Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei

halloworld · 17.07.2012, 17:57

könnt ihr euch mal den log ansehen ob irgendwas nicht ok ist?

danke im vorraus

erstellt mit otl.exe

otl.txt
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.07.2012 18:47:59 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\trancer\Downloads
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,73% Memory free
5,99 Gb Paging File | 4,57 Gb Available in Paging File | 76,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 162,32 Gb Total Space | 23,77 Gb Free Space | 14,65% Space Free | Partition Type: NTFS
Drive E: | 303,34 Gb Total Space | 85,83 Gb Free Space | 28,29% Space Free | Partition Type: NTFS
Drive F: | 48,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 2,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TRANCER-PC | User Name: trancer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\trancer\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGJE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\Installer\MSI4A8.tmp ()
PRC - C:\Programme\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HyperDeskCustomThemeEnabler) -- C:\Windows\Installer\MSI4A8.tmp ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Programme\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (catchme) -- C:\Users\trancer\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (vstor2-mntapi10-shared) Vstor2 MntApi 1.0 Driver (shared) -- C:\Windows\System32\drivers\vstor2-mntapi10-shared.sys (VMware, Inc.)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 6A 9D E5 19 61 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012.07.13 19:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.13 19:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.13 17:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trancer\AppData\Roaming\mozilla\Extensions
[2012.07.14 14:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trancer\AppData\Roaming\mozilla\Firefox\Profiles\31uxaeqv.default\extensions
[2012.07.14 14:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trancer\AppData\Roaming\mozilla\Firefox\Profiles\31uxaeqv.default\extensions\staged
[2012.07.17 18:19:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trancer\AppData\Roaming\mozilla\Firefox\Profiles\bp19d5zo.default\extensions
[2012.07.14 14:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.13 22:47:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.14 14:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - Extension: YouTube = C:\Users\trancer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\trancer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\trancer\AppData\Local\Apps\2.0\35Q8LEAK.MRY\KB481W7G.B5W\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Programme\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBEF4F6B-4277-469E-84E1-569596CE249C}: NameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O22 - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Programme\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.07.15 15:21:16 | 000,000,000 | ---D | M] - C:\auto -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.05.16 19:53:32 | 000,000,000 | ---D | M] - E:\autobilder -- [ NTFS ]
O32 - AutoRun File - [2010.11.21 02:25:07 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.17 18:31:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.17 18:25:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.17 18:25:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.17 18:25:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.17 18:24:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.17 18:23:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.17 18:12:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.07.17 18:12:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.07.17 18:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.07.17 18:02:21 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\SUPERAntiSpyware.com
[2012.07.17 18:02:18 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Google
[2012.07.17 18:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.07.17 18:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.07.17 18:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.07.17 18:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.07.17 17:55:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.17 17:55:07 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Malwarebytes
[2012.07.17 17:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.17 17:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.17 17:54:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.17 17:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.17 13:16:44 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Wireshark
[2012.07.17 13:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.07.17 13:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012.07.17 13:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012.07.17 11:23:07 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2012.07.17 11:23:03 | 000,063,488 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BGJE.DLL
[2012.07.17 11:22:16 | 000,341,504 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esw2ud.dll
[2012.07.17 11:22:16 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esdevapp.exe
[2012.07.17 11:22:16 | 000,012,800 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\escdev.dll
[2012.07.17 11:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012.07.17 11:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012.07.17 11:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012.07.17 11:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012.07.17 11:16:41 | 000,093,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBGJE.DLL
[2012.07.17 11:12:50 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2012.07.17 11:12:49 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2012.07.17 11:12:49 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2012.07.17 11:12:30 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Apps
[2012.07.17 11:12:29 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Deployment
[2012.07.17 08:44:59 | 000,000,000 | ---D | C] -- C:\d3
[2012.07.16 20:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.07.16 13:41:42 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\VMware
[2012.07.16 13:41:41 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\VMware
[2012.07.16 13:34:37 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
[2012.07.16 13:34:32 | 000,433,264 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
[2012.07.16 13:34:32 | 000,025,712 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys
[2012.07.16 13:34:28 | 000,783,472 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll
[2012.07.16 13:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012.07.16 13:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2012.07.16 13:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2012.07.16 13:34:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
[2012.07.16 13:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012.07.16 13:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012.07.16 13:11:13 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\uTorrent
[2012.07.15 15:32:12 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.07.15 15:30:24 | 000,000,000 | ---D | C] -- C:\Cryptload1.1.8
[2012.07.14 23:29:26 | 000,851,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinUSBCoInstaller2.dll
[2012.07.14 23:16:10 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2012.07.14 23:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 7.1
[2012.07.14 23:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\MiniTool Partition Wizard Home Edition 7.1
[2012.07.14 23:10:07 | 000,000,000 | ---D | C] -- C:\nadja
[2012.07.14 22:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD2 Toolkit
[2012.07.14 22:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\HD2 Toolkit
[2012.07.14 14:51:28 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Optimizer Pro
[2012.07.14 14:49:05 | 000,000,000 | ---D | C] -- C:\m3u
[2012.07.14 14:45:35 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Diagnostics
[2012.07.14 14:45:06 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Folders
[2012.07.14 14:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Folders
[2012.07.14 14:41:26 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playlist Creator 3.6.2
[2012.07.14 14:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Playlist Creator 3.6.2
[2012.07.14 14:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012.07.14 14:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2012.07.14 14:41:16 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\convert
[2012.07.14 12:35:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.14 12:35:23 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.14 12:35:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.14 12:35:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.14 12:35:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.14 12:35:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.14 12:35:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.14 12:35:00 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.14 12:34:55 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012.07.14 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Skinux
