Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
OTL Logfiles auswertung nach virusschäden

OTL Logfiles auswertung nach virusschäden


Log-Analyse und Auswertung: OTL Logfiles auswertung nach virusschäden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 26.11.2012, 01:22   #1
Smoky983
 
OTL Logfiles auswertung nach virusschäden - Standard

OTL Logfiles auswertung nach virusschäden


Zu meinem einstand bei euch erstmal ein Hallo an alle

Ich habe ein Pronlem mit meinem Rechner, ich habe mal von einem Freund ein EBook bekommen und wollte, da ich lange danach gesucht habe, es auch sogleich von dem Stick auf meinem Rechner ziehen. Leider habe ich diesen nicht vorher vom Antivirenprogramm scannen lassen
Was sich auch gleich rechte.
Denn am Tag darauf sprang mein Scanner an, wie jeden Tag und BAMM hatt er angeschlagen.
Mir war auch sofort klar woher.
ich Scannte also den Stick und wie sollte es auch sein auf dem Scheiß Stick habe ich rein zufällig die selbe Seuche gehabt.
Naja was tat ich, alles bereinigen.
Leider habe ich seit der Infizierung mein Baby schon wieder neu gestartet somit hatte ich durch einmal nicht aufgepasst gleich drei Dumheiten mit einmal begangen und die Seuche konnte schon mal ein wenig unheil Anrichten "tolles Ü.-Ei".
Nun denn, nach den Scans beseitigte ich den mist vom Rechner und Stick und ich hatte bis dahin keine Probleme.
Ich hoffte das nicht viel Schaden angerichtet wurde und es sa auch erstmal supi aus. Ich hatte erstmal keine Probleme bis, ich ihn dann runterfahren wollte. Bei der Abmeldung dauerte es erstmal bestimmt 5 Minuten und ich dachte schon das er sich aufgehangen hatte, doch dann passierte was kurzer Bluescreen blingte auf und Mein Rechner startete neu.
Meine Fresse dachte ich, da hab ich also den Salat und zu meiner Freude hat mein Internet auch nicht mehr funktioniert.
Ich muss dazu sagen ich gehe mit einem Stick von Blau.de on, das Programm auf dem Stick ist der XS Manager.
Das mit dem Verbindungsfehler habe ich schon wieder hinbekommen aber ich habe zwei datein mit der Bezeichnung Desktop.ini auf dem Desktop. Davon geht eine zu öffnen und bei der anderen wird mir der zugriff verweigert. In der geöffnetten Datei steht dann dieses hier:

[LocalizedFileNames]
Backup and Restore Center.lnk=@%systemroot%\system32\sdcpl.dll,-101
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

Ich weiß nicht was noch an Schäden sind aber ich sende mal ein Logfile von OTL mit ich hoffe das mir jemand behilflich sein kann.


Logfile OTL:

OTL logfile created on: 26.11.2012 00:15:59 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Smokes-one\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 5,70 Gb Available Physical Memory | 71,24% Memory free
15,99 Gb Paging File | 13,27 Gb Available in Paging File | 82,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,66 Gb Total Space | 292,56 Gb Free Space | 64,21% Space Free | Partition Type: NTFS
Drive D: | 4,38 Gb Total Space | 4,24 Gb Free Space | 96,96% Space Free | Partition Type: UDF
Drive E: | 465,76 Gb Total Space | 2,17 Gb Free Space | 0,47% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 0,01 Gb Free Space | 0,31% Space Free | Partition Type: FAT32

