Achtung! ... Windowssystem blockiert.

Roderic_Sch · 05.02.2012, 00:08

Hallo Leute,

Ich hab mir den "Achtung! ... Windows wird gesperrt" - Schädling auch eingefangen.

(Ist das WLAN abgeschaltet, habe ich wieder kontrolle)

Wie in "Für alle Hilfesuchenden! ..." beschrieben habe ich logs generiert (dds und otl) Attach.txt und Extras.txt liegen in einem Archiev bei:

Code:

ATTFilter

.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_26
Run by *** at 20:37:25 on 2012-02-04
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3957.2672 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://gbt.toolbarhome.com/?hp=df
mWinlogon: Userinit=userinit.exe
BHO: GameBox Toolbar: {0fef2d2c-cda6-45e4-b2ed-9df7c50c95ff} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: GameBox Toolbar: {0fef2d2c-cda6-45e4-b2ed-9df7c50c95ff} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
uRun: [Google Update] "C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Firefox helper] C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
StartupFolder: C:\Users\FRIEDR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76} : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3536867757C6 : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3536867757C6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3575C414E4 : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\3575C414E4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\5416379724F687D2637324134393 : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}\5416379724F687D2637324134393 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9D958B33-6A54-4D8A-BA07-B7813E7A9442} : NameServer = 156.154.70.25,156.154.71.25
Handler: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs:  C:\Windows\SysWOW64\guard32.dll
LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
{074C1DC5-9320-4A9A-947D-C042949C6216}
{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}
{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
AppInit_DLLs-X64:  C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qho5ph94.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\***\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-6-10 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-6-10 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-28 366640]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2010-1-22 32256]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-17 2337144]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-10 2314240]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CLNUIDriver;CLNUIDriver;C:\Windows\system32\DRIVERS\CLNUIDriver.sys --> C:\Windows\system32\DRIVERS\CLNUIDriver.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\RpcAgentSrv.exe [2012-2-4 95896]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
.
=============== Created Last 30 ================
.
2012-02-04 19:07:53	--------	d-----w-	C:\Program Files\SiSoftware
2012-01-22 19:30:07	--------	d-----w-	C:\Program Files (x86)\Poedit
2012-01-22 19:26:10	--------	d-----w-	C:\Program Files (x86)\DealPly
2012-01-22 19:25:59	--------	d-----w-	C:\Program Files (x86)\Zip Uncompressor
2012-01-22 19:24:06	--------	d-----w-	C:\Users\***\Zip Uncompressor
2012-01-06 19:18:17	626688	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-06 19:18:17	548864	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-06 19:18:17	479232	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-06 19:18:17	43992	----a-w-	C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
.
==================== Find3M  ====================
.
2012-01-14 14:31:40	414368	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-26 05:10:32	330240	----a-w-	C:\Windows\PICSUninstall.exe
2011-11-28 14:30:48	868848	----a-w-	C:\Windows\System32\drivers\sptd.sys
2011-11-19 11:14:54	43680	----a-w-	C:\Windows\System32\drivers\lirsgt.sys
2011-11-19 11:14:54	314016	----a-w-	C:\Windows\System32\drivers\atksgt.sys
2011-06-29 15:45:07	11776	----a-w-	C:\Program Files (x86)\pixie.exe
2007-08-27 16:15:56	244736	----a-w-	C:\Program Files (x86)\JRuler.exe
.
============= FINISH: 20:37:51,08 ===============

Code:

ATTFilter

.
OTL logfile created on: 04.02.2012 23:08:26 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 67,53% Memory free
7,73 Gb Paging File | 6,27 Gb Available in Paging File | 81,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 154,83 Gb Total Space | 64,49 Gb Free Space | 41,65% Space Free | Partition Type: NTFS
Drive D: | 143,16 Gb Total Space | 15,10 Gb Free Space | 10,54% Space Free | Partition Type: NTFS
 