[2012.07.14 11:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Skins Factory
[2012.07.14 11:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\The Skins Factory
[2012.07.14 11:17:19 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Foxit Software
[2012.07.14 11:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012.07.14 11:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012.07.14 10:54:58 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012.07.14 10:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.07.14 10:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012.07.14 10:52:47 | 000,000,000 | ---D | C] -- C:\auto
[2012.07.14 10:01:57 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.14 10:01:25 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.14 10:01:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.14 09:13:37 | 000,000,000 | ---D | C] -- C:\glcd
[2012.07.13 23:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Sound Changer
[2012.07.13 23:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Sound Changer
[2012.07.13 23:11:26 | 000,000,000 | ---D | C] -- C:\Windows\BACKUPSSS
[2012.07.13 22:47:47 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Skype
[2012.07.13 22:47:40 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.07.13 22:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.13 22:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.07.13 22:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.07.13 21:14:44 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012.07.13 21:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012.07.13 21:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\QuickPar
[2012.07.13 21:12:38 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_edit_w7sbc.exe
[2012.07.13 21:12:38 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_backup_w7sbc.exe
[2012.07.13 21:12:38 | 000,000,000 | ---D | C] -- C:\Windows\W7SBC
[2012.07.13 19:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012.07.13 19:32:29 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Yahoo!
[2012.07.13 19:32:26 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.13 19:32:26 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.13 19:32:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012.07.13 19:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012.07.13 19:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012.07.13 19:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012.07.13 19:26:45 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Avira
[2012.07.13 19:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.13 19:21:07 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.13 19:21:07 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.13 19:21:07 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.07.13 19:21:07 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.07.13 19:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.13 19:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.07.13 19:18:07 | 000,028,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll
[2012.07.13 19:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.07.13 19:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.07.13 19:15:59 | 000,231,760 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012.07.13 19:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2012.07.13 19:14:34 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.13 19:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.13 19:09:47 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.07.13 19:09:47 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.07.13 19:09:42 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.07.13 19:09:42 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.07.13 19:09:42 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.07.13 19:09:36 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.07.13 19:09:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.07.13 19:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012.07.13 19:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.07.13 19:06:30 | 000,000,000 | R--D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.07.13 19:06:30 | 000,000,000 | R--D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.07.13 18:54:26 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.07.13 18:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.07.13 18:52:59 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\TrueCrypt
[2012.07.13 18:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2012.07.13 18:48:52 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Macromedia
[2012.07.13 18:48:52 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Macromedia
[2012.07.13 18:48:52 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Adobe
[2012.07.13 18:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\Theme Resource Changer
[2012.07.13 18:41:43 | 000,000,000 | ---D | C] -- C:\themes
[2012.07.13 18:41:30 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\WinRAR
[2012.07.13 18:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.07.13 18:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012.07.13 18:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012.07.13 18:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\F-Secure
[2012.07.13 18:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.07.13 18:24:13 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.07.13 18:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\G DATA Software
[2012.07.13 18:24:00 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\InstallShield
[2012.07.13 18:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012.07.13 18:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\G Data
[2012.07.13 18:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2012.07.13 18:01:13 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Downloaded Installations
[2012.07.13 17:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2012.07.13 17:45:25 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Mozilla
[2012.07.13 17:45:25 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Mozilla
[2012.07.13 17:45:01 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\RoboForm
[2012.07.13 17:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2012.07.13 17:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2012.07.13 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\trancer\Documents\My RoboForm Data
[2012.07.13 17:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.13 17:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.07.13 17:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2012.07.13 17:40:48 | 000,000,000 | R--D | C] -- C:\Users\trancer\Searches
[2012.07.13 17:40:34 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Identities
[2012.07.13 17:40:33 | 000,000,000 | R--D | C] -- C:\Users\trancer\Contacts
[2012.07.13 17:40:27 | 000,000,000 | --SD | C] -- C:\Users\trancer\AppData\Roaming\Microsoft
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Videos
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Saved Games
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Pictures
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Music
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Links
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Favorites
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Downloads
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Documents
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\Desktop
[2012.07.13 17:40:27 | 000,000,000 | R--D | C] -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Vorlagen
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\AppData\Local\Verlauf
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\AppData\Local\Temporary Internet Files
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Startmenü
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\SendTo
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Recent
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Netzwerkumgebung
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Lokale Einstellungen
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Documents\Eigene Videos
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Documents\Eigene Musik
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Eigene Dateien
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Documents\Eigene Bilder
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Druckumgebung
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Cookies
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\AppData\Local\Anwendungsdaten
[2012.07.13 17:40:27 | 000,000,000 | -HSD | C] -- C:\Users\trancer\Anwendungsdaten
[2012.07.13 17:40:27 | 000,000,000 | -H-D | C] -- C:\Users\trancer\AppData
[2012.07.13 17:40:27 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\VirtualStore
[2012.07.13 17:40:27 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Temp
[2012.07.13 17:40:27 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Local\Microsoft