Computer Name: SMOKES-ONE-PC | User Name: Smokes-one | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.22 15:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Smokes-one\Downloads\OTL.exe
PRC - [2012.11.10 12:21:32 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012.10.27 20:29:14 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.10.13 18:53:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.05.22 12:10:22 | 000,243,776 | ---- | M] (Comvigo, Inc.) -- C:\Windows\SysWOW64\qimlsrv.exe
PRC - [2011.03.21 01:42:48 | 000,096,320 | ---- | M] (Comvigo, Inc.) -- C:\Windows\SysWOW64\dsrviml.exe
PRC - [2010.06.25 17:37:32 | 000,160,992 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2010.06.25 17:37:28 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2010.04.27 14:42:51 | 001,531,560 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\XSManager\XSManager.exe
PRC - [2010.04.22 12:59:36 | 000,339,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe
PRC - [2010.04.07 10:30:22 | 001,146,440 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2010.03.31 15:06:52 | 001,499,720 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2010.03.31 15:06:48 | 000,963,144 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2010.03.31 15:06:48 | 000,410,696 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.10 12:21:32 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012.10.27 20:29:13 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt32.dll
MOD - [2010.06.22 18:48:58 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgDetection.dll
MOD - [2010.04.27 14:42:55 | 000,183,976 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGSMSPCClient.Dll
MOD - [2010.04.27 14:42:54 | 000,048,808 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgDriverInstall.dll
MOD - [2010.04.27 14:42:54 | 000,028,328 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGDriverInstallX.Dll
MOD - [2010.04.27 14:42:49 | 000,020,136 | ---- | M] () -- C:\Program Files (x86)\XSManager\4GSystems_WTGSMSPCClientGer.dll
MOD - [2010.04.27 14:42:46 | 000,896,680 | ---- | M] () -- C:\Program Files (x86)\XSManager\4GSystems_OneClickAssistantGer.dll
MOD - [2010.04.12 17:59:40 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgCore.dll
MOD - [2010.04.12 17:59:28 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgBluetooth.dll
MOD - [2010.04.12 17:59:24 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgDialup.dll
MOD - [2010.04.12 17:59:18 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgDatabase.dll
MOD - [2010.04.12 17:59:14 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgPorts.dll
MOD - [2010.04.12 17:59:10 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgUtil.dll
MOD - [2010.04.12 17:59:04 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGDebugs.dll
MOD - [2010.01.30 01:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009.12.08 11:22:58 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGXMLUtil.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.01.10 15:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV - [2012.11.10 12:21:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.27 20:29:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.21 18:30:21 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.13 18:53:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.25 17:37:28 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010.04.22 12:59:36 | 000,339,016 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2010.04.16 04:08:54 | 001,666,096 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2010.04.07 10:30:22 | 001,146,440 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2010.03.31 15:06:48 | 000,410,696 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.15 10:23:40 | 001,778,336 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.24 21:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS64.exe -- (DfSdkS)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.11.25 19:07:50 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2012.09.23 13:53:35 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2012.09.03 12:35:05 | 000,040,392 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.09.03 12:35:02 | 000,057,288 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.09.03 12:34:58 | 000,049,096 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.09.03 12:34:44 | 000,084,936 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.09.03 12:34:43 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.04.18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.01.10 15:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011.12.19 22:49:22 | 000,637,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorS.sys -- (iaStorS)
DRV:64bit: - [2011.12.13 18:44:16 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011.12.01 10:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.12.01 10:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.11.24 23:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011.10.17 15:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.08.26 04:08:54 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2011.08.26 04:08:52 | 000,562,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2011.08.11 07:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.03.15 10:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm)
DRV:64bit: - [2010.03.15 10:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic)
DRV:64bit: - [2010.03.15 10:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt)
DRV:64bit: - [2010.03.15 10:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex)
DRV:64bit: - [2010.03.15 10:38:46 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5)
DRV:64bit: - [2010.03.15 10:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:64bit: - [2010.03.15 10:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.06 11:26:06 | 000,235,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009.09.19 05:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009.09.19 05:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.09.19 05:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009.07.23 08:07:36 | 000,096,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.12.19 03:25:34 | 000,122,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts)
DRV:64bit: - [2008.12.19 03:23:30 | 000,068,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial)
DRV:64bit: - [2008.05.16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV:64bit: - [2008.05.16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV - [2012.11.25 16:18:26 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E8E51D67-4FFA-44E4-A01E-C5F3FE4FA8A3}
IE:64bit: - HKLM\..\SearchScopes\{E8E51D67-4FFA-44E4-A01E-C5F3FE4FA8A3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {E8E51D67-4FFA-44E4-A01E-C5F3FE4FA8A3}
IE - HKLM\..\SearchScopes\{E8E51D67-4FFA-44E4-A01E-C5F3FE4FA8A3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {E8E51D67-4FFA-44E4-A01E-C5F3FE4FA8A3}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "213.42.124.114"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "213.42.124.114"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "213.42.124.114"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "213.42.124.114"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.openintab: false