Computer Name: ***S-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe ()
PRC - C:\Program Files (x86)\Hotkey\Hotkey.exe ()
PRC - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ab4c31d3ee3773fda080f88a55ee9f2e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\02fce62e54341c77819608d4c374a1fe\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cd5d6686dd65a70df2bb47350e5565f2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d4e82d7d148d82bec5a0099f8c0a9d7c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9ee802cb15f227c3f5e404344241063a\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\033c4be35e173939c647b9eab467f3ba\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\fe70d777535c215f4fe9f9def2b4c815\mscorlib.ni.dll ()
MOD - C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe ()
MOD - C:\Program Files (x86)\Hotkey\Hotkey.exe ()
MOD - C:\Program Files (x86)\Hotkey\Audiodll.dll ()
MOD - C:\Program Files (x86)\Hotkey\AudioControlDLL.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (cmdagent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PowerBiosServer) -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe ()
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\RpcAgentSrv.exe (SiSoftware)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (CLNUIDriver) -- C:\Windows\SysNative\drivers\CLNUIDriver.sys (Code Laboratories, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://gbt.toolbarhome.com/?hp=df
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C F6 D2 70 9E 53 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.06 20:18:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.16 10:29:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.22 20:30:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.01.16 10:29:39 | 000,000,000 | ---D | M]
 
