviert, weis ich nicht

tempotimes 25.02.2013 20:19
Hatte einen Haken übersehen.

Code:
ComboFix 13-02-24.01 - tim_oO 25.02.2013  20:04:39.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3950.2239 [GMT 1:00]
ausgeführt von:: c:\users\tim_oO\Desktop\ComboFix.exe
AV: G Data AntiVirus 2013 *Enabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data AntiVirus 2013 *Enabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\tim_oO\AppData\Local\Temp\3d0a1899-e862-43d1-b9db-9650cceb2a80\CliSecureRT64.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-25 bis 2013-02-25  ))))))))))))))))))))))))))))))
.
.
2013-02-24 11:22 . 2013-02-24 11:22        --------        d-----w-        c:\programdata\4shared Desktop
2013-02-24 01:21 . 2013-01-04 03:26        3153408        ----a-w-        c:\windows\system32\win32k.sys
2013-02-24 01:20 . 2013-01-04 05:46        215040        ----a-w-        c:\windows\system32\winsrv.dll
2013-02-24 01:20 . 2013-01-04 02:47        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2013-02-24 01:20 . 2013-01-04 02:47        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2013-02-24 01:20 . 2013-01-04 02:47        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2013-02-24 01:20 . 2013-01-04 04:51        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2013-02-24 01:20 . 2013-01-04 02:47        2048        ----a-w-        c:\windows\SysWow64\user.exe
2013-02-24 01:11 . 2012-12-26 04:49        760320        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 01:11 . 2012-12-26 05:47        1111040        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-23 22:42 . 2013-02-23 22:42        --------        d-----w-        c:\users\tim_oO\AppData\Roaming\Malwarebytes
2013-02-23 22:42 . 2013-02-23 22:42        --------        d-----w-        c:\programdata\Malwarebytes
2013-02-23 22:42 . 2013-02-23 22:42        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-23 22:42 . 2012-12-14 15:49        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-02-23 22:42 . 2013-02-23 22:42        --------        d-----w-        c:\users\tim_oO\AppData\Local\Programs
2013-02-23 21:58 . 2013-01-03 06:00        1913192        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-02-23 21:58 . 2013-01-03 06:00        288088        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-23 21:56 . 2013-02-23 21:56        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
2013-02-23 21:55 . 2013-02-23 21:55        --------        d-----w-        c:\users\UpdatusUser
2013-02-23 21:54 . 2013-02-10 01:04        6393120        ----a-w-        c:\windows\system32\nvcpl.dll
2013-02-23 21:54 . 2013-02-10 01:04        3472672        ----a-w-        c:\windows\system32\nvsvc64.dll
2013-02-23 21:54 . 2013-02-10 01:04        877856        ----a-w-        c:\windows\system32\nvvsvc.exe
2013-02-23 21:54 . 2013-02-10 01:04        63776        ----a-w-        c:\windows\system32\nvshext.dll
2013-02-23 21:54 . 2013-02-10 01:04        2555680        ----a-w-        c:\windows\system32\nvsvcr.dll
2013-02-23 21:54 . 2013-02-10 01:04        237856        ----a-w-        c:\windows\system32\nvmctray.dll
2013-02-23 21:52 . 2013-02-23 21:52        --------        d-----w-        c:\programdata\NVIDIA Corporation
2013-02-23 21:33 . 1994-09-20 23:00        12800        ----a-w-        c:\windows\system\Wing32.dll
2013-02-22 21:47 . 2009-03-18 15:35        33856        ---ha-w-        c:\windows\system32\hamachi.sys
2013-02-22 21:47 . 2013-02-22 21:47        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
2013-02-22 21:47 . 2013-02-23 21:42        --------        d-----w-        c:\users\tim_oO\AppData\Local\LogMeIn Hamachi
2013-02-14 19:00 . 1994-09-20 23:00        12800        ----a-w-        c:\windows\SysWow64\Wing32.dll
2013-02-14 18:29 . 2013-02-14 18:29        --------        d-----w-        C:\Downloads
2013-02-09 12:10 . 2013-02-23 22:13        2539        ----a-w-        c:\users\tim_oO\Hkey.reg
2013-02-02 01:30 . 2013-02-02 01:30        --------        d-----w-        c:\program files (x86)\Celestia
2013-02-01 22:44 . 2013-02-01 22:44        98304        ----a-w-        c:\windows\SysWow64\CmdLineExt.dll
2013-02-01 22:19 . 2013-02-01 22:19        --------        d-----w-        c:\program files\7-Zip
2013-02-01 21:56 . 2013-02-01 21:56        --------        d-----w-        c:\program files (x86)\pidgin-otr
2013-01-27 01:48 . 2013-01-08 05:32        9161176        ------w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{17D3144F-F1D5-4D45-9C3A-0B1032897D35}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-24 01:30 . 2011-09-16 16:31        70004024        ----a-w-        c:\windows\system32\MRT.exe
2013-02-08 14:47 . 2012-03-30 22:23        697712        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-08 14:47 . 2011-09-17 01:44        74096        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2011-09-20 14:50        273840        ------w-        c:\windows\system32\MpSigStub.exe
2013-01-12 13:32 . 2011-09-16 17:03        62368        ----a-w-        c:\windows\system32\drivers\PktIcpt.sys
2013-01-12 13:32 . 2011-09-16 17:03        64416        ----a-w-        c:\windows\system32\drivers\HookCentre.sys
2013-01-12 13:32 . 2011-09-16 17:03        65008        ----a-w-        c:\windows\system32\drivers\gdwfpcd64.sys
2013-01-12 13:32 . 2011-09-16 17:03        54176        ----a-w-        c:\windows\system32\drivers\GDBehave.sys
2013-01-12 13:32 . 2011-09-16 17:03        126880        ----a-w-        c:\windows\system32\drivers\MiniIcpt.sys
2013-01-10 13:35 . 2012-10-23 22:12        11240        ----a-w-        c:\windows\SysWow64\GdScrSv.de.dll
2013-01-04 04:43 . 2013-02-24 01:20        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-12-18 08:31 . 2012-09-14 14:27        1510328        ----a-w-        c:\windows\system32\nvhdagenco6420103.dll
2012-12-16 17:11 . 2012-12-24 13:00        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-24 13:00        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-24 13:00        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-24 13:00        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-10 23:34 . 2012-12-10 23:34        16504        ----a-w-        c:\windows\system32\drivers\GdPhyMem.sys