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Smokes-one\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 20:29:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 20:29:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.09.03 18:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Smokes-one\AppData\Roaming\mozilla\Extensions
[2012.11.23 09:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Smokes-one\AppData\Roaming\mozilla\Firefox\Profiles\gbvbhhkr.default\extensions
[2012.11.23 09:45:20 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Smokes-one\AppData\Roaming\mozilla\firefox\profiles\gbvbhhkr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.10.27 20:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.27 20:29:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 2016
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{987ECD16-26A5-42F4-B804-94519DC1459C}: NameServer = 212.23.97.2 212.23.97.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7BFF06B-3B4B-4284-9DAF-DE2BCA711659}: DhcpNameServer = 139.7.30.125 139.7.30.126
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.09.03 12:49:15 | 000,000,000 | RH-- | M] () - D:\autorun.wbcat -- [ UDF ]
O32 - AutoRun File - [2012.09.03 12:49:15 | 000,000,135 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0923b36d-f917-11e1-8662-50e5499af0ea}\Shell - "" = AutoRun
O33 - MountPoints2\{0923b36d-f917-11e1-8662-50e5499af0ea}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{2a38df85-f5b7-11e1-b26f-50e5499af0ea}\Shell - "" = AutoRun
O33 - MountPoints2\{2a38df85-f5b7-11e1-b26f-50e5499af0ea}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{89d4acbf-057c-11e2-8ea9-50e5499af0ea}\Shell - "" = AutoRun
O33 - MountPoints2\{89d4acbf-057c-11e2-8ea9-50e5499af0ea}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\{cf50b337-03d2-11e2-b2f1-50e5499af0ea}\Shell - "" = AutoRun
O33 - MountPoints2\{cf50b337-03d2-11e2-b2f1-50e5499af0ea}\Shell\AutoRun\command - "" = L:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.25 19:08:05 | 000,312,544 | R--- | C] (4G Systems GmbH & Co. KG) -- C:\windows\updater4g.exe
[2012.11.25 19:08:04 | 000,160,992 | R--- | C] (4G Systems GmbH & Co. KG) -- C:\windows\starter4g.exe
[2012.11.25 19:08:04 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\AppData\Roaming\XSManager
[2012.11.25 19:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager
[2012.11.25 19:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XSManager
[2012.11.25 19:04:28 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\AppData\Local\MigWiz
[2012.11.21 19:55:44 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012.11.20 20:59:39 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.11.20 20:59:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.11.20 20:59:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.11.20 20:59:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.11.20 20:59:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.11.20 20:59:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.11.20 20:59:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.11.20 20:59:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.11.20 20:59:37 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.11.20 20:59:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.11.20 20:59:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.11.20 20:59:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.11.20 20:59:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.11.20 20:59:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.11.20 20:59:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012.11.17 16:19:41 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012.11.17 16:19:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012.11.17 15:31:01 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012.11.17 15:31:01 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2012.11.17 15:03:24 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012.11.17 15:03:24 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012.11.17 15:03:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2012.11.17 14:57:38 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012.11.17 14:57:38 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012.11.17 14:57:38 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012.11.17 14:57:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2012.11.17 14:57:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012.11.17 14:57:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012.11.17 01:26:20 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012.11.17 01:26:20 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012.11.17 01:26:20 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012.11.17 01:26:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012.11.08 22:50:26 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\Desktop\PdaNet 3.5 with Key
[2012.11.08 22:46:40 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\Desktop\Manhunt.2-RELOADED
[2012.11.07 19:20:50 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\AppData\Roaming\Unity
[2012.11.07 19:17:31 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\AppData\Local\Unity
[2012.11.04 17:28:11 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\Documents\Ubisoft
[2012.11.04 17:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012.11.04 15:48:27 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\AppData\Local\DownTango
[2012.11.04 15:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2012.11.02 23:48:16 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\Documents\WBGames
[2012.11.02 23:47:27 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_2.dll
[2012.11.02 23:47:26 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_3.dll
[2012.11.02 23:47:25 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_5.dll
[2012.11.02 23:47:20 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_4.dll
[2012.11.02 23:47:15 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_3.dll
[2012.11.02 23:46:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\WBGames
[2012.11.02 23:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
[2012.11.02 22:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WB Games
[2012.11.02 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\AppData\Local\Electronic Arts
[2012.11.02 18:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012.11.02 18:14:16 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_4.dll
[2012.11.02 18:14:16 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_4.dll
[2012.11.02 18:14:12 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll
[2012.11.02 18:14:12 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll
[2012.11.02 18:14:10 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_3.dll
[2012.11.02 18:14:10 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_3.dll
[2012.11.02 18:14:09 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_2.dll
[2012.11.02 18:14:09 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_2.dll
[2012.11.02 18:14:07 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_2.dll
[2012.11.02 18:14:07 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_2.dll
[2012.11.02 18:14:05 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll
[2012.11.02 18:14:05 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll
[2012.11.02 18:14:03 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll
[2012.11.02 18:14:03 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll
[2012.11.02 18:13:43 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll
[2012.11.02 18:13:43 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll
[2012.11.02 18:13:41 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll
[2012.11.02 18:13:41 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll
[2012.11.02 18:13:41 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll
[2012.11.02 18:13:41 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll
[2012.11.02 18:13:39 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll
[2012.11.02 18:13:39 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll
[2012.11.02 18:13:37 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll
[2012.11.02 18:13:37 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll
[2012.11.02 18:13:34 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll
[2012.11.02 18:13:34 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll
[2012.11.02 18:13:32 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll
[2012.11.02 18:13:32 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll
[2012.11.02 18:13:30 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll
[2012.11.02 18:13:30 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll
[2012.11.02 18:13:28 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll
[2012.11.02 18:13:28 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll
[2012.10.29 16:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.10.29 16:05:39 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\windows\SysNative\DfSdkBt.exe
[2012.10.29 16:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2012.10.27 20:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.19 13:55:36 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe96D5.dll