[2012.07.13 17:40:27 | 000,000,000 | ---D | C] -- C:\Users\trancer\AppData\Roaming\Media Center Programs
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.07.13 17:40:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.07.13 17:40:14 | 000,000,000 | ---D | C] -- C:\Recovery
[2012.07.13 17:40:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.07.13 17:36:08 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012.07.13 17:35:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.17 18:33:55 | 000,019,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 18:33:55 | 000,019,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 18:32:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 18:26:34 | 000,656,612 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.17 18:26:34 | 000,618,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.17 18:26:34 | 000,131,010 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.17 18:26:34 | 000,107,400 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.17 18:21:41 | 000,001,434 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.07.17 18:21:13 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 18:21:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 18:20:57 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.17 18:14:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 18:03:18 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.17 18:02:15 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.17 18:02:06 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.17 17:54:58 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 11:22:16 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.07.17 11:21:34 | 000,063,488 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BGJE.DLL
[2012.07.17 11:21:34 | 000,008,192 | ---- | M] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2012.07.17 11:12:43 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2012.07.17 11:12:42 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2012.07.16 13:34:22 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012.07.16 13:34:16 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2012.07.16 13:11:46 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.07.16 08:35:09 | 1535,209,472 | ---- | M] () -- C:\Users\trancer\Documents\mondorescue1672012-1.iso
[2012.07.14 23:16:23 | 000,000,600 | ---- | M] () -- C:\Users\trancer\AppData\Roaming\winscp.rnd
[2012.07.14 23:12:23 | 000,001,244 | ---- | M] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
[2012.07.14 23:03:20 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\HD2 Toolkit.lnk
[2012.07.14 22:21:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_androidusb_01009.Wdf
[2012.07.14 20:59:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012.07.14 14:44:28 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.07.14 14:41:30 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.14 14:41:19 | 000,001,024 | ---- | M] () -- C:\Users\trancer\Desktop\Optimizer Pro.lnk
[2012.07.14 12:38:46 | 000,356,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.14 12:18:48 | 000,002,385 | ---- | M] () -- C:\Users\Public\Desktop\Hyperdesk - DarkMatter Solar Flare.lnk
[2012.07.14 12:16:57 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Hyperdesk - Star Trek TOS.lnk
[2012.07.14 12:15:20 | 000,002,315 | ---- | M] () -- C:\Users\Public\Desktop\Hyperdesk - Flagship.lnk
[2012.07.14 11:55:40 | 000,002,370 | ---- | M] () -- C:\Users\Public\Desktop\Hyperdesk - DarkMatter Subspace.lnk
[2012.07.14 11:17:11 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.07.14 10:54:26 | 000,001,071 | ---- | M] () -- C:\Users\trancer\Desktop\Sandboxed Web Browser.lnk
[2012.07.13 23:13:46 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Startup Sound Changer.lnk
[2012.07.13 23:12:50 | 004,658,750 | ---- | M] () -- C:\Windows\Fusion_S.scr
[2012.07.13 23:12:50 | 000,345,777 | ---- | M] () -- C:\Windows\uninstall Fusion_S.exe
[2012.07.13 22:47:40 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.13 22:04:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.13 22:04:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.13 21:14:44 | 000,000,969 | ---- | M] () -- C:\Users\trancer\Desktop\QuickPar.lnk
[2012.07.13 19:32:20 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012.07.13 19:21:19 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.13 19:18:10 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.07.13 19:16:02 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012.07.13 19:15:59 | 000,231,760 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012.07.13 19:15:18 | 000,001,799 | ---- | M] () -- C:\Users\trancer\Desktop\WinSCP.lnk
[2012.07.13 19:08:11 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.07.13 19:07:33 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.13 17:38:08 | 000,000,771 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012.07.13 17:36:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.17 18:25:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.17 18:25:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.17 18:25:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.17 18:25:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.17 18:25:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.17 18:03:18 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.17 18:02:24 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 18:02:24 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 18:02:15 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.17 17:54:58 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 13:12:07 | 000,001,704 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012.07.17 11:22:16 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.07.16 13:34:22 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012.07.16 13:34:16 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2012.07.16 13:11:46 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.07.16 12:48:24 | 1535,209,472 | ---- | C] () -- C:\Users\trancer\Documents\mondorescue1672012-1.iso
[2012.07.14 23:16:38 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012.07.14 23:12:38 | 000,922,184 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2012.07.14 23:12:38 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2012.07.14 23:12:37 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2012.07.14 23:12:23 | 000,001,244 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
[2012.07.14 22:56:57 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\HD2 Toolkit.lnk
[2012.07.14 22:21:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_androidusb_01009.Wdf
[2012.07.14 20:59:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012.07.14 14:44:28 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.07.14 14:41:29 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.14 14:41:19 | 000,001,024 | ---- | C] () -- C:\Users\trancer\Desktop\Optimizer Pro.lnk
[2012.07.14 12:18:48 | 000,002,385 | ---- | C] () -- C:\Users\Public\Desktop\Hyperdesk - DarkMatter Solar Flare.lnk
[2012.07.14 12:16:57 | 000,002,340 | ---- | C] () -- C:\Users\Public\Desktop\Hyperdesk - Star Trek TOS.lnk
[2012.07.14 12:15:20 | 000,002,315 | ---- | C] () -- C:\Users\Public\Desktop\Hyperdesk - Flagship.lnk
[2012.07.14 11:55:40 | 000,002,370 | ---- | C] () -- C:\Users\Public\Desktop\Hyperdesk - DarkMatter Subspace.lnk
[2012.07.14 11:17:11 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.07.14 10:54:42 | 000,001,071 | ---- | C] () -- C:\Users\trancer\Desktop\Sandboxed Web Browser.lnk
[2012.07.14 10:54:40 | 000,001,434 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.07.13 23:13:46 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Startup Sound Changer.lnk
[2012.07.13 23:12:50 | 004,658,750 | ---- | C] () -- C:\Windows\Fusion_S.scr
[2012.07.13 23:12:50 | 000,345,777 | ---- | C] () -- C:\Windows\uninstall Fusion_S.exe
[2012.07.13 22:47:40 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.13 21:14:44 | 000,000,969 | ---- | C] () -- C:\Users\trancer\Desktop\QuickPar.lnk
[2012.07.13 19:32:27 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.13 19:32:20 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012.07.13 19:21:19 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.13 19:18:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.13 19:16:02 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012.07.13 19:15:18 | 000,001,799 | ---- | C] () -- C:\Users\trancer\Desktop\WinSCP.lnk
[2012.07.13 19:08:11 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.07.13 19:07:33 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.13 19:07:33 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.13 19:06:32 | 000,002,297 | ---- | C] () -- C:\Users\trancer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.07.13 18:49:29 | 000,000,600 | ---- | C] () -- C:\Users\trancer\AppData\Roaming\winscp.rnd
[2012.07.13 17:36:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.07.13 17:35:42 | 2415,321,088 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.21 02:30:51 | 000,656,612 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 02:30:51 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 02:30:51 | 000,131,010 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 02:30:51 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