2012-12-07 13:20 . 2013-01-08 20:02        441856        ----a-w-        c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-08 20:02        2746368        ----a-w-        c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-08 20:02        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-08 20:02        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-08 20:02        30720        ----a-w-        c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-08 20:02        43520        ----a-w-        c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-08 20:02        23552        ----a-w-        c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-08 20:02        45568        ----a-w-        c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-08 20:02        44544        ----a-w-        c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-08 20:02        20480        ----a-w-        c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-08 20:02        20480        ----a-w-        c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-08 20:02        20480        ----a-w-        c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-08 20:02        46592        ----a-w-        c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-08 20:02        40960        ----a-w-        c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-08 20:02        21504        ----a-w-        c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-08 20:02        15360        ----a-w-        c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-08 20:02        55296        ----a-w-        c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-08 20:02        51712        ----a-w-        c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-08 20:02        43520        ----a-w-        c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-08 20:02        30720        ----a-w-        c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-08 20:02        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-08 20:02        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-08 20:02        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-08 20:02        23552        ----a-w-        c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-08 20:02        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-08 20:02        46592        ----a-w-        c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-08 20:02        20480        ----a-w-        c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-08 20:02        21504        ----a-w-        c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-08 20:02        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-08 20:02        15360        ----a-w-        c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-08 20:02        55296        ----a-w-        c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-08 20:02        51712        ----a-w-        c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-08 20:02        362496        ----a-w-        c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-08 20:02        243200        ----a-w-        c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-08 20:02        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-08 20:02        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-08 20:02        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-08 20:02        1161216        ----a-w-        c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-08 20:02        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-08 20:02        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-08 20:02        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:02        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-04-05 231424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe" [2013-01-09 1035216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys [2011-09-16 31608]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2013-01-12 62368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2013-01-12 54176]
S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-03-22 96376]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2013-01-12 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2013-01-12 65008]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-11-23 106648]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2013-01-12 64416]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 StarRAM;StarRAM Storage Controller;c:\windows\system32\DRIVERS\StarRAM.sys [2010-03-29 65368]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-11-29 1548312]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\AntiVirus\AVK\AVKService.exe [2012-11-29 469016]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2012-11-29 2012592]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\tim_oO\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011-09-18 40960]
S2 StarRAMService;StarRAM Service;c:\program files\StarWind Software\RAM Disk\StarRAMService.exe [2010-03-29 94720]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2012-08-28 112640]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2012-08-28 34560]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 14:47]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 11:07]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 11:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"Ocs_SM"="c:\users\tim_oO\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-09-18 106496]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\tim_oO\AppData\Roaming\Mozilla\Firefox\Profiles\clbrt290.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.ftp - 176.31.111.181
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 176.31.111.181
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 176.31.111.181
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 176.31.111.181
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\AnyPC Client\APLanMgrC.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-25  20:18:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-25 19:18
.
Vor Suchlauf: 11 Verzeichnis(se), 39.191.449.600 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 39.068.647.424 Bytes frei
.
- - End Of File - - 00745AB1AF100B45D4D62FF98237A6A3
Firewall und Sicherheitscenter scheinen wieder aktiv zu sein.