========== Files - Modified Within 30 Days ==========

[2012.11.25 23:29:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.11.25 23:10:55 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.11.25 23:10:55 | 000,653,928 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.11.25 23:10:55 | 000,615,810 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.11.25 23:10:55 | 000,129,800 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.11.25 23:10:55 | 000,106,190 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.11.25 23:00:39 | 000,024,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.25 23:00:39 | 000,024,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.25 19:07:53 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\XSManager.lnk
[2012.11.25 19:07:50 | 000,133,120 | ---- | M] (C-motech Co.,Ltd.) -- C:\windows\SysNative\drivers\cm_netamd.sys
[2012.11.25 19:07:50 | 000,118,272 | ---- | M] (C-motech Co.,Ltd.) -- C:\windows\SysNative\drivers\cm_seramd.sys
[2012.11.25 19:07:50 | 000,117,888 | ---- | M] (Mobile Connector) -- C:\windows\SysNative\drivers\cmnsusbser.sys
[2012.11.25 19:07:50 | 000,112,640 | ---- | M] (C-motech Co.,Ltd.) -- C:\windows\SysNative\drivers\cm_net32.sys
[2012.11.25 19:07:50 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) -- C:\windows\SysNative\drivers\cm_ser32.sys
[2012.11.25 19:07:50 | 000,101,056 | ---- | M] () -- C:\windows\SysNative\drivers\dvb_nova_12mhz_b0.inp
[2012.11.25 19:07:50 | 000,092,456 | ---- | M] () -- C:\windows\SysNative\drivers\isdbt_nova_12mhz_b0.inp
[2012.11.25 19:07:50 | 000,079,036 | ---- | M] () -- C:\windows\SysNative\drivers\tdmb_nova_12mhz_b0.inp
[2012.11.25 19:07:50 | 000,063,648 | ---- | M] (Siano) -- C:\windows\SysNative\drivers\smsbda.sys
[2012.11.25 19:07:50 | 000,000,040 | ---- | M] () -- C:\windows\SysNative\drivers\smsbda.cfg
[2012.11.25 18:52:30 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2012.11.25 18:52:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.11.25 18:52:19 | 2145,447,935 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.25 16:49:05 | 000,378,848 | ---- | M] () -- C:\Users\Smokes-one\Documents\diagnose XS Manager Fehler628.htm
[2012.11.25 16:18:26 | 000,106,224 | ---- | M] (G Data Software) -- C:\windows\SysWow64\drivers\GRD.sys
[2012.11.22 22:07:43 | 000,004,551 | ---- | M] () -- C:\Users\Smokes-one\Documents\UDF1_DVD.nru
[2012.11.22 10:58:47 | 000,000,894 | ---- | M] () -- C:\Users\Smokes-one\Documents\veränderrung.rtf
[2012.11.22 01:09:28 | 574,253,453 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012.11.19 22:50:54 | 000,007,597 | ---- | M] () -- C:\Users\Smokes-one\AppData\Local\Resmon.ResmonCfg
[2012.11.17 17:39:26 | 000,416,312 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.11.14 12:23:37 | 000,000,014 | ---- | M] () -- C:\end
[2012.11.10 12:21:32 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.11.10 12:21:32 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.04 17:27:50 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\Tom Clancy's Rainbow Six Vegas.lnk
[2012.11.02 23:16:36 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\F.E.A.R. Ultimate Shooter Edition - F.E.A.R 2.lnk
[2012.11.02 18:32:00 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\Harry Potter und der Halbblut-Prinz™.lnk
[2012.10.29 16:05:44 | 000,002,293 | ---- | M] () -- C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO2012).lnk
[2012.10.29 16:05:43 | 000,001,263 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 2012.lnk
[2012.10.29 01:50:59 | 000,000,377 | ---- | M] () -- C:\Users\Smokes-one\Documents\Rechner gescannt3.rtf