< End of report >

--- --- ---

extras.txt
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 17.07.2012 18:47:59 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\trancer\Downloads
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,73% Memory free
5,99 Gb Paging File | 4,57 Gb Available in Paging File | 76,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 162,32 Gb Total Space | 23,77 Gb Free Space | 14,65% Space Free | Partition Type: NTFS
Drive E: | 303,34 Gb Total Space | 85,83 Gb Free Space | 28,29% Space Free | Partition Type: NTFS
Drive F: | 48,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 2,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TRANCER-PC | User Name: trancer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BD76BA-D62A-47DF-8F72-2FA29731B9AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{05913FC3-5880-4952-B5B9-282370013189}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{06DB9820-DC72-437A-9813-BBD4ED6A7788}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0B5C4F00-2D92-40FE-BE30-6E5564A15875}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{16201CE5-AB63-4673-ADA3-AF117B45F10B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1A03A92A-9C62-41DE-B2BB-2CA7C91048F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1DC4C1CB-686B-4553-A734-69A28E54ABA1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{24F303A4-B0E7-4693-92DF-47AE0212C348}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2BC1A0C5-B761-44FB-9FE5-AF844F475982}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2E546392-CEB2-4413-A564-7948AA053069}" = rport=137 | protocol=17 | dir=out | app=system | 
"{37505A12-FD34-49D5-A545-877CB4B76C36}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4B9EA134-B895-433C-864C-32384D96533B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{74828063-367E-4F04-A747-7421E1ADBB55}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7E60590A-4330-4677-AADD-8D2F23909617}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A2AC84E-EAED-4655-B384-574F7FE2AD48}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{90631884-DC54-4704-8E66-0BB9E05F8B09}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A0A8FFCF-934B-435E-A4AF-93D1CF51FC00}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B60197C8-7AB4-4FE1-997D-D3E52396519F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C7A304B3-C41D-4B8B-8A4E-3B6852D25178}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CD09A485-5022-400A-98AE-28067D169882}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DBC270E6-DF38-4101-991C-6B9D8F371D30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F69E3177-F314-4E91-B730-A3CF3D600BFD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F942B374-C7C6-492C-8EEA-30CA9E0A99ED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A0748B-D033-4281-9E8D-094D76CADEE1}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-hostd.exe | 
"{1B099AB0-160E-4DF8-9980-880AB62A6C37}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1CE172BE-369A-4C42-8A95-47D951E424DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{319109D9-4107-46B3-B637-A23696923E30}" = protocol=17 | dir=in | app=c:\users\trancer\appdata\local\apps\2.0\35q8leak.mry\kb481w7g.b5w\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{47638C62-1602-44D9-8068-8F1795436030}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{52E67D58-5BF2-4FC3-AF92-F822223D04D1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{54969209-544B-408E-B75D-F457D984783A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5903A7C6-4FC7-4AA5-8EAF-94AE76A51044}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{661575E4-39C2-4BA8-BD2B-3877E6F4DA36}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{71450AC1-FDDF-4F10-A89E-DD9AC3C93B9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{748A6C83-DA83-4C65-88DE-5E5C6086D79A}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-hostd.exe | 
"{86801AEC-1E95-48D2-A857-498D75B87797}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8744A947-BC85-468B-B23A-03D5D5DE3D83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88F1C714-4691-452F-80AE-298A8DBD25B2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{8FD13DF5-8A29-466F-BF5E-B5FF885842FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8FFA3ACB-46EF-49C3-A339-A09DB75D2F77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A4659F54-9C34-457B-AA6F-DA89CE863F32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A847B2DE-ACD3-4719-B0B6-D32575B404B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B21F4EF4-9AEA-44AB-9424-46F6BCC34C10}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{B4176977-85F4-4D70-B3C9-E126B7A23D15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B82B9569-45BA-40DB-9887-87EDD56B3F01}" = protocol=6 | dir=out | app=system | 