markusg 25.02.2013 20:27
hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

tempotimes 25.02.2013 20:42
Code:
benötigt:
7-Zip 9.20 (x64 edition)        Igor Pavlov        01.02.2013        4,53MB        9.20.00.0
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        08.02.2013        6,00MB        11.5.502.149
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        08.02.2013        6,00MB        11.5.502.149
Adobe Reader X (10.1.5) - Deutsch        Adobe Systems Incorporated        16.01.2013        122MB        10.1.5
Age of Empires 2 & The Conquerors v1.1 Userpatch AiO version 0.2        line0        11.04.2012        696MB        0.2
Age of Empires II - the Conquerors WideScreen Patcher        Boekabart        11.04.2012        208KB        1.0.40
Anno 1701        Sunflowers        18.09.2011                1.00
ANNO 2070        Ubisoft        20.12.2011                1.0.0.0
AnyDVD        SlySoft        24.12.2011                6.8.9.0
Atheros Client Installation Program        Atheros        15.12.2009                1.0.1.0805
BatteryLifeExtender        Samsung        15.12.2009        14,2MB        1.0.1
BrettspielWelt                26.10.2011               
CCleaner        Piriform        22.08.2012                3.22
ChargeableUSB        SAMSUNG        15.12.2009                1.0.0.0
CloneDVD2        Elaborate Bytes        24.12.2011                2.9.3.0
Compatibility Pack für 2007 Office System        Microsoft Corporation        08.01.2013        177MB        12.0.6612.1000
Counter-Strike        Valve        18.09.2011               
Diablo II        Blizzard Entertainment        18.09.2011               
Diablo III        Blizzard Entertainment        15.02.2013                1.0.7.14633
Easy Display Manager        Samsung Electronics Co., Ltd.        15.12.2009                3.0
Easy Network Manager        Samsung        15.12.2009        19,0MB        4.2.4
Easy SpeedUp Manager        Samsung Electronics Co.,Ltd.        15.12.2009                3.0.0.5
EasyBatteryManager        Samsung        15.12.2009                4.0.0.3
F.E.A.R. 3                18.09.2011               
foobar2000 v1.1.7        Peter Pawlowski        16.09.2011        7,85MB        1.1.7
G Data AntiVirus 2012        G Data Software AG        16.09.2011        73,7MB        22.0.0.0
GIMP 2.6.8                21.09.2011               
Grand Theft Auto Vice City                11.10.2011                1.00.000
Half-Life 2        Valve        15.01.2013               
Half-Life 2: Episode One        Valve        15.01.2013               
Half-Life 2: Episode Two        Valve        15.01.2013               
Heroes II Gold                14.02.2013               
Intel(R) Rapid Storage Technology        Intel Corporation        25.02.2013                9.5.4.1001
Intel(R) Turbo Boost Technology Driver        Intel Corporation        15.12.2009                01.00.01.1002
Java(TM) 6 Update 30        Sun Microsystems, Inc.        26.10.2011        94,9MB        6.0.300
Java(TM) 6 Update 30 (64-bit)        Oracle        18.01.2012        91,8MB        6.0.300
League of Legends        Riot Games        09.01.2012                1.02.0000
LogMeIn Hamachi        LogMeIn, Inc.        22.02.2013                2.1.0.294
Marvell Miniport Driver        Marvell        15.12.2009                11.22.3.3
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        18.09.2011        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        18.09.2011        2,93MB        4.0.30319
Microsoft Office Home and Student 2010        Microsoft Corporation        17.01.2012                14.0.6029.1000
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        23.09.2011        300KB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        18.09.2011        788KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        23.09.2011        788KB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        19.12.2011        240KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        16.09.2011        596KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        23.09.2011        600KB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        15.11.2012        13,8MB        10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        15.11.2012        15,0MB        10.0.40219
Microsoft Works        Microsoft Corporation        11.10.2012        878MB        9.7.0621
Mozilla Firefox 19.0 (x86 de)        Mozilla        20.02.2013        45,1MB        19.0
Mozilla Maintenance Service        Mozilla        20.02.2013        330KB        19.0
Mozilla Thunderbird 17.0.2 (x86 de)        Mozilla        10.01.2013        41,9MB        17.0.2
Mp3tag v2.49a        Florian Heidenreich        19.11.2011                v2.49a
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        25.09.2011        1,27MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.09.2011        1,33MB        4.20.9876.0
Nokia Connectivity Cable Driver        Nokia        29.01.2012        3,94MB        7.1.69.0
Nokia Suite        Nokia        29.01.2012                3.3.86.0
NVIDIA Grafiktreiber 314.07        NVIDIA Corporation        23.02.2013                314.07
NVIDIA HD-Audiotreiber 1.3.23.1        NVIDIA Corporation        23.02.2013                1.3.23.1
NVIDIA PhysX-Systemsoftware 9.12.1031        NVIDIA Corporation        23.02.2013                9.12.1031
NVIDIA Update 1.12.12        NVIDIA Corporation        23.02.2013                1.12.12
Office 2010 Trial Extender        DiSTANTX        21.05.2012        834KB        1.0.0.4
PC Connectivity Solution        Nokia        29.01.2012        20,8MB        11.5.29.0
Pidgin                21.11.2012                2.10.6
Pidgin-Encryption Plugin (nur entfernen)                21.11.2012               
pidgin-otr 4.0.0-1        Cypherpunks CA        01.02.2013                4.0.0-1
PokerStars.eu        PokerStars.eu        05.12.2012               
Portal        Valve        15.01.2013       
Postal 2                16.06.2012               
Project64 1.6        Project64        18.09.2011        3,46MB        1.6
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        15.12.2009                6.0.1.5969
REALTEK Wireless LAN Software        REALTEK Semiconductor Corp.        15.12.2009                1.01.0088       
Samsung R-Series        Samsung        15.12.2009        24,2MB        1.0
Samsung Recovery Solution 4        Samsung        15.12.2009                4.0.0.41
Samsung Support Center        Samsung        15.12.2009        40,8MB        1.0.21
Samsung Update Plus        Samsung Electronics Co., Ltd.        15.12.2009                2.0
SearchAnonymizer                18.09.2011                1.0.1 (de)
Serious Sam 2                01.02.2013
Skype™ 5.10        Skype Technologies S.A.        28.08.2012        19,3MB        5.10.116
Source SDK Base 2007        Valve        10.10.2012               
StarCraft II        Blizzard Entertainment        01.02.2013                1.4.4.22418
Steam        Valve Corporation        16.09.2011        1,59MB        1.0.0.0
SteelSeries Engine        SteelSeries        08.05.2012                2.2.927.31327
Stellarium 0.11.4        Stellarium team        11.09.2012        91,2MB        0.11.4
Synaptics Pointing Device Driver        Synaptics Incorporated        15.12.2009                14.0.10.0
Team Fortress 2        Valve        15.01.2013               
teXXas        metaspinner media GmbH        16.09.2011                1
TmNationsForever        Nadeo        05.09.2012               
Ubisoft Game Launcher        UBISOFT        20.12.2011                1.0.0.0
VirtualCloneDrive        Elaborate Bytes        16.09.2011               
VLC media player 2.0.3        VideoLAN        12.08.2012                2.0.3
vShare.tv plugin 1.3        vShare.tv, Inc.        20.09.2011                1.3
Wer wird Millionär        Eidos Interactive        24.06.2012        401MB        1.0.0.0000
WIDCOMM Bluetooth Software        Broadcom Corporation        12.01.2013        258MB        6.2.1.800
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)        Broadcom        16.09.2011                07/30/2009 6.2.0.9405
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)        Broadcom        16.09.2011                09/11/2009 6.2.0.9407
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)        Broadcom        16.09.2011                07/28/2009 6.2.0.9800
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)        Nokia        29.01.2012                08/22/2008 7.0.0.0
Xvid 1.1.3 final uninstall        Xvid team (Koepi)        03.03.2012                1.1
Zak McKracken - Between Time and Space                03.03.2012               


unnötig:
AIDA64 Extreme Edition v2.00        FinalWire Ltd.        12.11.2011        22,3MB        2.00
AnyPC Client        Doctorsoft        15.12.2009                1.0.0.23
Celestia 1.6.1        Shatters Software        02.02.2013        66,5MB       
EVEREST Ultimate Edition v5.50        Lavalys, Inc.        28.05.2012                5.50
Google Earth Plug-in        Google        12.09.2012        48,7MB        6.2.2.6613
JDownloader 0.9        AppWork GmbH        19.12.2011                0.9
MeldaProduction MFreeEffectsBundle64 7        MeldaProduction        26.12.2012
Microsoft IntelliPoint 8.2        Microsoft Corporation        18.09.2011                8.20.468.0
Portal 2                13.05.2012               
Risen        Deep Silver        22.02.2012                1.00.0000
SopCast 3.4.0        www.sopcast.com        18.10.2011                3.4.0
StarWind RAM Disk (build 2010-03-10)        StarWind Software        14.08.2012
Veetle TV        Veetle, Inc        18.10.2011                0.9.18


unbekannt:
/

markusg 25.02.2013 21:09
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



G Data homepage besuchen, 2013 laden und instalieren.
deinstaliere:
Java alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
deinstaliere unnötige.
Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

tempotimes 25.02.2013 21:34
Vertraunswürdige Zertifikate aus einer früheren Version importieren?
Würd jetzt mal denken nein, aber ich frag einfach mal.