[2011.06.11 09:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.06.11 09:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.02 09:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\qho5ph94.default\extensions
[2012.01.29 16:06:31 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\qho5ph94.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.01.06 20:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.18 09:08:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHO5PH94.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHO5PH94.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHO5PH94.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHO5PH94.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHO5PH94.DEFAULT\EXTENSIONS\FEEDLY@DEVHD.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHO5PH94.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHO5PH94.DEFAULT\EXTENSIONS\UNDOCLOSEDTABSBUTTON@SUPERNOVA00.BIZ.XPI
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.01.31 23:28:22 | 000,001,110 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adaradar.xml
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Greyscale = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm\1.0_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.02.04 23:08:07 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll ()
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll ()
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [Firefox helper] C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20088A85-CDD9-4C61-8079-D64626F98B76}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D958B33-6A54-4D8A-BA07-B7813E7A9442}: NameServer = 156.154.70.25,156.154.71.25
O18:64bit: - Protocol\Handler\gameboxchrome - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\gameboxchrome {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll ()
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{159ea791-19ce-11e1-8283-0090f5a53f20}\Shell - "" = AutoRun
O33 - MountPoints2\{159ea791-19ce-11e1-8283-0090f5a53f20}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{663fd720-944c-11e0-bf63-0090f5a53f20}\Shell - "" = AutoRun
O33 - MountPoints2\{663fd720-944c-11e0-bf63-0090f5a53f20}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.04 21:56:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.02.04 21:20:34 | 004,754,944 | ---- | C] (Geza Kovacs) -- C:\unetbtin.exe
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\preseed
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\pool
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\pics
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\isolinux
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\install
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\dists
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\casper
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\boot
[2012.02.04 21:03:45 | 000,000,000 | ---D | C] -- C:\.disk
[2012.02.04 21:03:38 | 000,000,000 | ---D | C] -- C:\unetbtin
[2012.02.04 20:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
[2012.02.04 20:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2012.02.04 16:55:40 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\wpml-string-translation.1.2.9
[2012.02.03 19:30:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Archiv
[2012.02.03 18:24:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\wie macht man scheiß Ordner
[2012.02.03 12:41:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\sitepress-multilingual-cms.2.4.2
[2012.02.02 12:29:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\wordpress-3.3.1-de_DE
[2012.02.01 21:19:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\DejaVu-Serif-fontfacekit
[2012.01.25 21:46:28 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\LaN_shelling_0.6.0059
[2012.01.22 20:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poedit
[2012.01.22 20:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Poedit
[2012.01.22 20:28:35 | 003,990,398 | ---- | C] (Vaclav Slavik                                               ) -- C:\Users\***\Desktop\poedit-1.4.6-setup.exe
[2012.01.22 20:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
[2012.01.22 20:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2012.01.22 20:25:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zip Uncompressor
[2012.01.22 20:24:06 | 000,000,000 | ---D | C] -- C:\Users\***\Zip Uncompressor
[2012.01.22 20:24:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zip Uncompressor
[2012.01.19 13:59:44 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ft_v037
[2012.01.16 10:29:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.14 15:33:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.01.14 15:31:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.01.07 11:41:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.09.06 14:29:22 | 000,184,320 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011.06.29 16:45:05 | 000,011,776 | ---- | C] (Nattyware) -- C:\Program Files (x86)\pixie.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.04 23:25:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1811895510-1651897561-911722450-1000UA.job