========== Files Created - No Company Name ==========

[2012.11.25 19:08:04 | 000,000,040 | ---- | C] () -- C:\windows\SysNative\drivers\smsbda.cfg
[2012.11.25 19:07:53 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\XSManager.lnk
[2012.11.25 16:49:14 | 000,065,536 | ---- | C] () -- C:\windows\SysNative\Ikeext.etl
[2012.11.25 16:49:03 | 000,378,848 | ---- | C] () -- C:\Users\Smokes-one\Documents\diagnose XS Manager Fehler628.htm
[2012.11.22 22:07:43 | 000,004,551 | ---- | C] () -- C:\Users\Smokes-one\Documents\UDF1_DVD.nru
[2012.11.22 10:58:47 | 000,000,894 | ---- | C] () -- C:\Users\Smokes-one\Documents\veränderrung.rtf
[2012.11.21 19:55:40 | 574,253,453 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012.11.20 17:44:52 | 2145,447,935 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.17 16:19:42 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 01:26:20 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.04 17:27:50 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\Tom Clancy's Rainbow Six Vegas.lnk
[2012.11.04 15:48:08 | 000,000,014 | ---- | C] () -- C:\end
[2012.11.02 23:16:36 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\F.E.A.R. Ultimate Shooter Edition - F.E.A.R 2.lnk
[2012.11.02 18:32:00 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\Harry Potter und der Halbblut-Prinz™.lnk
[2012.10.29 16:05:44 | 000,002,293 | ---- | C] () -- C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO2012).lnk
[2012.10.29 16:05:43 | 000,001,263 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 2012.lnk
[2012.10.29 02:39:37 | 000,007,597 | ---- | C] () -- C:\Users\Smokes-one\AppData\Local\Resmon.ResmonCfg
[2012.10.29 01:50:59 | 000,000,377 | ---- | C] () -- C:\Users\Smokes-one\Documents\Rechner gescannt3.rtf
[2012.10.13 18:53:28 | 000,189,248 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012.10.13 18:53:22 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012.04.18 10:50:20 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.04.18 10:47:39 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012.04.18 10:47:39 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012.04.18 10:47:39 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.04.18 10:23:31 | 000,000,032 | ---- | C] () -- C:\windows\CD_Start.INI
[2012.04.18 10:19:43 | 000,085,761 | ---- | C] () -- C:\windows\SysWow64\tnblf.exe
[2011.05.22 14:09:18 | 000,019,624 | ---- | C] () -- C:\windows\SysWow64\winiml.dat
[2011.05.22 14:09:18 | 000,019,624 | ---- | C] () -- C:\ProgramData\winiml.dat
[2011.05.22 14:09:18 | 000,019,624 | ---- | C] () -- C:\ProgramData\iml.xml
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


Wegen dem Internet Stick bin ich mal der Meinung das etwas in der Registry gelöscht wurde, denn nach Neuinstallation funzte es wieder bisher fehlerfrei. Also bin ich der Annahme das die Schadsoftware in der Regisrty rumgegeistert ist.

Ich bedanke mich schon mal im vorraus !!!

Smoky983

Alt 26.11.2012, 08:24   #2
Psychotic
/// Malwareteam
 
OTL Logfiles auswertung nach virusschäden - Standard

OTL Logfiles auswertung nach virusschäden


Zitat:
C:\Users\Smokes-one\Desktop\PdaNet 3.5 with Key

Wer geklaute Software einsetzt, braucht sich über Virusschäden nicht zu wundern!




Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren.

Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malwaredateien )
Dies ist einer der Hauptursachen für Infektionen.

Ausserdem sind Cracks, Keygens, usw. illegal und das ist genauso Diebstahl wie in einem Laden.
Darum haben wir uns darauf geeinigt:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems
__________________

__________________
Alt 26.11.2012, 13:25   #3
Smoky983
 
OTL Logfiles auswertung nach virusschäden - Icon16

OTL Logfiles auswertung nach virusschäden


HO HO HO, da muss ich erstmal ein dickes fettes Veto einlegen. Denn der PDA-NET ist nicht Illegal erworben !!! Da ich ihn anfangs als "freeware" auf meinem Rechner geladen hatte und nach 14 Tagen wurde der Dienst eingestell und mir wurde der Key, zur freischaltung der Vollversion gegen einen Aufpreis, angeboten. Dieses angebot nahm ich dann auch an und bekam den Key dann auch zugesand. Den Download von Programm und Key legte ich dann in einem Extraordner auf dem Desktop an. Da ich bemerkte, dass mir PDA-Net auf dem Handy sämtliche Interneteinstellungen verstellte, sogar so doll dass ich mein Handy wieder auf Werkseinstelungen resetten musste. Also löschte ich es wieder, da ich aber dafür bezahlt habe, habe ich installationsdatei und Key auf dem Rechner gelassen.
Es wäre ganz nett wenn mir dennoch geholfen wird.
__________________
Antwort

Themen zu OTL Logfiles auswertung nach virusschäden
adobe, antivirus, aufgehangen, autorun, bho, bluescreen, desktop.ini, explorer, firefox, firewall, flash player, format, freude, helper, home, internet, logfile, mozilla, nodrives, nvidia, nvidia update, programm, programme, registry, scan, security, senden, software, stick, vdeck.exe, verbindungsfehler, windows


« Bei mir jetzt auch: http://ad.adserverplus.com/ mit Firefox | System Progressive Protection! 8 Infektionen gefunden! Windows 8 Pro! »


Ähnliche Themen: OTL Logfiles auswertung nach virusschäden


  1. GUV Trojaner / Auswertung OTL logfiles
    Log-Analyse und Auswertung - 26.02.2013 (24)
  2. GVU-Trojaner Logfiles Auswertung
    Log-Analyse und Auswertung - 30.07.2012 (4)
  3. Hätte gerne eine Auswertung meiner HJT-logfiles und meiner OTL+Extras-logfiles
    Log-Analyse und Auswertung - 26.07.2012 (15)
  4. BKA Trojaner 3.04 // Auswertung von Logfiles
    Log-Analyse und Auswertung - 08.05.2012 (33)
  5. Trojaner TR/crypt-xpack.gen3 Auswertung Logfiles nach Bearbeitung durch Malwarebytes
    Log-Analyse und Auswertung - 30.03.2012 (10)
  6. otl logfiles auswertung
    Log-Analyse und Auswertung - 18.03.2012 (6)
  7. Auswertung des Logfiles von Malwarebytes
    Log-Analyse und Auswertung - 07.01.2012 (5)
  8. Auswertung meines Logfiles nach Trojaner
    Log-Analyse und Auswertung - 16.12.2010 (4)
  9. Bitte um Auswertung meiner Logfiles nach der Anwendung der Tools
    Plagegeister aller Art und deren Bekämpfung - 17.11.2010 (1)
  10. Auswertung eines HijackThis Logfiles
    Log-Analyse und Auswertung - 01.07.2010 (8)
  11. Auswertung der Logfiles
    Log-Analyse und Auswertung - 31.05.2010 (1)
  12. auswertung der logfiles
    Mülltonne - 16.11.2008 (0)
  13. Bitte um auswertung des logfiles
    Mülltonne - 22.07.2008 (0)
  14. Bitte um Auswertung des Logfiles
    Log-Analyse und Auswertung - 17.12.2007 (11)
  15. Auswertung eines logfiles
    Log-Analyse und Auswertung - 02.05.2006 (4)
  16. Bitte um Auswertung des Logfiles
    Log-Analyse und Auswertung - 24.08.2005 (4)
  17. Bitte um auswertung des Logfiles!!!
    Log-Analyse und Auswertung - 11.11.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema OTL Logfiles auswertung nach virusschäden - Zu meinem einstand bei euch erstmal ein Hallo an alle Ich habe ein Pronlem mit meinem Rechner, ich habe mal von einem Freund ein EBook bekommen und wollte, da ich - OTL Logfiles auswertung nach virusschäden...
Archiv
Du betrachtest: OTL Logfiles auswertung nach virusschäden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58