#Schon gut, habs gelassen.

##Also das Programm sagt, dass es G-Data 2013 ist, nur Windows und CCleaner geben es als die 2012er Version aus.

Code:
# AdwCleaner v2.113 - Datei am 25/02/2013 um 21:51:09 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : tim_oO - TIM_OO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\tim_oO\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
Ordner Gelöscht : C:\Program Files (x86)\vShare.tv plugin
Ordner Gelöscht : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\tim_oO\AppData\Roaming\Mozilla\Firefox\Profiles\clbrt290.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2789 octets] - [25/02/2013 21:51:09]

########## EOF - C:\AdwCleaner[S1].txt - [2849 octets] ##########

markusg 25.02.2013 21:55
ja kannst du importieren.

tempotimes 25.02.2013 22:20
Also Sicherheitscenter und Firewall sind wieder aktiv, aber das Wartungscenter-Fähnchen in der Taskleiste erscheint nicht und lässt sich auch nicht manuell einstellen, da das Feld grau ist.

markusg 25.02.2013 22:23
mach bitte das, was hier steht.

tempotimes 25.02.2013 22:24
Ich habe doch die Logdatei gepostet. Im vorigen Post.

markusg 25.02.2013 22:35
ja, aber nach dem ich geantwortet hatte, deswegen hab ichs übersehen
HitmanPro - Download - Filepony
hitmanpro laden, doppelklicken, Lizenz, Testlizenz.
Auf Scan, nichts löschen.
auf weiter, Log als XML exportieren und posten, bzw packen und anhängen

tempotimes 25.02.2013 22:55
Ok, kommt nicht wieder vor.

markusg 25.02.2013 22:57
ok ein neues otl log bitte

tempotimes 25.02.2013 23:20
Keine neue Extras.txt vorhanden.

Code:
OTL logfile created on: 2/25/2013 11:00:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\tim_oO\Desktop\Programme\Pc Cleaner\Diagnose\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 53.11% Memory free
7.71 Gb Paging File | 5.53 Gb Available in Paging File | 71.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98.78 Gb Total Space | 37.02 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive D: | 300.29 Gb Total Space | 106.62 Gb Free Space | 35.51% Space Free | Partition Type: NTFS
Drive F: | 182.00 Gb Total Space | 52.36 Gb Free Space | 28.77% Space Free | Partition Type: NTFS
 
Computer Name: TIM_OO-PC | User Name: tim_oO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/24 20:54:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tim_oO\Desktop\Programme\Pc Cleaner\Diagnose\OTL\OTL.exe
PRC - [2013/02/10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012/11/29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
PRC - [2012/03/29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2009/11/04 05:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 12:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 02:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/02/19 17:47:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012/11/29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012/11/29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/09/18 20:16:08 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\tim_oO\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/10/02 18:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/12 14:32:52 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013/01/12 14:32:51 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013/01/12 14:32:25 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013/01/12 14:32:25 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013/01/12 14:32:25 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012/12/19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/11/23 16:40:42 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012/08/28 03:00:32 | 000,112,640 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:64bit: - [2012/08/28 03:00:26 | 000,034,560 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/22 17:53:21 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR250.SYS -- (SMR250)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 21:09:56 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/02/22 21:09:52 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/12/13 03:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/12/04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/09/16 18:03:35 | 000,031,608 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/10 04:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/02 08:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/28 19:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/28 19:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 21:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011/12/04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{02BFE015-07A4-4687-909A-6EE9B5FC0442}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&k=0
IE - HKCU\..\SearchScopes\{1BF1A860-37CE-4EE7-B914-9C72BA51D79D}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{247BBEF0-9B17-41CE-ADF0-EBE921F37472}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D314937534D534E5F64654445343439&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&k=0
IE - HKCU\..\SearchScopes\{6C2D1982-5FBC-4D96-A5F3-8147C2AA512A}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{A07B6181-59BF-4CB3-B86D-16776628B5F9}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C162E0C4-337A-4790-93FD-DAFC61871FED}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=e821635f-c958-45fd-ab77-853782aa193e&pid=murb&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:7.6.0.2
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..network.proxy.ftp: "176.31.111.181"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "176.31.111.181"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "176.31.111.181"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "176.31.111.181"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/01/29 14:59:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/19 17:47:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/25 21:51:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/09 18:56:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/01/29 14:59:32 | 000,000,000 | ---D | M]
 