"{BB8CCD6C-C37E-4951-9DEA-49A3F6323678}" = protocol=6 | dir=in | app=c:\users\trancer\appdata\local\apps\2.0\35q8leak.mry\kb481w7g.b5w\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{CAB7011D-6304-4DFC-B46E-7A6793AA94CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CCFB02BB-3811-40BB-90BB-8BD8E738DC20}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D007911A-8765-4520-9B89-8E9682FF4EC4}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{D3B92A23-256D-49C7-829E-1071D426984F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DD0C7A70-8742-4D23-AEAE-EB304DB62383}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{DE9A9C91-A34C-41CD-B988-8B628A7CEF8E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E1D58AA0-ACDD-460B-9746-A2ED7BBCB60E}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | 
"{F3243BA5-CE20-48ED-8E60-069F7C029C99}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F837017A-84C7-4AE0-8CD6-E0A7491D65E2}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | 
"{FD438D53-79CD-4BA9-84B0-B76E2CC2BB67}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{1209DE8E-19E1-45BD-BDF7-AFC53BEA2A19}" = Hyperdesk - Flagship
"{12EE0B2A-84C6-494E-A7AC-6771E898F6A0}_is1" = HD2 Toolkit Version 4.2
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1D694B58-FEA6-4D60-BB87-BD4A724A0DAE}" = VmciSockets
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20AFAB5E-0631-4A3F-934F-EFC59479A26E}" = Hyperdesk - DarkMatter Subspace
"{239E36CC-B8C6-4580-A55F-D87CEFF1E4BF}" = Hyperdesk - Star Trek TOS
"{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{5CE09320-7745-11D8-B964-00B0D02C43C4}" = MP3 Folders
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCC0865A-F6E3-45E6-A5C8-099BE5AE3247}" = Hyperdesk - DarkMatter Solar Flare
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-7-9-5 (All Users)
"Avira AntiVir Desktop" = Avira Free Antivirus
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Foxit Reader_is1" = Foxit Reader
"Fusion Screensaver" = Fusion Screensaver
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Playlist Creator 3.6.2" = Playlist Creator 3.6.2
"QuickPar" = QuickPar 0.9
"Sandboxie" = Sandboxie 3.72 (32-bit)
"Startup Sound Changer" = Startup Sound Changer
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"VMware_Workstation" = VMware Workstation
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"winscp3_is1" = WinSCP 4.3.8
"Wireshark" = Wireshark 1.8.0 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.07.2012 12:41:55 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.07.2012 12:45:57 | Computer Name = trancer-PC | Source = VSS | ID = 8194
Description = 
 
Error - 13.07.2012 12:46:49 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.07.2012 13:07:36 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.07.2012 15:08:11 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.07.2012 17:10:53 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2012 03:05:56 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2012 04:06:22 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2012 06:40:20 | Computer Name = trancer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2012 09:36:00 | Computer Name = trancer-PC | Source = Application Hang | ID = 1002
Description = Programm WinSCP.exe, Version 4.3.8.1771 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 75c    Startzeit: 
01cd61b438b2c560    Endzeit: 8    Anwendungspfad: C:\Program Files\WinSCP\WinSCP.exe    Berichts-ID:
 d7402f91-cdb8-11e1-b680-0021859ed380  
 
[ System Events ]
Error - 13.07.2012 12:13:54 | Computer Name = trancer-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.07.2012 12:18:50 | Computer Name = trancer-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
Error - 13.07.2012 12:40:24 | Computer Name = trancer-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
Error - 13.07.2012 12:45:07 | Computer Name = trancer-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
Error - 13.07.2012 17:08:12 | Computer Name = trancer-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "Z:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
 
< End of report >

--- --- ---

Mbam

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.17.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
trancer :: TRANCER-PC [Administrator]

Schutz: Aktiviert

17.07.2012 19:17:46
mbam-log-2012-07-17 (19-47-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 269835
Laufzeit: 22 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Larusso · 18.07.2012, 14:07

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.

Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.