[2012.02.04 22:35:02 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.04 22:35:02 | 000,696,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.04 22:35:02 | 000,651,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.04 22:35:02 | 000,147,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.04 22:35:02 | 000,120,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.04 22:34:58 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 22:34:58 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 22:27:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.04 22:27:29 | 3111,559,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.04 21:56:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.02.04 21:28:02 | 000,201,293 | ---- | M] () -- C:\ubnldr.exe
[2012.02.04 21:28:02 | 000,185,012 | ---- | M] () -- C:\ubnldr
[2012.02.04 21:28:02 | 000,008,192 | ---- | M] () -- C:\ubnldr.mbr
[2012.02.04 20:09:03 | 000,000,064 | ---- | M] () -- C:\Users\***\AppData\Roaming\Sandra.ldb
[2012.02.04 20:08:13 | 000,001,183 | ---- | M] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2012.SP1c.lnk
[2012.02.04 19:44:48 | 004,754,944 | ---- | M] (Geza Kovacs) -- C:\unetbtin.exe
[2012.02.04 19:14:05 | 000,000,188 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.02.04 16:55:33 | 000,181,873 | ---- | M] () -- C:\Users\***\Desktop\wpml-string-translation.1.2.9.zip
[2012.02.04 09:59:45 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1811895510-1651897561-911722450-1000Core.job
[2012.02.03 19:29:32 | 004,029,091 | ---- | M] () -- C:\Users\***\Desktop\Archiv.zip
[2012.02.03 19:27:44 | 006,897,664 | ---- | M] () -- C:\Users\***\Desktop\DA_4_einseitig_GEKÜRTZT.indd
[2012.02.03 19:27:44 | 000,000,000 | ---- | M] () -- C:\Users\***\Desktop\~da_4_einseitig_gek~fg9$)4.idlk
[2012.02.03 18:24:16 | 031,133,696 | ---- | M] () -- C:\Users\***\Desktop\wie macht man scheiß.indd
[2012.02.03 18:22:56 | 000,755,702 | ---- | M] () -- C:\Users\***\Desktop\wie macht man scheiß.pdf
[2012.02.03 18:19:57 | 000,213,553 | ---- | M] () -- C:\Users\***\Desktop\wie macht man scheiß2.jpg
[2012.02.03 17:26:42 | 009,904,128 | ---- | M] () -- C:\Users\***\Desktop\DA_4_einseitig.indd
[2012.02.03 12:41:06 | 001,036,116 | ---- | M] () -- C:\Users\***\Desktop\sitepress-multilingual-cms.2.4.2.zip
[2012.02.03 12:38:25 | 000,001,014 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.03 12:29:11 | 001,161,174 | ---- | M] () -- C:\Users\***\Desktop\Gemaboy***.jpg
[2012.02.02 20:05:27 | 1428,451,328 | ---- | M] () -- C:\Users\***\Desktop\ju98ru2srjkh4.avi
[2012.02.02 18:16:41 | 000,160,534 | ---- | M] () -- C:\Users\***\Desktop\2011_Rechnung_246_Nov.pdf
[2012.02.02 18:16:41 | 000,160,453 | ---- | M] () -- C:\Users\***\Desktop\2012_Rechnung_249_Jan.pdf
[2012.02.02 18:16:37 | 000,162,933 | ---- | M] () -- C:\Users\***\Desktop\2011_Rechnung_248_Dez.pdf
[2012.02.02 12:24:17 | 004,655,786 | ---- | M] () -- C:\Users\***\Desktop\wordpress-3.3.1-de_DE.zip
[2012.02.02 12:07:03 | 000,499,622 | ---- | M] () -- C:\Users\***\Desktop\*** Schmidgall - Diplom-Slide-2.jpg
[2012.02.02 12:06:51 | 000,282,912 | ---- | M] () -- C:\Users\***\Desktop\*** Schmidgall - Diplom-Slide-1.jpg
[2012.02.02 11:33:12 | 797,794,304 | ---- | M] () -- C:\Users\***\Desktop\ewcodjwo8hsji.avi
[2012.02.01 21:05:08 | 006,241,040 | ---- | M] () -- C:\Users\***\Desktop\DejaVu-Serif-fontfacekit.zip
[2012.02.01 16:34:41 | 000,124,071 | ---- | M] () -- C:\Users\***\Desktop\***-Schmidgall-digitised-drawing-in-CAD-application.jpg
[2012.01.27 08:18:14 | 002,321,734 | ---- | M] () -- C:\Users\***\Desktop\2155656_700b.jpg
[2012.01.25 21:46:21 | 000,050,233 | ---- | M] () -- C:\Users\***\Desktop\LaN_shelling_0.6.0059.zip
[2012.01.25 21:30:37 | 000,000,051 | ---- | M] () -- C:\Users\***\Desktop\Schuhleisten_20120125.3dm.rhl
[2012.01.25 21:30:10 | 000,292,098 | ---- | M] () -- C:\Users\***\Desktop\Schuhleisten_20120125.3dm
[2012.01.22 20:31:27 | 000,008,249 | ---- | M] () -- C:\Users\***\Desktop\de_DE.po
[2012.01.22 20:28:47 | 003,990,398 | ---- | M] (Vaclav Slavik                                               ) -- C:\Users\***\Desktop\poedit-1.4.6-setup.exe
[2012.01.22 20:26:00 | 000,001,105 | ---- | M] () -- C:\Users\***\Desktop\Zip Uncompressor.lnk
[2012.01.22 20:25:09 | 000,008,093 | ---- | M] () -- C:\Users\***\Desktop\en_EN.po
[2012.01.22 20:23:51 | 000,549,896 | ---- | M] () -- C:\Users\***\Desktop\ADLSoft_UnCompressor_triple_2nd_offer_0412_s.exe
[2012.01.21 11:53:54 | 367,125,132 | ---- | M] () -- C:\Users\***\Desktop\craig.ferguson.2012.01.20.real.hdtv.xvid-fqm.avi
[2012.01.19 21:48:11 | 000,002,226 | ---- | M] () -- C:\Users\***\Desktop\Example_noise_and_tone_drums.ftm.bak
[2012.01.19 21:48:11 | 000,002,226 | ---- | M] () -- C:\Users\***\Desktop\Example_noise_and_tone_drums.ftm
[2012.01.19 13:59:12 | 000,794,521 | ---- | M] () -- C:\Users\***\Desktop\ft_v037.zip
[2012.01.19 11:48:56 | 367,523,488 | ---- | M] () -- C:\Users\***\Desktop\craig.ferguson.2012.01.18.hdtv.xvid-fqm.avi
[2012.01.18 12:24:43 | 366,921,888 | ---- | M] () -- C:\Users\***\Desktop\Craig.Ferguson.2012.01.17.Colin.Firth.HDTV.XviD-FQM.avi
[2012.01.14 15:31:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.01.06 13:22:49 | 000,000,107 | ---- | M] () -- C:\Users\***\Desktop\dradiowissen.m3u
[2012.01.06 13:22:37 | 000,000,107 | ---- | M] () -- C:\Users\***\Desktop\dkultur.m3u
[2012.01.06 13:16:33 | 000,000,099 | ---- | M] () -- C:\Users\***\Desktop\dlf.m3u
 