[2011/09/17 01:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Extensions
[2013/02/24 12:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Firefox\Profiles\clbrt290.default\extensions
[2012/11/16 23:55:21 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Firefox\Profiles\clbrt290.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012/09/16 10:21:25 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\tim_oO\AppData\Roaming\mozilla\Firefox\Profiles\clbrt290.default\extensions\ich@maltegoetz.de
[2012/07/05 15:54:08 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013/02/10 10:11:46 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\stealthyextension@gmail.com.xpi
[2013/01/30 22:46:20 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013/01/05 15:19:13 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/14 09:39:40 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/09/18 20:16:11 | 000,002,071 | ---- | M] () -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\searchplugins\{2967D1BD-ACCB-4C10-A2BB-A616EAA0FCC0}.xml
[2011/09/18 20:16:11 | 000,002,182 | ---- | M] () -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\searchplugins\{7D78468A-EB75-4471-BDE7-709B08A1152D}.xml
[2011/09/18 20:16:11 | 000,001,864 | ---- | M] () -- C:\Users\tim_oO\AppData\Roaming\mozilla\firefox\profiles\clbrt290.default\searchplugins\{E168B10A-97BC-400A-B82A-3A0E2812B203}.xml
[2013/02/19 17:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/02/19 17:47:45 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2013/02/19 17:47:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2013/02/19 17:47:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/10 13:09:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/29 23:38:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/10 13:09:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/10 13:09:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/10 13:09:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/10 13:09:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013/02/25 20:13:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\tim_oO\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKCU..\Run: [SteelSeries Engine] C:\Programme\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2013/02/25 22:59:09 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2013/02/25 22:59:09 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2013/02/25 22:59:09 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2013/02/25 22:59:09 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2013/02/25 22:59:09 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2013/02/25 22:59:09 | 000,000,000 | ---D | M]
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3EDA5FB-2992-4B99-9B89-788630AD6D22}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF03C53C-6E49-4CC4-A855-9F9FFD0625AF}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk -  - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
MsConfig:64bit - StartUpReg: APLangApp - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: mcagent_exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: MSC - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDVD8LanguageShortcut - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RemoteControl8 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RESTART_STICKY_NOTES - hkey= - key= - C:\Windows\SysNative\StikyNot.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/25 22:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/02/25 22:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/02/25 21:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/02/25 21:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/02/25 20:13:35 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/02/25 20:11:28 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/02/25 20:00:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/02/25 20:00:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/02/25 20:00:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/02/25 19:58:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/25 19:52:48 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/02/24 12:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\4shared Desktop
[2013/02/23 23:42:28 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Malwarebytes
[2013/02/23 23:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/23 23:42:06 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Local\Programs
[2013/02/23 22:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/02/22 22:47:31 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\hamachi.sys
[2013/02/22 22:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/02/22 22:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/02/22 22:47:08 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Local\LogMeIn Hamachi
[2013/02/19 17:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/14 20:00:33 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3DO
[2013/02/14 20:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
[2013/02/14 19:29:10 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/02/01 23:46:10 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2 Patch 2.066.00
[2013/02/01 23:44:08 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll
[2013/02/01 23:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/01 23:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/02/01 22:56:54 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2013/02/01 22:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2013/02/01 22:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pidgin-otr
[2013/02/01 22:38:06 | 000,000,000 | ---D | C] -- C:\Users\tim_oO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
[2013/02/01 22:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/25 22:25:00 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/25 22:00:46 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/25 22:00:46 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/25 21:54:09 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/25 21:53:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/25 21:53:08 | 3106,103,296 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/25 20:13:34 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/02/25 15:56:03 | 000,993,209 | ---- | M] () -- C:\windows\SysWow64\sig.bin
[2013/02/25 15:56:03 | 000,052,413 | ---- | M] () -- C:\windows\SysWow64\nmp.map
[2013/02/24 05:32:07 | 000,389,920 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/02/24 02:28:35 | 001,520,734 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/02/24 02:28:35 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/02/24 02:28:35 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/02/24 02:28:35 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/02/24 02:28:35 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/02/23 23:40:29 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/02/23 23:13:04 | 000,002,539 | ---- | M] () -- C:\Users\tim_oO\Hkey.reg
[2013/02/11 00:57:07 | 000,124,201 | ---- | M] () -- C:\Users\tim_oO\AppData\Local\ars.cache
[2013/02/10 04:25:27 | 000,017,738 | ---- | M] () -- C:\windows\SysNative\nvinfo.pb
[2013/02/09 13:15:55 | 000,000,036 | ---- | M] () -- C:\Users\tim_oO\AppData\Local\housecall.guid.cache
[2013/02/01 23:44:08 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll
[2013/02/01 00:01:44 | 000,002,072 | ---- | M] () -- C:\Users\tim_oO\.recently-used.xbel
[2013/01/27 22:52:09 | 000,007,606 | ---- | M] () -- C:\Users\tim_oO\AppData\Local\Resmon.ResmonCfg
[2013/01/27 15:14:48 | 000,081,333 | ---- | M] () -- C:\Users\tim_oO\treib.jpg
 