Poste bitte die C:\Combofix.txt

halloworld · 18.07.2012, 14:51

combofix log

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-07-16.01 - trancer 17.07.2012  18:26:07.1.4 - x86
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.3071.1627 [GMT 2:00]
ausgeführt von:: c:\users\trancer\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-17 bis 2012-07-17  ))))))))))))))))))))))))))))))
.
.
2012-07-17 16:30 . 2012-07-17 16:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-17 16:02 . 2012-07-17 16:03	--------	d-----w-	c:\program files\Google
2012-07-17 16:02 . 2012-07-17 16:02	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-07-17 16:02 . 2012-07-17 16:02	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-07-17 15:55 . 2012-07-17 16:02	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-17 15:54 . 2012-07-17 15:54	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-17 15:54 . 2012-07-17 15:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-17 15:54 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-17 11:12 . 2012-07-17 11:12	--------	d-----w-	c:\program files\WinPcap
2012-07-17 11:12 . 2012-07-17 11:12	--------	d-----w-	c:\program files\Wireshark
2012-07-17 09:23 . 2012-07-17 09:21	8192	----a-w-	c:\windows\system32\E_DCINST.DLL
2012-07-17 09:23 . 2012-07-17 09:21	63488	----a-w-	c:\windows\system32\E_FD4BGJE.DLL
2012-07-17 09:22 . 2011-08-09 22:00	341504	----a-w-	c:\windows\system32\esw2ud.dll
2012-07-17 09:22 . 2009-10-15 22:00	132560	----a-w-	c:\windows\system32\esdevapp.exe
2012-07-17 09:22 . 2009-10-15 22:00	12800	----a-w-	c:\windows\system32\escdev.dll
2012-07-17 09:22 . 2012-07-17 09:22	--------	d-----w-	c:\program files\epson
2012-07-17 09:16 . 2012-07-17 09:16	--------	d-----w-	c:\program files\Common Files\EPSON
2012-07-17 09:16 . 2012-07-17 09:22	--------	d-----w-	c:\programdata\EPSON
2012-07-17 09:16 . 2008-11-11 16:00	93696	----a-w-	c:\windows\system32\E_FLBGJE.DLL
2012-07-17 09:12 . 2012-07-17 09:12	101248	----a-w-	c:\windows\system32\drivers\avmaudio.sys
2012-07-17 09:12 . 2012-07-17 09:12	32256	----a-w-	c:\windows\system32\MiniInstaller.dll
2012-07-17 06:44 . 2012-07-17 06:45	--------	d-----w-	C:\d3
2012-07-16 18:01 . 2012-07-16 18:01	--------	d-----w-	c:\program files\MSECache
2012-07-16 11:34 . 2012-04-30 18:42	354416	----a-w-	c:\windows\system32\vmnetdhcp.exe
2012-07-16 11:34 . 2012-04-30 18:42	433264	----a-w-	c:\windows\system32\vmnat.exe
2012-07-16 11:34 . 2012-04-30 18:40	25712	----a-w-	c:\windows\system32\drivers\vmnetuserif.sys
2012-07-16 11:34 . 2012-04-30 18:42	783472	----a-w-	c:\windows\system32\vnetlib.dll
2012-07-16 11:34 . 2012-07-17 16:21	--------	d-----w-	c:\programdata\VMware
2012-07-16 11:34 . 2012-07-16 11:34	--------	d-----w-	c:\program files\VMware
2012-07-16 11:33 . 2012-07-16 11:34	--------	d-----w-	c:\program files\Common Files\VMware
2012-07-16 11:11 . 2012-07-16 11:11	--------	d-----w-	c:\program files\uTorrent
2012-07-15 13:32 . 2012-07-16 11:06	--------	d-----w-	C:\Downloads
2012-07-15 13:30 . 2012-07-16 11:04	--------	d-----w-	C:\Cryptload1.1.8
2012-07-14 21:29 . 2011-02-03 12:37	851176	----a-w-	c:\windows\system32\WinUSBCoInstaller2.dll
2012-07-14 21:16 . 2012-07-14 21:16	--------	d-----w-	c:\windows\WindowsMobile
2012-07-14 21:12 . 2012-01-18 13:55	922184	----a-w-	c:\windows\system32\pwNative.exe
2012-07-14 21:12 . 2012-01-18 13:55	16472	------w-	c:\windows\system32\pwdrvio.sys
2012-07-14 21:12 . 2012-01-18 13:55	11104	------w-	c:\windows\system32\pwdspio.sys
2012-07-14 21:12 . 2012-07-14 21:12	--------	d-----w-	c:\program files\MiniTool Partition Wizard Home Edition 7.1
2012-07-14 21:10 . 2012-07-14 21:29	--------	d-----w-	C:\nadja
2012-07-14 20:56 . 2012-07-14 21:03	--------	d-----w-	c:\program files\HD2 Toolkit
2012-07-14 12:49 . 2012-07-14 12:52	--------	d-----w-	C:\m3u
2012-07-14 12:45 . 2012-07-14 12:45	--------	d-----w-	c:\program files\MP3 Folders
2012-07-14 12:44 . 2012-07-14 12:44	237	----a-w-	C:\user.js
2012-07-14 12:41 . 2012-07-14 12:41	--------	d-----w-	c:\program files\Playlist Creator 3.6.2
2012-07-14 12:41 . 2012-07-14 12:41	--------	d-----w-	c:\program files\Optimizer Pro
2012-07-14 10:34 . 2010-02-11 07:10	293376	----a-w-	c:\windows\system32\browserchoice.exe
2012-07-14 09:55 . 2012-07-14 09:55	--------	d-----w-	c:\program files\The Skins Factory
2012-07-14 09:17 . 2012-07-14 09:17	--------	d-----w-	c:\program files\Foxit Software
2012-07-14 08:54 . 2012-07-14 08:54	--------	d-----r-	C:\Sandbox
2012-07-14 08:54 . 2012-07-14 08:54	--------	d-----w-	c:\program files\Sandboxie
2012-07-14 08:52 . 2012-07-15 13:21	--------	d-----w-	C:\auto