========== Files Created - No Company Name ==========
 
[2012.02.04 21:28:02 | 000,201,293 | ---- | C] () -- C:\ubnldr.exe
[2012.02.04 21:28:02 | 000,185,012 | ---- | C] () -- C:\ubnldr
[2012.02.04 21:28:02 | 000,008,192 | ---- | C] () -- C:\ubnldr.mbr
[2012.02.04 21:27:25 | 000,002,048 | ---- | C] () -- C:\boot.catalog
[2012.02.04 21:27:25 | 000,000,200 | ---- | C] () -- C:\README.diskdefines
[2012.02.04 20:08:53 | 011,300,864 | ---- | C] () -- C:\Users\***\AppData\Roaming\Sandra.mdb
[2012.02.04 20:08:53 | 000,000,064 | ---- | C] () -- C:\Users\***\AppData\Roaming\Sandra.ldb
[2012.02.04 20:08:13 | 000,001,183 | ---- | C] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2012.SP1c.lnk
[2012.02.04 19:14:05 | 000,000,188 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.02.04 16:55:31 | 000,181,873 | ---- | C] () -- C:\Users\***\Desktop\wpml-string-translation.1.2.9.zip
[2012.02.03 19:27:44 | 000,000,000 | ---- | C] () -- C:\Users\***\Desktop\~da_4_einseitig_gek~fg9$)4.idlk
[2012.02.03 19:27:42 | 006,897,664 | ---- | C] () -- C:\Users\***\Desktop\DA_4_einseitig_GEKÜRTZT.indd
[2012.02.03 19:22:55 | 004,029,091 | ---- | C] () -- C:\Users\***\Desktop\Archiv.zip
[2012.02.03 18:24:14 | 031,133,696 | ---- | C] () -- C:\Users\***\Desktop\wie macht man scheiß.indd
[2012.02.03 18:22:53 | 000,755,702 | ---- | C] () -- C:\Users\***\Desktop\wie macht man scheiß.pdf
[2012.02.03 18:19:57 | 000,213,553 | ---- | C] () -- C:\Users\***\Desktop\wie macht man scheiß2.jpg
[2012.02.03 12:41:03 | 001,036,116 | ---- | C] () -- C:\Users\***\Desktop\sitepress-multilingual-cms.2.4.2.zip
[2012.02.03 12:29:09 | 001,161,174 | ---- | C] () -- C:\Users\***\Desktop\Gemaboy***.jpg
[2012.02.03 09:24:41 | 1428,451,328 | ---- | C] () -- C:\Users\***\Desktop\ju98ru2srjkh4.avi
[2012.02.02 18:16:22 | 000,162,933 | ---- | C] () -- C:\Users\***\Desktop\2011_Rechnung_248_Dez.pdf
[2012.02.02 18:16:22 | 000,160,534 | ---- | C] () -- C:\Users\***\Desktop\2011_Rechnung_246_Nov.pdf
[2012.02.02 18:16:22 | 000,160,453 | ---- | C] () -- C:\Users\***\Desktop\2012_Rechnung_249_Jan.pdf
[2012.02.02 12:24:05 | 004,655,786 | ---- | C] () -- C:\Users\***\Desktop\wordpress-3.3.1-de_DE.zip
[2012.02.02 12:22:49 | 797,794,304 | ---- | C] () -- C:\Users\***\Desktop\ewcodjwo8hsji.avi
[2012.02.02 12:06:59 | 000,499,622 | ---- | C] () -- C:\Users\***\Desktop\*** *** - Diplom-Slide-2.jpg
[2012.02.02 12:06:36 | 000,282,912 | ---- | C] () -- C:\Users\***\Desktop\*** *** - Diplom-Slide-1.jpg
[2012.02.01 21:04:55 | 006,241,040 | ---- | C] () -- C:\Users\***\Desktop\DejaVu-Serif-fontfacekit.zip
[2012.02.01 16:34:40 | 000,124,071 | ---- | C] () -- C:\Users\***\Desktop\***-***-digitised-drawing-in-CAD-application.jpg
[2012.01.27 08:18:08 | 002,321,734 | ---- | C] () -- C:\Users\***\Desktop\2155656_700b.jpg
[2012.01.25 21:46:19 | 000,050,233 | ---- | C] () -- C:\Users\***\Desktop\LaN_shelling_0.6.0059.zip
[2012.01.25 21:30:37 | 000,000,051 | ---- | C] () -- C:\Users\***\Desktop\Schuhleisten_20120125.3dm.rhl
[2012.01.25 21:30:09 | 000,292,098 | ---- | C] () -- C:\Users\***\Desktop\Schuhleisten_20120125.3dm
[2012.01.22 20:31:27 | 000,008,249 | ---- | C] () -- C:\Users\***\Desktop\de_DE.po
[2012.01.22 20:25:09 | 000,008,093 | ---- | C] () -- C:\Users\***\Desktop\en_EN.po
[2012.01.22 20:24:06 | 000,001,105 | ---- | C] () -- C:\Users\***\Desktop\Zip Uncompressor.lnk
[2012.01.22 20:23:40 | 000,549,896 | ---- | C] () -- C:\Users\***\Desktop\ADLSoft_UnCompressor_triple_2nd_offer_0412_s.exe
[2012.01.19 21:48:25 | 000,002,226 | ---- | C] () -- C:\Users\***\Desktop\Example_noise_and_tone_drums.ftm.bak
[2012.01.19 21:48:09 | 000,002,226 | ---- | C] () -- C:\Users\***\Desktop\Example_noise_and_tone_drums.ftm
[2012.01.19 13:59:10 | 000,794,521 | ---- | C] () -- C:\Users\***\Desktop\ft_v037.zip
[2012.01.07 11:41:12 | 000,001,014 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.01.06 13:22:49 | 000,000,107 | ---- | C] () -- C:\Users\***\Desktop\dradiowissen.m3u
[2012.01.06 13:22:36 | 000,000,107 | ---- | C] () -- C:\Users\***\Desktop\dkultur.m3u
[2012.01.06 13:16:32 | 000,000,099 | ---- | C] () -- C:\Users\***\Desktop\dlf.m3u
[2011.12.26 06:10:32 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe
[2011.11.27 18:21:35 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll
[2011.11.16 10:19:24 | 000,244,736 | ---- | C] () -- C:\Program Files (x86)\JRuler.exe
[2011.09.16 19:30:17 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2011.09.06 14:29:22 | 000,320,512 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2011.09.06 14:29:22 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.06.22 21:04:51 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.06.16 00:56:28 | 000,005,632 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.15 22:15:36 | 000,695,578 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
[2011.06.15 22:15:36 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
[2011.06.13 13:28:10 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\myron_ezcam.dll
[2011.06.13 13:28:10 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\DSVL.dll
[2011.06.13 12:57:23 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.11 16:44:44 | 000,006,599 | ---- | C] () -- C:\Users\***\AppData\Local\backup.vtp
[2011.06.10 20:34:47 | 000,000,102 | R--- | C] () -- C:\Windows\OEM.ini
[2011.06.10 20:33:16 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.06.10 20:17:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.10 20:03:20 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.11.26 20:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2011.08.19 10:13:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\3v
[2011.07.13 16:14:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2011.09.18 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.06.12 17:01:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.02.04 22:28:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.02.04 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.06.12 17:46:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2011.08.25 15:12:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2011.06.14 23:10:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Grasshopper
[2011.10.03 10:48:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.11.15 11:58:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.06.11 13:27:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.07.08 09:19:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.06.11 09:37:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.06.15 21:55:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy
[2011.12.26 06:10:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pics
[2011.06.12 21:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Processing
[2011.06.11 16:44:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite
[2011.06.16 00:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.08.17 19:17:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.06.11 09:58:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.10.07 10:09:26 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Vielen Dank im Voraus für Eure Hilfe! Roderic S.

Achtung! ... Windowssystem blockiert.

Log-Analyse und Auswertung: Achtung! ... Windowssystem blockiert.

Achtung! ... Windowssystem blockiert.

Ähnliche Themen: Achtung! ... Windowssystem blockiert.