========== Files Created - No Company Name ==========
 
[2013/02/25 21:31:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/02/25 20:00:28 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/02/25 20:00:28 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/02/25 20:00:28 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/02/25 20:00:28 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/02/25 20:00:28 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/02/23 23:17:34 | 000,001,912 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/02/23 22:50:54 | 000,017,738 | ---- | C] () -- C:\windows\SysNative\nvinfo.pb
[2013/02/09 13:32:06 | 000,124,201 | ---- | C] () -- C:\Users\tim_oO\AppData\Local\ars.cache
[2013/02/09 13:15:55 | 000,000,036 | ---- | C] () -- C:\Users\tim_oO\AppData\Local\housecall.guid.cache
[2013/02/09 13:10:11 | 000,002,539 | ---- | C] () -- C:\Users\tim_oO\Hkey.reg
[2013/02/01 00:01:44 | 000,002,072 | ---- | C] () -- C:\Users\tim_oO\.recently-used.xbel
[2013/01/27 15:14:48 | 000,081,333 | ---- | C] () -- C:\Users\tim_oO\treib.jpg
[2013/01/01 19:18:02 | 000,104,440 | ---- | C] () -- C:\Users\tim_oO\268539_539437299401772_1724037471_n.jpg
[2012/12/20 23:07:27 | 000,036,058 | ---- | C] () -- C:\Users\tim_oO\281742_3948986651780_688252857_n.jpg
[2012/09/12 13:46:37 | 000,025,802 | ---- | C] () -- C:\Users\tim_oO\smiley.jpg
[2012/08/19 21:41:37 | 000,007,606 | ---- | C] () -- C:\Users\tim_oO\AppData\Local\Resmon.ResmonCfg
[2012/06/19 12:04:08 | 002,351,742 | ---- | C] () -- C:\Users\tim_oO\5851448161_8a81580842_o.jpg
[2012/04/11 19:48:06 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\iyvu9_32.dll
[2012/03/22 17:53:36 | 000,000,108 | ---- | C] () -- C:\Users\tim_oO\AppData\Roaming\SMRBackup250.dat
[2012/03/03 21:18:28 | 000,765,952 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012/03/03 21:18:28 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/12/25 13:55:37 | 000,000,133 | ---- | C] () -- C:\windows\VobEdit.INI
[2011/12/24 18:34:31 | 000,000,280 | ---- | C] () -- C:\windows\IfoEdit.INI
[2011/12/24 17:52:42 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/11/19 15:52:20 | 000,000,284 | ---- | C] () -- C:\Users\tim_oO\AppData\Roaming\groovedown.settings
[2011/11/19 15:52:20 | 000,000,000 | ---- | C] () -- C:\Users\tim_oO\AppData\Roaming\gd.db
[2011/09/22 22:50:44 | 000,029,100 | ---- | C] () -- C:\Users\tim_oO\de_Nordwest_Europa_900.html
[2011/09/16 18:10:38 | 000,993,209 | ---- | C] () -- C:\windows\SysWow64\sig.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/25 22:59:51 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\.purple
[2011/10/23 14:43:59 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\BOM
[2012/02/14 19:12:46 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\BSW
[2011/11/12 11:29:14 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\DesktopIconForAmazon
[2013/02/25 22:59:55 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\foobar2000
[2013/01/31 17:58:51 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\gtk-2.0
[2011/11/19 15:52:20 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\lang
[2013/02/25 21:19:57 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\MeldaProduction
[2013/01/25 16:25:40 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Mp3tag
[2012/01/29 15:00:42 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Nokia
[2011/09/18 20:16:08 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\OCS
[2011/09/18 20:16:11 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Opera
[2012/01/29 14:16:25 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\PC Suite
[2012/05/08 14:40:06 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\SteelSeries
[2012/09/12 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Stellarium
[2011/09/18 20:24:02 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Thunderbird
[2011/12/19 13:39:26 | 000,000,000 | ---D | M] -- C:\Users\tim_oO\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013/02/25 20:13:35 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/09/16 16:27:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013/02/14 19:29:17 | 000,000,000 | ---D | M] -- C:\Downloads
[2010/03/30 08:36:22 | 000,000,000 | -H-D | M] -- C:\found.000
[2009/12/15 08:17:00 | 000,000,000 | ---D | M] -- C:\Intel
[2012/01/17 20:48:51 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011/12/20 14:10:06 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/02/25 22:43:41 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/02/25 22:22:34 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013/02/25 22:42:21 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011/09/16 16:27:34 | 000,000,000 | -HSD | M] -- C:\Programme
[2013/02/25 20:18:44 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011/09/16 16:27:34 | 000,000,000 | ---D | M] -- C:\Recovery
[2013/02/25 23:01:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/09/14 15:28:00 | 000,000,000 | ---D | M] -- C:\temp
[2013/02/23 22:55:15 | 000,000,000 | R--D | M] -- C:\Users
[2011/09/13 04:46:06 | 000,000,000 | ---D | M] -- C:\windiag
[2013/02/25 21:53:06 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010/11/20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/09/12 12:07:13 | 000,001,106 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/09/12 12:07:16 | 000,001,110 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/10/06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 07:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 07:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\windows\SysNative\drivers\iaStor.sys
[2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013/02/01 00:01:44 | 000,002,072 | ---- | M] () -- C:\Users\tim_oO\.recently-used.xbel
[2013/01/01 19:18:03 | 000,104,440 | ---- | M] () -- C:\Users\tim_oO\268539_539437299401772_1724037471_n.jpg
[2012/12/20 23:07:28 | 000,036,058 | ---- | M] () -- C:\Users\tim_oO\281742_3948986651780_688252857_n.jpg
[2012/06/19 12:04:10 | 002,351,742 | ---- | M] () -- C:\Users\tim_oO\5851448161_8a81580842_o.jpg
[2011/09/22 22:50:45 | 000,029,100 | ---- | M] () -- C:\Users\tim_oO\de_Nordwest_Europa_900.html
[2013/02/23 23:13:04 | 000,002,539 | ---- | M] () -- C:\Users\tim_oO\Hkey.reg
[2012/02/25 16:29:58 | 000,000,345 | ---- | M] () -- C:\Users\tim_oO\muziK.txt
[2013/02/09 02:47:10 | 000,000,168 | ---- | M] () -- C:\Users\tim_oO\Neues Textdokument.txt
[2013/02/24 23:12:13 | 000,001,251 | ---- | M] () -- C:\Users\tim_oO\Notizen.txt
[2013/02/25 23:15:10 | 002,097,152 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT
[2013/02/25 23:15:10 | 000,262,144 | -HS- | M] () -- C:\Users\tim_oO\ntuser.dat.LOG1
[2011/09/16 16:28:53 | 000,000,000 | -HS- | M] () -- C:\Users\tim_oO\ntuser.dat.LOG2
[2011/09/16 16:43:48 | 000,065,536 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/09/16 16:43:48 | 000,524,288 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/09/16 16:43:48 | 000,524,288 | -HS- | M] () -- C:\Users\tim_oO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/09/16 16:28:53 | 000,000,020 | -HS- | M] () -- C:\Users\tim_oO\ntuser.ini
[2012/12/10 17:31:15 | 000,000,192 | ---- | M] () -- C:\Users\tim_oO\ogame.txt
[2012/09/12 13:46:38 | 000,025,802 | ---- | M] () -- C:\Users\tim_oO\smiley.jpg
[2013/01/27 15:14:49 | 000,109,568 | -HS- | M] () -- C:\Users\tim_oO\Thumbs.db
[2013/01/27 15:14:48 | 000,081,333 | ---- | M] () -- C:\Users\tim_oO\treib.jpg
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

markusg 25.02.2013 23:22
zusätzlich ein neues gmer log:
http://www.trojaner-board.de/74908-a...t-scanner.html

tempotimes 26.02.2013 00:16
Code:
GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-26 00:12:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 596,17GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\tim_oO\AppData\Local\Temp\uwliipob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3960] C:\windows\SYSTEM32\ntdll.dll!DbgBreakPoint                                                                                0000000077690530 3 bytes [8B, 40, 30]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1944] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                0000000075811465 2 bytes [81, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1944] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                00000000758114bb 2 bytes [81, 75]
.text  ...                                                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\syswow64\USER32.dll!CreateWindowExW                                                                                            0000000076048a29 5 bytes JMP 00000001709e38b4
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW                                                                                    000000007606cbf3 5 bytes JMP 0000000170b1fdf0
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\syswow64\USER32.dll!DialogBoxParamW                                                                                            000000007606cfca 5 bytes JMP 0000000170917f51
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\syswow64\USER32.dll!DialogBoxParamA                                                                                            000000007608cb0c 5 bytes JMP 0000000170b1fd8d
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA                                                                                    000000007608ce64 5 bytes JMP 0000000170b1fe53
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA                                                                                        000000007609fbd1 5 bytes JMP 0000000170b1fd22
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW                                                                                        000000007609fc9d 5 bytes JMP 0000000170b1fcb7
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\syswow64\USER32.dll!MessageBoxExA                                                                                              000000007609fcd6 5 bytes JMP 0000000170b1fc55
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\syswow64\USER32.dll!MessageBoxExW                                                                                              000000007609fcfa 5 bytes JMP 0000000170b1fbf3
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                            0000000075ec93ec 5 bytes JMP 0000000170b20952
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                    0000000075811465 2 bytes [81, 75]
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                  00000000758114bb 2 bytes [81, 75]
.text  ...                                                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW  000000007212388e 5 bytes JMP 0000000170b2139a
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet  00000000721c7922 5 bytes JMP 0000000170b2143b
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW                                                                                            0000000077262694 3 bytes JMP 0000000170b20b4b
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[3212] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW + 4                                                                                        0000000077262698 1 byte [F9]
?      C:\windows\system32\mssprxy.dll [3212] entry point in ".rdata" section                                                                                                                                000000006b0671e6

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff                                                                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f493                                                                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652                                                                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b6d7fef7                                                                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe9a12fa                                                                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe9a12fa@80501bd26c07                                                                                                              0x1C 0x79 0xB0 0x4B ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)                                                                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f493 (not active ControlSet)                                                                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)                                                                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b6d7fef7 (not active ControlSet)                                                                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fe9a12fa (not active ControlSet)                                                                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fe9a12fa@80501bd26c07                                                                                                                  0x1C 0x79 0xB0 0x4B ...

---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0                                                                                                                                                                                  unknown MBR code

---- Files - GMER 2.1 ----

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001B3.log                                                                                                                                1048576 bytes

---- EOF - GMER 2.1 ----

markusg 26.02.2013 15:22
windows cd zur hand?

tempotimes 26.02.2013 15:41
Hi,

beachte die Mail nicht. Ich glaube schon, dass ich eine zu Hause rumliegen habe. Werde gleich mal nachschauen.

markusg 26.02.2013 15:42
wieso schreibst du es dann, wenn ichs nicht lesen soll, lass solche zwischenposts bitte einfach weg, und gucke zuhause nach

tempotimes 26.02.2013 16:29
Ok, leider ist grad keine vorhanden. Ich hab aber ne USB-Stick Version von Win7 aufm Rechner..allerdings ist diese auf dem selben Rechner.

markusg 26.02.2013 17:51
dann mal auf den stick damit, und von dort fixmbr und fixboot ausführen, dann neustarten und neues gmer log
Tipparchiv - MBR unter Vista oder Windows 7 reparieren - WinTotal.de

tempotimes 26.02.2013 20:18
/FixMbr erfolgreich abgeschlossen.
Bei /FixBoot kam: "Auf dem Datenträger befindet sich kein erkanntes Dateisystem. Stellen Sie sicher, dass alle benötigten Dateisystemtreiber geladen sind und dass der Datenträger nicht beschädigt ist."

markusg 26.02.2013 20:19
hmm, das klingt nach ner evtl. beschädigten instalation durch das rootkit oder nach ner kaputten festplatte.
weist du welche platte verbaut, und wie alt sie ist?

tempotimes 26.02.2013 20:24
Samsung HM641JI laut Datenblatt. Also ich hatte vor 2 Jahren mal ne defekte Festplatte in dem Laptop, dann komplett eingeschickt und bekam den heile wieder. Da ich davon ausgehe, dass eine neue eingebaut wurde, sollte sie 2 Jahre alt sein.

markusg 26.02.2013 20:35
hi schau mal:
http://www.chip.de/downloads/Samsung..._29716435.html

tempotimes 26.02.2013 20:52
Ist nicht mit 64Bit-Systemen kompatibel und ich finde keine 64Bit-Version.

markusg 26.02.2013 21:01
versuch mal dies:
HD Tune website

tempotimes 26.02.2013 21:04
Error Scan?

markusg 26.02.2013 21:17
welche fehlermeldung?
bitte als text posten

tempotimes 26.02.2013 21:22
Beim Quickscan kam keine Fehlermeldung. 0.0% damaged Blocks.
Hab jetzt noch den Full Scan ausgeführt, dauert aber lange, soll ich den weiter laufen lassen?

markusg 26.02.2013 21:24
ja, alle Programme abschalten, nicht am pc arbeiten

tempotimes 26.02.2013 23:53
Code:
HD Tune Pro: SAMSUNG HM641JI          Error Scan

Scanned data  : 639 gB
Damaged Blocks : 0.0 %
Elapsed Time  : 2:27:36

markusg 27.02.2013 12:41
Ok, was genau funktioniert noch nicht? sicherheitscenter geht?

tempotimes 27.02.2013 12:58
Hi,

also das Sicherheitscenter und die Firewall funktionieren wieder und sind auch wieder unter den Diensten aufgelistet. Das Fähnchen in der Taskleiste ist aber weder zu sehen, noch kann ich es manuell aktivieren. Ansonsten fallen mir keine Fehler auf. Außer halt, dass der "/FixBoot"-Befehl nicht ausgeführt worden konnte.

markusg 27.02.2013 13:05
also wie gesagt, ich würd das System neu aufsetzen, zumal du online einkaufst, irgendwas scheint da mit dem System noch nicht ganz rund zu laufen.

tempotimes 27.02.2013 13:13
Denkst du es würde zunächst mal reichen, nur die Partition auf der Windows installiert wurde zu formatieren und das System neu aufzusetzten?

markusg 27.02.2013 15:26
Wenn du noch andere partitionen mit instalationen hast, würd ich die auch neu machen, bzw mal allgemein alle partitionen löschen und neu erstellen, da es ja probleme beim erstellen des bootmanagers ga

tempotimes 27.02.2013 23:26
Folgendes Problem:
Ich kann bei der Win7 Installation keine Partition löschen und bis auf die aktuelle Windows-Partition keine formatieren.

Hab jetzt eine Partition unter Windows löschen können, bei der anderen wird gemeckert, dass sie noch in Verwendung sei und erzwingen will ich es nicht.

Ich hab auf dem Laptop ne Wiederherstellungspartition und das Programm Samsung Recovery Solution von Haus aus. Soll ich damit mal versuchen alles auf 0 zu setzen?

markusg 27.02.2013 23:41
jepp, das klingt gut.
danach treiber von der herstellerpage updaten und dann absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

tempotimes 27.02.2013 23:55
Okay klingt gut. Wiederherstellen ging nicht, da eine Datei nicht gefunden werden kann.
Soll ich nun einfach bei der Installation C formatieren und dann schauen was ich unter Windows noch mit den Partitionen anstellen kann?

markusg 28.02.2013 00:03
ja, versuch das mal.

tempotimes 28.02.2013 01:04
Also das formatieren hat geklappt und was die Partitionen betrifft lief auch alles rund.
Fähnchen ist auch grad erschienen. :)

Kurze Frage, wieso Chrome statt Firefox?

markusg 28.02.2013 17:08
Hi,
der Chrome beitet einige Sicherheitsfeatures die der FF nicht hatt, und er sollte auch was schneller sein.
schaun kostet ja nichts denke ich :-)
adblock für chrome:
http://filepony.de/download-adblock_chrome/
damit sollte das leben werbefreier von statten gehen.
ghostery um tracking zu verhindern:
http://filepony.de/download-ghostery_chrome/
HTTPS Everywhere
https://chrome.google.com/webstore/d...jekcdonpmejbdp
wählt, wenn möglich, eine sichere Verbindung
sicher surfen mit chrome:
Sicher surfen mit Google Chrome | Verbraucher sicher online

tempotimes 28.02.2013 17:15
Bei Ghostery alles blocken?
Achja und ich habe jetzt das AV von Emisoft installiert und hab Chrome drauf.

Und was sollte ich am Besten alles in die Sandbox reinhauen? Browser, Emailprogramm sind klar. Adobe Reader? Sonstige?

markusg 28.02.2013 17:30
bei ghostery kannst du alles blocken.

emsisoft öffnen, einstellungen klicken.
geplanter scan.
wähle starten um, ich persönlich hab monatlich, kannst aber auch wöchendlich einstellen.
uhrzeit, und bei monatlich ebenfalls datum wählen.
unsichtbar, falls du das scan fenster nicht sehen möchtest.
und verpasste scans nachholen.
auto update:
intervall, täglich, stündlich von 00.00 bis 23.59
heißt jede stunde updates.
einstellung: update
am antimalware network teilnemen.
die andern beiden haken, beta updates und zusätzliche sprachen, nicht setzen.

rest bleibt.
klicke jetzt auf wächter:
dort auf wächter.
verhaltensanalyse aktivieren, alles selektieren.
jetzt auf alarme:
aktiviere dort comunety basierte alarm reduktion.
unter anderem dafür gibt es das antimalware network.
die comunety basierte alarm reduktion betrifft die verhaltensanalyse.
emsisoft gibt, bei einigen programmen, meldungen raus, weil das verhalten des programmes dies notwendig macht.
da manche user sich damit nicht auskennen, was keine schande ist, :-) wird hier geprüft, wie viele nutzer haben programm x erlaubt oder blockiert.
hier haben wir im moment 90 % eingestellt, also wenn 90 % sagen, das programm ist io, wird ne erlauben regel angelegt, wenn sie sagen, programm x ist bösartig, automatisch blockiert.
wenn du dir das allein zutraust, musst du den haken nicht setzen.
wenn zb nur 70 % aller user sagen programm x ist gut oder bösartig, wird dir dies in einer grafik angezeigt
jetzt auf datei wächter.
standard atkion für erkannte objekte, alarmieren.
surf schutz:
hier alles auf blockieren mit info.
wenn es eine seite gibt, die versehens blockiert wird, kanns du die direkt über das popup erlauben was es bei der blockierung gibt, oder über host regeln.
wenn dir diese info popups nicht gefallen musst du alles auf unsichtbar blockieren stellen, aber drann denken, zu prüfen wenn du ne seite hast, die nicht geladen wird, ob emsi sie geblockt hatt.

das währe es, hoffe es war verständlich.

tempotimes 28.02.2013 17:40
Ja, war es. :) Hatte noch eine Frage wegen der Sandbox gestellt. Was soll ich da alles reinhauen? Browser und Emailprogramm sind klar. Wie ists mit Adobe Reader oder sonstigem?

markusg 28.02.2013 19:01
Browser und mail reichen, sorry hatte ich übersehen

tempotimes 28.02.2013 22:59
Macht ja nichts. Also auf jeden Fall vielen, vielen Dank für die Hilfe und die Tipps.
Ich überlege nur grad ob man nicht vielleicht ne .bat schreiben kann um Firefox bzw Thunderbird mit der Sandbox zu verknüpfen.

Schon gut, merk grad, dass sich ja auch durch Links der Browser öffnet und da gehts ja nur mit der Lizenz.

markusg 01.03.2013 13:59
hi
der standardbrowser lässt sich über das symbol sandboxed webbrowser öffnen, alle anderen zb über rechtsklick, in sandboxie starten, oder man nimmt halt die lebenslange Lizenz für 30 € die auf allen pcs gilt die man hatt, und nutzt erzwungene Programmstarts, hat den Vorteil, dass man nicht vergessen kann, in der sandbox zu arbeiten

tempotimes 13.03.2013 19:28
Hi,

hab n kleines Problem. Ich kann zwei Spiele nicht starten. BlackMesa und Anno2070.
Ich hab echt keine Ahnung woran es liegt. Keine Meldungen, nichts. Beim AV mal aus der Beobachtung rausgenommen, hat nichts gebracht. Irgendwelche Tipps?

markusg 14.03.2013 20:54
hi was heißt "nicht starten" welchen fehler gibts?
aktuelle patches von den games eingespielt, treiber aktuell direktx?

tempotimes 15.03.2013 18:37
Wie gesagt, keine Meldungen. Bei Anno wird der Prozess kurz im Tastmanager aufgelistet, danach verschwindet er wieder. Bei BlackMesa passiert Null.

Directx aktuell, Spiele aktuell.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19