2012-07-14 07:13 . 2012-07-14 07:13	--------	d-----w-	C:\glcd
2012-07-13 21:13 . 2012-07-13 21:13	--------	d-----w-	c:\program files\Startup Sound Changer
2012-07-13 21:12 . 2012-07-13 21:12	4658750	----a-w-	c:\windows\Fusion_S.scr
2012-07-13 21:12 . 2012-07-13 21:12	345777	----a-w-	c:\windows\uninstall Fusion_S.exe
2012-07-13 21:11 . 2012-07-13 21:11	--------	d-----w-	c:\windows\BACKUPSSS
2012-07-13 20:47 . 2012-07-13 20:47	--------	d-----r-	c:\program files\Skype
2012-07-13 20:47 . 2012-07-13 20:47	--------	d-----w-	c:\program files\Common Files\Skype
2012-07-13 20:47 . 2012-07-13 20:47	--------	d-----w-	c:\programdata\Skype
2012-07-13 19:14 . 2012-07-13 19:14	--------	d-----w-	c:\program files\QuickPar
2012-07-13 19:12 . 2012-07-13 19:12	--------	d-----w-	c:\windows\W7SBC
2012-07-13 19:12 . 2011-02-25 05:30	2616320	----a-w-	c:\windows\explorer_edit_w7sbc.exe
2012-07-13 19:12 . 2011-02-25 05:30	2616320	----a-w-	c:\windows\explorer_backup_w7sbc.exe
2012-07-13 19:04 . 2009-07-14 01:16	249856	----a-w-	c:\windows\system32\uxtheme.dll.backup
2012-07-13 19:04 . 2010-11-20 21:29	2755072	----a-w-	c:\windows\system32\themeui.dll.backup
2012-07-13 19:04 . 2009-07-14 01:16	37376	----a-w-	c:\windows\system32\themeservice.dll.backup
2012-07-13 17:32 . 2012-07-13 17:32	--------	d-----w-	c:\programdata\Yahoo! Companion
2012-07-13 17:32 . 2012-07-13 20:04	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 17:32 . 2012-07-13 20:04	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-13 17:32 . 2012-07-13 17:32	--------	d-----w-	c:\windows\system32\Macromed
2012-07-13 17:32 . 2012-07-13 17:32	--------	d-----w-	c:\programdata\Yahoo!
2012-07-13 17:30 . 2012-07-13 17:32	--------	d-----w-	c:\program files\Yahoo!
2012-07-13 17:21 . 2012-04-27 08:20	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-07-13 17:21 . 2012-04-24 22:32	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-07-13 17:21 . 2012-04-16 19:17	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-07-13 17:21 . 2012-07-13 17:21	--------	d-----w-	c:\programdata\Avira
2012-07-13 17:21 . 2012-07-13 17:21	--------	d-----w-	c:\program files\Avira
2012-07-13 17:18 . 2007-04-09 14:23	28552	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2012-07-13 17:18 . 2007-04-09 14:23	28040	----a-w-	c:\windows\system32\mdimon.dll
2012-07-13 17:15 . 2012-07-13 17:15	231760	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2012-07-13 17:09 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-07-13 17:09 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-07-13 17:09 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-07-13 17:09 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-07-13 17:09 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-07-13 17:09 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-07-13 17:09 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-07-13 17:09 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-07-13 17:09 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-07-13 17:07 . 2012-07-13 17:07	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-07-13 16:54 . 2012-07-13 16:54	--------	d-----w-	c:\windows\PCHEALTH
2012-07-13 16:49 . 2012-07-13 17:15	--------	d-----w-	c:\program files\WinSCP
2012-07-13 16:45 . 2012-07-13 17:04	--------	d-----w-	c:\program files\Theme Resource Changer
2012-07-13 16:41 . 2012-07-14 09:50	--------	d-----w-	C:\themes
2012-07-13 16:31 . 2012-07-13 17:15	--------	d-----w-	c:\program files\TrueCrypt
2012-07-13 16:28 . 2012-07-13 17:04	--------	d-----w-	c:\program files\F-Secure
2012-07-13 16:27 . 2012-07-13 16:30	--------	d-----w-	c:\programdata\F-Secure
2012-07-13 16:24 . 2012-07-13 16:24	--------	d-----w-	c:\program files\G DATA Software
2012-07-13 16:24 . 2012-07-13 16:24	--------	d--h--w-	c:\program files\InstallShield Installation Information
2012-07-13 16:01 . 2012-07-13 16:40	--------	d-----w-	c:\programdata\G DATA
2012-07-13 16:01 . 2012-07-13 16:40	--------	d-----w-	c:\program files\Common Files\G Data
2012-07-13 16:01 . 2012-07-13 16:16	--------	d-----w-	c:\program files\G Data
2012-07-13 15:46 . 2012-07-13 17:08	--------	d-----w-	c:\program files\MozBackup
2012-07-13 15:44 . 2012-07-13 15:44	--------	d-----w-	c:\programdata\RoboForm
2012-07-13 15:43 . 2012-07-13 15:43	--------	d-----w-	c:\program files\Siber Systems
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 19:04 . 2009-07-13 23:40	249856	----a-w-	c:\windows\system32\uxtheme.dll
2012-07-13 19:04 . 2010-11-20 21:29	2755072	----a-w-	c:\windows\system32\themeui.dll
2012-07-13 19:04 . 2009-07-13 23:39	37376	----a-w-	c:\windows\system32\themeservice.dll
2012-06-02 13:57 . 2012-06-02 13:57	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-06-02 13:57 . 2012-06-02 13:57	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-06-02 13:57 . 2012-06-02 13:57	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-06-02 13:57 . 2012-06-02 13:57	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-06-02 13:57 . 2012-06-02 13:57	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-06-02 13:57 . 2012-06-02 13:57	367104	----a-w-	c:\windows\system32\html.iec
2012-06-02 13:57 . 2012-06-02 13:57	161792	----a-w-	c:\windows\system32\msls31.dll
2012-06-02 13:57 . 2012-06-02 13:57	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-06-02 13:57 . 2012-06-02 13:57	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-06-02 13:57 . 2012-06-02 13:57	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-06-02 13:57 . 2012-06-02 13:57	152064	----a-w-	c:\windows\system32\wextract.exe
2012-06-02 13:57 . 2012-06-02 13:57	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-06-02 13:57 . 2012-06-02 13:57	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-06-02 13:57 . 2012-06-02 13:57	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-06-02 13:57 . 2012-06-02 13:57	11776	----a-w-	c:\windows\system32\mshta.exe
2012-06-02 13:57 . 2012-06-02 13:57	101888	----a-w-	c:\windows\system32\admparse.dll
2012-05-14 23:43 . 2012-06-12 17:05	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{03875BE7-95D6-4878-8E5D-AD13B66E0AD0}\mpengine.dll
2012-05-04 09:59 . 2012-06-12 17:05	514560	----a-w-	c:\windows\system32\qdvd.dll
2012-05-01 04:44 . 2012-06-12 17:05	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-04-30 18:42 . 2012-04-30 18:42	55664	----a-w-	c:\windows\system32\drivers\vmx86.sys
2012-04-30 16:26 . 2012-04-30 16:26	252016	----a-w-	c:\windows\system32\vmnc.dll
2012-04-30 15:22 . 2012-04-30 15:22	55408	----a-w-	c:\windows\system32\vmnetbridge.dll
2012-04-30 15:22 . 2012-04-30 15:22	49776	----a-w-	c:\windows\system32\vnetinst.dll
2012-04-30 15:22 . 2012-04-30 15:22	36464	----a-w-	c:\windows\system32\drivers\vmnetbridge.sys
2012-04-30 15:22 . 2012-04-30 15:22	19568	----a-w-	c:\windows\system32\drivers\vmnet.sys
2012-04-30 15:22 . 2012-04-30 15:22	16624	----a-w-	c:\windows\system32\drivers\vmnetadapter.sys
2012-04-28 04:41 . 2012-06-12 17:05	919040	----a-w-	c:\windows\system32\rdpcorets.dll
2012-04-28 03:17 . 2012-06-12 17:05	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-12 17:05	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-12 17:05	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-12 17:05	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-12 17:05	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 17:05	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 17:05	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-14 22:19 . 2012-07-13 17:07	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-13 109336]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 466704]
"Optimizer Pro"="c:\program files\Optimizer Pro\OptProLauncher.exe" [2012-06-10 79664]
"AVMUSBFernanschluss"="c:\users\trancer\AppData\Local\Apps\2.0\35Q8LEAK.MRY\KB481W7G.B5W\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2012-07-17 147456]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 3906432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2012-04-30 103536]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-12 91136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSI4A8.tmp [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 20:04]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-17 16:02]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-17 16:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{BBEF4F6B-4277-469E-84E1-569596CE249C}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\trancer\AppData\Roaming\Mozilla\Firefox\Profiles\bp19d5zo.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSI4A8.tmp\" -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5768)
c:\program files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
.
Zeit der Fertigstellung: 2012-07-17  18:32:13
ComboFix-quarantined-files.txt  2012-07-17 16:32
.
Vor Suchlauf: 14 Verzeichnis(se), 25.815.445.504 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 25.462.226.944 Bytes frei
.
- - End Of File - - D771D041D3487328F756216599BA42F7

--- --- ---

Larusso · 18.07.2012, 16:58

Hab ich iwas erwähnt, dass du Combofix laufen lassen sollst ?

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Larusso · 23.07.2012, 18:42

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei

Plagegeister aller Art und deren Bekämpfung: Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei