Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.04.2012, 00:32   #1
koestertim
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



Hallo ihr fleißigen Helfer,

mein Computer wurde heute von einem Virus/Trojaner oder soetwas befallen. Kurz nachdem ich ein Word Dokument (Anhang einer Email) geöffnet habe wurde der Bildschrim fast komplett Weiß. Nur oben stand "Die Navigation zu der Webseite wurde abgebrochen. ..." (sieht aus wie eine Fehlermeldung vom Internetexplorer)
In diesem Zustand kann ich nix machen ausser mit dem "Affengriff" dieses Menü öffnen. Allerdings kann ich dort den Task Manager nicht starten.
Auch in den verschiedenen abgesicherten Modi geht nichts.
Da ich einige Probleme beim Anmelden hatte, habe ich bereits nach einer Anleitung hier aus dem Forum (http://www.trojaner-board.de/100215-...tml#post671012) einen USB Stick mit OTLPE "gebastelt". Das Funktioniert auch soweit und ich kann den Scan über dieses Reatogo durchlaufen lassen. Heraus kommen folgende Logs:

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/28/2012 4:22:39 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.15 Mb Free Space | 74.15% Space Free | Partition Type: NTFS
Drive D: | 472.76 Gb Total Space | 356.78 Gb Free Space | 75.47% Space Free | Partition Type: NTFS
Drive E: | 458.66 Gb Total Space | 285.25 Gb Free Space | 62.19% Space Free | Partition Type: NTFS
Drive X: | 1.86 Gb Total Space | 1.52 Gb Free Space | 81.69% Space Free | Partition Type: FAT
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/09/28 21:51:08 | 000,203,264 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto] -- D:\Windows\System32\ini910u.dll -- (dlartl_n)
SRV - [2012/04/27 12:13:03 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/22 13:59:04 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/15 08:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 08:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/19 11:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto] -- D:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/07/14 09:41:41 | 000,107,832 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/07/14 09:41:32 | 000,066,872 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () [Auto] -- D:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/23 08:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- D:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/16 05:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto] -- D:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/01/31 13:51:49 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/12/10 09:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/12/01 08:39:06 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/28 22:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/28 21:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/08/16 06:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/05/30 23:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/26 21:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/26 21:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/23 08:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/02 07:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/02/08 03:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/12/21 21:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/03 11:25:10 | 000,193,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\V0330Vid.sys -- (V0330VID)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/11/16 13:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/01/02 07:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System] -- D:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
DRV:64bit: - [2007/07/12 15:38:10 | 000,042,016 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TTCinergyT2BDA.sys -- (TTCinergyT2) TerraTec Cinergy T² (BDA)
DRV - [2009/02/28 14:40:18 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/12/27 16:24:33] [Kernel | Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\Tim_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\Tim_ON_D\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Tim_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tim_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_2_202_233.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/25 03:52:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/21 15:53:13 | 000,000,000 | ---D | M]
 
[2012/01/25 03:52:49 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/08 15:28:18 | 000,000,000 | ---D | M] (Facebook Connect) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{9a4e42f4-ee19-467a-ad67-3c31ed29837b}
[2012/01/25 03:52:48 | 000,121,816 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/02 23:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 05:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- D:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012/01/25 03:52:47 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/25 03:52:47 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/25 03:52:47 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/25 03:52:47 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/25 03:52:47 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/25 03:52:47 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/03/29 11:21:51 | 000,001,395 | RHS- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 149.5.18.172 www.google-analytics.com.
O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.
O1 - Hosts: 149.5.18.172 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: (Facebook Connect) - {11DCAFD6-DDBA-4ADA-998B-996B7B691AE0} - D:\Users\Tim\AppData\Roaming\FBConnect\IE\FBConnect.dll (Facebook Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - File not found
O3:64bit: - HKU\Tim_ON_D\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O4:64bit: - HKLM..\Run: [C:\Windows\system32\V0330Ext.ax] D:\Windows\System32\V0330Ext.ax (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [EKAIO2StatusMonitor] D:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [itype] D:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] D:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BDRegion] D:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [C:\Windows\SysWOW64\V0330Ext.ax] D:\Windows\SysWOW64\V0330Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [Conime] File not found
O4 - HKLM..\Run: [HDAudDeck] D:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] D:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] D:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] D:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Six Engine] D:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TurboV EVO] D:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [V0330Mon.exe] D:\Windows\V0330Mon.exe (Creative Technology Ltd.)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Tim_ON_D..\Run: [Creative WebCam Tray] D:\Program Files (x86)\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
O4 - HKU\Tim_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Tim_ON_D..\Run: [Grid] D:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()
O4 - HKU\Tim_ON_D..\Run: [Remote Control Editor] D:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - HKU\Tim_ON_D..\Run: [Steam] E:\Spiele\KriegimNorden\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] D:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (C:\Windows\Temp\heubha\setup.exe) - D:\Windows\Temp\heubha\setup.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - C:\Windows\Temp\heubha\setup.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 13:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/04/27 12:13:01 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/27 11:30:13 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{83E92DF6-ABDC-469D-9588-D62E67A364A6}
[2012/04/27 11:30:01 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{AA77A1B0-193C-4C2F-A246-A8830D139A62}
[2012/04/27 02:35:52 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/27 02:35:49 | 000,000,000 | ---D | C] -- D:\Windows\system64
[2012/04/27 02:04:19 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{801DC3C3-B87A-4715-9E9B-D80DFBD5C4EA}
[2012/04/27 02:04:07 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{E2755D05-35C3-4082-9C61-43EDB096FFF4}
[2012/04/26 15:29:21 | 000,000,000 | ---D | C] -- D:\Users\Tim\Desktop\radio
[2012/04/26 11:05:58 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{76CF81CB-A077-4079-A07B-C6C3E3DF14B7}
[2012/04/26 11:05:46 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{C0040439-5FC5-4BBD-BB97-89A499D6913A}
[2012/04/26 04:16:02 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{9DB710D2-770E-4259-ACA2-6DF042036639}
[2012/04/26 04:15:47 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{C082A878-2ECD-4802-AF8E-EA1ADE358E91}
[2012/04/26 02:47:45 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{9D581E3F-8B3A-460B-AC58-C150D5AB20C8}
[2012/04/26 02:47:30 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{848229DB-B926-4422-BBDB-E5B5AAE73912}
[2012/04/25 03:09:42 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{6BC94234-6036-45E3-AE48-DA7BF2D237CE}
[2012/04/25 03:09:30 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{8A58A72D-7C0B-4B04-9B4C-3660A9FC86AF}
[2012/04/24 10:12:52 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{5FD44B3E-EA32-4222-8156-F8D6203419A9}
[2012/04/24 10:12:32 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{221C7044-9291-4975-B4FA-31E72BBFFF53}
[2012/04/24 01:48:01 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{C77969A4-FEC4-440E-8CBF-409C079DC8D4}
[2012/04/24 01:47:50 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{E9AF7F1E-47E1-483F-B123-7678F5E8CE40}
[2012/04/23 10:13:54 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{2AE25AF1-E077-4CB9-B22B-13D8EE502F11}
[2012/04/23 10:13:37 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{1BD2CE50-536F-47E3-9AD6-14C389BCDC1A}
[2012/04/23 03:33:28 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{016549C6-ECBE-4CD1-8C87-773AFCED5C82}
[2012/04/23 03:33:16 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{656337CE-D485-42C7-829A-767095B4A30A}
[2012/04/22 13:59:21 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{97486C6B-7784-4197-AFDC-CFD71035BF4F}
[2012/04/22 13:59:09 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{7B4A634C-94B1-45D0-887B-822CC1FC4433}
[2012/04/20 02:07:55 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{10B813A3-35FA-439E-918A-B9DEF0C6BA18}
[2012/04/20 02:07:41 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{A56ACC2D-A8E1-4A8E-8EDA-F2D94845C5B2}
[2012/04/19 16:52:37 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{ECEA2B6A-99C2-45C6-BB9F-726F7CD834C9}
[2012/04/19 16:52:24 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{98A9F589-7511-434B-9949-3B4BA6D3A265}
[2012/04/19 11:34:51 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{8CA3ED0C-EB01-4674-87E8-4FBD9CD4BFFE}
[2012/04/19 11:34:39 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{ADEE034D-5D19-4EE3-8F91-3582F901814F}
[2012/04/19 01:37:45 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{5CE7EF0F-7B6E-447D-9590-C6EC4974C14D}
[2012/04/19 01:37:33 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{49E5C818-1B6D-47F0-A971-8FFC7FEDFB82}
[2012/04/18 10:55:01 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{6486857A-F714-4BCA-BF8B-7FB79ABDE099}
[2012/04/18 10:54:47 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{63292166-F98E-476B-995C-68324E03DF7A}
[2012/04/18 03:03:49 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{C7708DDB-3BDA-48E8-8813-C043C0FEABE4}
[2012/04/18 03:03:35 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{E613C793-1939-4509-9DAD-E637EC6AA3FD}
[2012/04/17 13:36:23 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{0017441A-FEB3-403A-8D25-D069EE58FF72}
[2012/04/17 13:36:11 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{ABCAE68F-CA98-4AEA-9AFB-6450C975FFA8}
[2012/04/17 01:23:47 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{946D6132-F9DD-47B8-9010-5CBC2D0182A0}
[2012/04/17 01:23:32 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{E187FEC9-806C-43A3-9AC3-5CAFEF46668A}
[2012/04/16 13:46:00 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{606F1D37-16DF-4141-8B6E-175986904A88}
[2012/04/16 13:45:46 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{CD8B8BBE-0E1C-4DEB-AC94-49A96F6688F3}
[2012/04/16 02:58:42 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{2A036F31-B85B-4FD4-9926-3A253F80D03F}
[2012/04/16 02:58:30 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{8611B7F5-C6D3-44DE-96CA-E6F547534412}
[2012/04/15 07:35:10 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{77A520AE-0C35-46C0-A182-67FD32101C36}
[2012/04/15 07:34:55 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{165BC1C3-0BB2-4A66-82AA-15C010AD26CF}
[2012/04/14 08:13:45 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{18C0DDCC-2FC2-497B-9E86-DFB180E2D732}
[2012/04/14 08:13:33 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{D88AFB35-BF31-40CD-A4DB-2319D1E14357}
[2012/04/14 04:30:40 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{525F42FA-E268-4EFD-A382-E00B8ADBD44C}
[2012/04/14 04:30:28 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{C8716F35-E6CE-4EFD-A9B6-7FF0026756E8}
[2012/04/13 17:49:16 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{55A5DC7D-AF9D-45C6-9D73-F1E9DBBB9905}
[2012/04/13 17:49:04 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{C9217DEB-2D10-4DE3-967F-6DE7133C85C3}
[2012/04/13 13:55:20 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{BBA61206-8B5B-4715-B1AD-2F5DE56855EE}
[2012/04/12 15:53:43 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{D7695E10-5D67-495B-BAE3-502C24324777}
[2012/04/12 05:55:32 | 000,096,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2012/04/12 05:55:31 | 002,311,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2012/04/12 05:55:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012/04/12 05:55:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012/04/12 05:55:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2012/04/12 05:55:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2012/04/12 05:55:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2012/04/12 05:55:30 | 001,799,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2012/04/12 05:55:30 | 001,493,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2012/04/12 05:55:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2012/04/12 05:55:30 | 000,818,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2012/04/12 05:55:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2012/04/12 05:55:09 | 005,559,152 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe
[2012/04/12 05:55:08 | 003,968,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/12 05:55:08 | 003,913,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe
[2012/04/12 05:53:44 | 000,220,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wintrust.dll
[2012/04/12 05:53:44 | 000,172,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wintrust.dll
[2012/04/12 05:53:44 | 000,159,232 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\imagehlp.dll
[2012/04/12 05:53:44 | 000,081,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\imagehlp.dll
[2012/04/12 05:53:44 | 000,023,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\fs_rec.sys
[2012/04/12 03:53:18 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{C6A60153-951C-4F65-BB8A-59EE903C2176}
[2012/04/11 04:55:44 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{D844912A-D9E8-413F-97E0-0FECDCE4F745}
[2012/04/10 16:55:19 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{186CAB2D-7E69-4119-9B94-ED0123C665AE}
[2012/04/09 15:53:32 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{3716EF8D-673F-423C-B87E-F733B13281E4}
[2012/04/09 03:53:07 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{12FFB608-6418-4C5F-AE1A-FBD52A7C3C30}
[2012/04/08 14:37:14 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{76B136AE-8682-4B71-9188-24D365F61A7D}
[2012/04/04 17:06:14 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{6D44F035-C97E-4AF4-B9FD-346DAD6F7A35}
[2012/04/04 05:05:49 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{6BF544DB-8E3F-4A3F-80F6-0F901FEBC859}
[2012/04/03 14:19:19 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{F211B9F7-EE86-452B-8BD4-BDB1C014CAC9}
[2012/04/02 14:54:43 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{6A196D33-2E2A-4D90-B2DB-274CCD560789}
[2012/04/02 02:54:15 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{5A1D9B98-A6F7-4DAB-8448-FC4906E66DE6}
[2012/04/01 05:18:41 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{6865FE20-66AA-4E1D-A6CB-C87F3BB85E3D}
[2012/03/31 06:44:45 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{F446B152-6AF2-4805-A455-C389CE421F83}
[2012/03/30 11:54:16 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/30 11:54:04 | 000,000,000 | ---D | C] -- D:\Program Files\iTunes
[2012/03/30 11:54:04 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\iTunes
[2012/03/30 11:54:04 | 000,000,000 | ---D | C] -- D:\Program Files\iPod
[2012/03/30 11:25:34 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Einsteins DSA Tool
[2012/03/30 11:18:52 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft SQL Server Compact Edition
[2012/03/30 08:44:06 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{83F73B6E-76A7-450B-833F-9E7DAE97ACEA}
[2012/03/29 15:27:04 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{66A01F83-8391-4738-B113-E73C0DBC1902}
[2012/03/29 12:13:46 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Roaming\Malwarebytes
[2012/03/29 12:13:40 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys
[2012/03/29 12:13:40 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2012/03/29 12:13:39 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware
[1 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/27 21:18:10 | 000,001,100 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/27 21:18:10 | 000,000,939 | ---- | M] () -- D:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe.lnk
[2012/04/27 21:17:41 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/04/27 21:17:33 | 3219,791,872 | -HS- | M] () -- D:\hiberfil.sys
[2012/04/27 15:29:15 | 000,000,000 | -HS- | M] () -- D:\Windows\System32\dds_trash_log.cmd
[2012/04/27 13:04:07 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/27 12:16:06 | 000,000,300 | ---- | M] () -- D:\Windows\tasks\PrintProjects Communicator.job
[2012/04/27 12:15:03 | 000,000,177 | -H-- | M] () -- D:\dvmexp.idx
[2012/04/27 12:13:03 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/27 12:13:03 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/27 12:13:01 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/27 12:13:00 | 000,001,104 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/27 12:12:04 | 000,017,136 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 12:12:04 | 000,017,136 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 12:10:37 | 001,557,274 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/27 12:10:37 | 000,673,634 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/04/27 12:10:37 | 000,624,320 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/04/27 12:10:37 | 000,135,650 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/04/27 12:10:37 | 000,111,250 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/04/26 02:48:35 | 000,001,051 | ---- | M] () -- D:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/26 02:48:17 | 000,001,015 | ---- | M] () -- D:\Users\Tim\Desktop\Dropbox.lnk
[2012/03/30 11:54:54 | 000,002,515 | ---- | M] () -- D:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/30 11:54:54 | 000,002,503 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/03/30 11:54:16 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/30 11:25:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Einsteins DSA Tool
[2012/03/29 11:21:51 | 000,001,395 | RHS- | M] () -- D:\Windows\System32\drivers\etc\hosts
[1 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/04/27 11:42:46 | 000,000,939 | ---- | C] () -- D:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe.lnk
[2012/04/27 02:36:54 | 000,000,000 | -HS- | C] () -- D:\Windows\System32\dds_trash_log.cmd
[2012/04/27 02:35:53 | 000,000,884 | ---- | C] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/23 13:18:12 | 1667,493,766 | ---- | C] () -- D:\Users\Tim\Desktop\Machete.mkv
[2011/07/14 09:41:34 | 000,107,832 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2011/07/14 09:41:32 | 000,682,280 | ---- | C] () -- D:\Windows\SysWow64\pbsvc.exe
[2011/07/14 09:41:32 | 000,066,872 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2011/07/02 08:05:54 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/04/14 15:33:02 | 000,402,432 | ---- | C] () -- D:\Windows\SysWow64\C4fox.dll
[2011/04/14 15:33:02 | 000,314,368 | ---- | C] () -- D:\Windows\SysWow64\Mdi32kh.dll
[2011/04/14 15:33:02 | 000,003,072 | ---- | C] () -- D:\Windows\SysWow64\Mview.dll
[2011/01/31 07:56:28 | 001,557,274 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/28 10:38:25 | 000,000,600 | ---- | C] () -- D:\Users\Tim\AppData\Roaming\winscp.rnd
[2010/11/06 18:46:39 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2010/11/06 18:42:53 | 000,002,857 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2010/11/06 15:45:07 | 000,037,173 | ---- | C] () -- D:\Windows\Ascd_log.ini
[2010/11/06 15:36:27 | 000,024,576 | R--- | C] () -- D:\Windows\SysWow64\AsIO.dll
[2010/11/06 15:36:27 | 000,013,440 | R--- | C] () -- D:\Windows\SysWow64\drivers\AsIO.sys
[2010/11/06 15:29:54 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2010/11/06 15:29:50 | 000,029,940 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/07/05 22:48:34 | 000,013,368 | R--- | C] () -- D:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/30 02:32:40 | 000,032,768 | R--- | C] () -- D:\Windows\DAODx.exe
[2008/12/01 13:32:32 | 000,362,029 | ---- | C] () -- D:\Windows\SysWow64\sqlite3.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelKorean.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelGerman.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010/11/06 15:25:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2010/11/06 15:41:32 | 000,000,000 | ---D | M] -- D:\ProgramData\ASUS OC Profiles
[2010/11/06 17:18:43 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2010/11/06 17:18:25 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Pro
[2010/11/06 17:49:51 | 000,000,000 | ---D | M] -- D:\ProgramData\DassaultSystemes
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/11/06 15:25:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2010/11/06 15:25:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/01/27 10:38:24 | 000,000,000 | ---D | M] -- D:\ProgramData\ICQ
[2011/10/19 05:34:48 | 000,000,000 | ---D | M] -- D:\ProgramData\kds_kodak
[2010/12/28 11:26:12 | 000,000,000 | ---D | M] -- D:\ProgramData\KONAMI
[2011/12/31 09:53:52 | 000,000,000 | ---D | M] -- D:\ProgramData\PrintProjects
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/11/06 15:25:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2010/12/27 11:22:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/10/13 13:14:11 | 000,000,000 | ---D | M] -- D:\ProgramData\TerraTec
[2011/12/17 13:18:56 | 000,000,000 | ---D | M] -- D:\ProgramData\Visan
[2010/11/06 15:25:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2011/01/15 08:28:40 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/04/27 12:16:06 | 000,000,300 | ---- | M] () -- D:\Windows\Tasks\PrintProjects Communicator.job
[2012/02/28 10:31:24 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---


EXTRAS:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 4/28/2012 4:22:39 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.15 Mb Free Space | 74.15% Space Free | Partition Type: NTFS
Drive D: | 472.76 Gb Total Space | 356.78 Gb Free Space | 75.47% Space Free | Partition Type: NTFS
Drive E: | 458.66 Gb Total Space | 285.25 Gb Free Space | 62.19% Space Free | Partition Type: NTFS
Drive X: | 1.86 Gb Total Space | 1.52 Gb Free Space | 81.69% Space Free | Partition Type: FAT
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- D:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{22421266-50FE-48AF-A536-20AE32563B22}" = Oracle VM VirtualBox 3.2.12
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64
"{35B226DA-E3F6-21FD-31AB-0046C6E87043}" = ATI Problem Report Wizard
"{3DF2B8CD-072D-49F5-BCF8-1DB86B0DF632}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B0748C5-2E63-B954-8C3F-71918C599800}" = WMV9/VC-1 Video Playback
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{698EDD46-FC0B-926F-54DF-23B6BB20EDFC}" = AMD Drag and Drop Transcoding
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{852AFE33-BB5C-1A0A-586E-9402D9895992}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B45B5123-C009-F8B4-FE93-45B42C8A786F}" = ATI AVIVO64 Codecs
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CACBDC26-D504-49ED-3FEC-0CDDB3700240}" = ATI Catalyst Install Manager
"{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}" = Microsoft SQL Server Compact 4.0 x64 DEU
"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Creative VF0330" = Creative WebCam Vista/Live! Cam Chat (VF0330) Driver (1.12.01.00)
"Dassault Systemes B19_0" = Dassault Systemes Software B19
"MatlabR2010a" = MATLAB R2010a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{22421266-50FE-48AF-A536-20AE32563B22}" = Oracle VM VirtualBox 3.2.12
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64
"{35B226DA-E3F6-21FD-31AB-0046C6E87043}" = ATI Problem Report Wizard
"{3DF2B8CD-072D-49F5-BCF8-1DB86B0DF632}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B0748C5-2E63-B954-8C3F-71918C599800}" = WMV9/VC-1 Video Playback
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{698EDD46-FC0B-926F-54DF-23B6BB20EDFC}" = AMD Drag and Drop Transcoding
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{852AFE33-BB5C-1A0A-586E-9402D9895992}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B45B5123-C009-F8B4-FE93-45B42C8A786F}" = ATI AVIVO64 Codecs
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CACBDC26-D504-49ED-3FEC-0CDDB3700240}" = ATI Catalyst Install Manager
"{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}" = Microsoft SQL Server Compact 4.0 x64 DEU
"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Creative VF0330" = Creative WebCam Vista/Live! Cam Chat (VF0330) Driver (1.12.01.00)
"Dassault Systemes B19_0" = Dassault Systemes Software B19
"MatlabR2010a" = MATLAB R2010a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Tim_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Third Age - Total War 3.0 (Part 1of2)" = Third Age - Total War 3.0 (Part 1of2)
"Third Age - Total War 3.0 (Part 2of2)" = Third Age - Total War 3.0 (Part 2of2)
 
< End of report >
         
--- --- ---

Ich hatte vor kurzem schon einmal soetwas und hatte mir damals auf anraten eines Freundes Malwarebite heruntergeladen und durchlaufen lassen. Danach hatte alles wieder Funktioniert.

Meine Platte hat 2 Partitionen wobei auf der einen nur die Windows Installation sowie Programme die ich leicht wieder installieren kann sind. Macht es Sinn zuerst dort neu Windows zu Installieren und zu gucken ob auf der anderen Partition keine infizierten Dateien sind?

Achso ich bin Morgen den ganzen Tag nicht Zuhause und kann erst Sonntag wieder an dem Rechner etwas tun. Werde morgen trotzdem mal reinschauen und gucken ob ihr mir helfen könnt.

Gruß Tim

ich weiß es wird nicht gern gesehen aber ich wollt meinen Beitrag nochmal pushen...
jemand kann mir doch bestimmt helfen oder?

Alt 30.04.2012, 14:06   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O31 - SafeBoot: AlternateShell - C:\Windows\Temp\heubha\setup.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 13:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
:Files
C:\Windows\Temp\heubha
D:\Windows\system64
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________

__________________

Alt 01.05.2012, 14:52   #3
koestertim
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



ich hab mittlerweile über eine systemwiederherstellung durch windows cd wieder ein funktionsfähiges betriebssystem. (sry aber ich war einfach so ungeduldig...)
soll ich trotzdem den fix machen? oder nen neuen scan?
__________________

Alt 01.05.2012, 17:22   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



Ja mach bitte trotzdem den FIx
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.05.2012, 21:25   #5
koestertim
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



Das hier ist schonmal das log file von dem fix:
Code:
ATTFilter
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File X:\AUTORUN.INF not found.
========== FILES ==========
C:\Windows\Temp\heubha folder moved successfully.
File\Folder D:\Windows\system64 not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.2 log created on 05012012_211822
         
hab jetzt auch die datie hochgeladen.


Alt 02.05.2012, 13:35   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
--> Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)

Alt 02.05.2012, 22:54   #7
koestertim
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



hier der malwarebyte log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.02.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ARBEITSPLATZ [Administrator]

Schutz: Aktiviert

02.05.2012 16:16:15
mbam-log-2012-05-02 (16-16-15).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 719131
Laufzeit: 2 Stunde(n), 18 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Tim\Downloads\SoftonicDownloader_fuer_baldurs-gate-2.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
der andere folgt morgen...

Alt 03.05.2012, 14:42   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.05.2012, 17:38   #9
koestertim
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



mhm da sind ne menge:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.29.06

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Tim :: ARBEITSPLATZ [Administrator]

Schutz: Deaktiviert

29.03.2012 18:14:21
mbam-log-2012-03-29 (18-14-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 672763
Laufzeit: 1 Stunde(n), 12 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SkypePM (Trojan.Agent) -> Daten: C:\Users\Tim\AppData\Local\Skype\SkypePM.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=60348991-2c0d-11e1-b200-20cf30e13a22) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=60348991-2c0d-11e1-b200-20cf30e13a22) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Tim\AppData\Local\Skype\SkypePM.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tim\AppData\Local\Temp\cgs8h0.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tim\AppData\Local\Temp\cgs8h2.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tim\AppData\Local\Temp\cgs8h3.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
und dann ganz viele die so aussehen willste die alle haben? (wurden anscheinend immer erstellt wenn ich am rechner war)
Code:
ATTFilter
2012/03/29 19:56:52 +0200	ARBEITSPLATZ	Tim	MESSAGE	Starting protection
2012/03/29 19:56:54 +0200	ARBEITSPLATZ	Tim	MESSAGE	Protection started successfully
2012/03/29 19:57:49 +0200	ARBEITSPLATZ	Tim	MESSAGE	Executing scheduled update:  Daily
2012/03/29 19:57:49 +0200	ARBEITSPLATZ	Tim	ERROR	Scheduled update failed:  Config missing or corrupt, please reinstall failed with error code 1812
2012/03/29 20:59:15 +0200	ARBEITSPLATZ	Tim	MESSAGE	Starting protection
2012/03/29 20:59:16 +0200	ARBEITSPLATZ	Tim	MESSAGE	Protection started successfully
         
Code:
ATTFilter
2012/03/30 08:53:26 +0200	ARBEITSPLATZ	Tim	MESSAGE	Starting protection
2012/03/30 08:53:26 +0200	ARBEITSPLATZ	Tim	MESSAGE	Protection started successfully
2012/03/30 14:45:16 +0200	ARBEITSPLATZ	Tim	MESSAGE	Starting protection
2012/03/30 14:45:17 +0200	ARBEITSPLATZ	Tim	MESSAGE	Protection started successfully
2012/03/30 15:55:36 +0200	ARBEITSPLATZ	Tim	MESSAGE	Executing scheduled update:  Daily
2012/03/30 15:55:36 +0200	ARBEITSPLATZ	Tim	ERROR	Scheduled update failed:  Config missing or corrupt, please reinstall failed with error code 1812
         
Code:
ATTFilter
2012/04/01 11:20:17 +0200	ARBEITSPLATZ	Tim	MESSAGE	Starting protection
2012/04/01 11:20:17 +0200	ARBEITSPLATZ	Tim	MESSAGE	Protection started successfully
2012/04/01 15:55:36 +0200	ARBEITSPLATZ	Tim	MESSAGE	Executing scheduled update:  Daily
2012/04/01 15:55:36 +0200	ARBEITSPLATZ	Tim	ERROR	Scheduled update failed:  Config missing or corrupt, please reinstall failed with error code 1812
2012/04/01 17:17:50 +0200	ARBEITSPLATZ	Tim	MESSAGE	Starting protection
2012/04/01 17:17:50 +0200	ARBEITSPLATZ	Tim	MESSAGE	Protection started successfully
2012/04/01 19:05:26 +0200	ARBEITSPLATZ	Tim	MESSAGE	Starting protection
2012/04/01 19:05:26 +0200	ARBEITSPLATZ	Tim	MESSAGE	Protection started successfully
         
Code:
ATTFilter
2012/04/02 08:54:58 +0200	ARBEITSPLATZ	Tim	MESSAGE	Starting protection
2012/04/02 08:54:59 +0200	ARBEITSPLATZ	Tim	MESSAGE	Protection started successfully
2012/04/02 19:34:08 +0200	ARBEITSPLATZ	Tim	MESSAGE	Starting protection
2012/04/02 19:34:08 +0200	ARBEITSPLATZ	Tim	MESSAGE	Protection started successfully
2012/04/02 19:35:08 +0200	ARBEITSPLATZ	Tim	MESSAGE	Executing scheduled update:  Daily
2012/04/02 19:35:08 +0200	ARBEITSPLATZ	Tim	ERROR	Scheduled update failed:  Config missing or corrupt, please reinstall failed with error code 1812
2012/04/02 23:58:50 +0200	ARBEITSPLATZ	Tim	MESSAGE	Starting protection
2012/04/02 23:58:50 +0200	ARBEITSPLATZ	Tim	MESSAGE	Protection started successfully
         

Alt 03.05.2012, 19:11   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.05.2012, 20:47   #11
koestertim
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



zu deinen fragen:
nach der systemwiederherstellung läuft der normale modus wieder uneingeschränkt vorher lief er gar nicht.
im startmenü ist, soweit ich das überblicke, alles normal.

der log von eset:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1b7b6b7c6ac4234f85362084c9c8c3ca
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-02 06:07:43
# local_time=2012-05-02 08:07:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 87598291 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=523243
# found=9
# cleaned=0
# scan_time=13621
C:\Users\Tim\AppData\Local\Temp\jar_cache3181015659638427333.tmp	Java/Exploit.CVE-2012-0507.D trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Tim\AppData\Local\Temp\jar_cache8733401095536746571.tmp	a variant of J2ME/Agent.AA trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\28f07c5b-42559ef9	a variant of Java/Exploit.Agent.NBE trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\4394f71c-5b4b861c	a variant of Java/Exploit.Blacole.AN trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\59ad20e4-3dfaf1a5	Java/Exploit.CVE-2012-0507.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\748a50eb-57c804bc	Java/Exploit.CVE-2011-3544.H trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Tim\Downloads\SoftonicDownloader_fuer_baldurs-gate-2.exe	a variant of Win32/SoftonicDownloader.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Tim\Downloads\vlc-1.1.5-win32(2).exe	Win32/StartPage.OIE trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Tim\Downloads\vlc-1.1.5-win32.exe	Win32/StartPage.OIE trojan (unable to clean)	00000000000000000000000000000000	I
         

Alt 04.05.2012, 10:23   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.05.2012, 16:05   #13
koestertim
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



der log is iwie zu lang. ich teile ihn mal:
Code:
ATTFilter
OTL logfile created on: 04.05.2012 15:43:28 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Tim\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 54,89% Memory free
7,99 Gb Paging File | 5,98 Gb Available in Paging File | 74,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 472,76 Gb Total Space | 359,26 Gb Free Space | 75,99% Space Free | Partition Type: NTFS
Drive E: | 458,66 Gb Total Space | 285,02 Gb Free Space | 62,14% Space Free | Partition Type: NTFS
Drive I: | 1,86 Gb Total Space | 1,50 Gb Free Space | 80,63% Space Free | Partition Type: FAT
 
Computer Name: ARBEITSPLATZ | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.01 21:16:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Downloads\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- E:\7_Programme\Avast\AvastUI.exe
PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- E:\7_Programme\Avast\AvastSvc.exe
PRC - [2012.01.25 09:52:48 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.12.19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011.07.14 15:41:41 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011.07.14 15:41:32 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.07.07 11:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.10.16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.07 00:46:58 | 000,603,648 | ---- | M] () -- E:\7_Programme\Avast\aswOtl.dll
MOD - [2012.01.25 09:52:48 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011.06.22 11:46:12 | 000,434,016 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL
MOD - [2010.06.01 11:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2010.02.08 18:19:52 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009.12.22 01:57:32 | 007,573,504 | ---- | M] () -- c:\program files (x86)\adobe\reader 9.0\reader\rdlang32.deu
MOD - [2009.10.03 03:48:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.DEU
MOD - [2009.10.03 03:45:02 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.DEU
MOD - [2009.09.30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2009.02.27 18:40:12 | 001,712,128 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
MOD - [2009.02.27 14:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2009.02.26 13:46:56 | 000,064,344 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.29 03:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.22 19:59:04 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- E:\7_Programme\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011.07.14 15:41:41 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011.07.14 15:41:32 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.10.16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.31 19:51:49 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.01 14:39:06 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.09.29 04:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.09.29 03:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.08.16 12:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.05.31 05:46:50 | 000,333,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.03 17:25:10 | 000,193,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\V0330Vid.sys -- (V0330VID)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.01.02 13:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver)
DRV:64bit: - [2007.07.12 21:38:10 | 000,042,016 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TTCinergyT2BDA.sys -- (TTCinergyT2) TerraTec Cinergy T² (BDA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.02.28 20:40:18 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/12/27 16:24:33] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=60348991-2c0d-11e1-b200-20cf30e13a22&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\..\SearchScopes\{6B6D9671-BB9D-4BCF-B60B-682CE5791847}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=60348991-2c0d-11e1-b200-20cf30e13a22&q={searchTerms}
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\..\SearchScopes\{E29EF757-7CF8-429F-8508-16B8C34700D4}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.6
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=sm&tb_ver=1.1.8&q="
FF - prefs.js..network.proxy.ftp: "213.170.47.244"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "213.170.47.244"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "213.170.47.244"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "213.170.47.244"
FF - prefs.js..network.proxy.ssl_port: 80
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: E:\7_Programme\Avast\WebRep\FF [2012.04.29 20:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.25 09:52:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.21 21:53:13 | 000,000,000 | ---D | M]
 
[2011.03.10 12:58:55 | 000,002,342 | ---- | M] () -- \Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mcyji42f.default\searchplugins\icq-search.xml
[2011.03.24 21:30:23 | 000,000,950 | ---- | M] () -- \Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mcyji42f.default\searchplugins\icqplugin.xml
[2011.12.21 21:53:14 | 000,000,792 | ---- | M] () -- \Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mcyji42f.default\searchplugins\startsear.xml
[2012.04.29 21:44:19 | 000,002,102 | ---- | M] () -- \Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mcyji42f.default\searchplugins\suche.xml
[2012.01.25 09:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.08 21:28:18 | 000,000,000 | ---D | M] (Facebook Connect) -- C:\Program Files (x86)\mozilla firefox\extensions\{9a4e42f4-ee19-467a-ad67-3c31ed29837b}
() (No name found) -- C:\USERS\TIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MCYJI42F.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.04.29 21:43:13 | 000,000,000 | ---D | M] (WOT) -- C:\USERS\TIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MCYJI42F.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
() (No name found) -- C:\USERS\TIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MCYJI42F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.17 20:23:47 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\USERS\TIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MCYJI42F.DEFAULT\EXTENSIONS\FOXYPROXY@ERIC.H.JUNG
[2012.04.29 20:51:07 | 000,000,000 | ---D | M] (avast! WebRep) -- E:\7_PROGRAMME\AVAST\WEBREP\FF
[2012.01.25 09:52:48 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012.01.25 09:52:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.25 09:52:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.25 09:52:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.25 09:52:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.25 09:52:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.25 09:52:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.01 21:18:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - E:\7_Programme\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Facebook Connect) - {11DCAFD6-DDBA-4ADA-998B-996B7B691AE0} - C:\Users\Tim\AppData\Roaming\FBConnect\IE\FBConnect.dll (Facebook Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\7_Programme\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - E:\7_Programme\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\7_Programme\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL File not found
O3:64bit: - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [C:\Windows\system32\V0330Ext.ax] C:\Windows\SysNative\V0330Ext.ax (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] E:\7_Programme\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [C:\Windows\SysWOW64\V0330Ext.ax] C:\Windows\SysWOW64\V0330Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3779999737-2682174491-3117732128-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-VS5LU.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3779999737-2682174491-3117732128-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\Anwendungsdaten [2012.04.29 21:04:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\AppData [2012.04.29 21:04:46 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Admin\Cookies [2012.04.29 21:04:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Desktop [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Documents [2012.04.29 21:04:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Downloads [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Druckumgebung [2012.04.29 21:04:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Eigene Dateien [2012.04.29 21:04:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Favorites [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Links [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Lokale Einstellungen [2012.04.29 21:04:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Music [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Netzwerkumgebung [2012.04.29 21:04:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\NTUSER.DAT ()
O4 - Startup: C:\Users\Admin\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Admin\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\ntuser.ini ()
O4 - Startup: C:\Users\Admin\Pictures [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Recent [2012.04.29 21:04:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Saved Games [2009.07.14 04:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Admin\SendTo [2012.04.29 21:04:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Startmenü [2012.04.29 21:04:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Videos [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Vorlagen [2012.04.29 21:04:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Adobe [2011.11.28 19:04:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Anwendungsdaten [2010.11.06 21:25:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Apple [2011.10.13 15:17:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2012.04.30 10:29:57 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\ASUS OC Profiles [2010.11.06 21:41:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ATI [2010.11.06 22:07:57 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\AVAST Software [2012.04.29 20:50:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2011.12.02 21:18:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2010.11.06 23:18:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\DAEMON Tools Pro [2010.11.06 23:18:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\DassaultSystemes [2010.11.06 23:49:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumente [2010.11.06 21:25:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favoriten [2010.11.06 21:25:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FLEXnet [2011.10.25 20:27:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2010.11.30 20:33:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP Photo Creations [2010.11.30 20:34:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ICQ [2011.01.27 16:38:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\kds_kodak [2011.10.19 11:34:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Kodak [2012.05.04 15:35:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\KONAMI [2010.12.28 17:26:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2012.03.29 18:13:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\McAfee [2011.04.22 16:53:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\McAfee Security Scan [2011.04.22 16:53:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2011.01.31 13:59:02 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012.04.30 08:49:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Norton [2011.04.21 15:10:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NortonInstaller [2010.11.06 21:43:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NTUser.dat ()
O4 - Startup: C:\Users\All Users\NTUser.dat.LOG1 ()
O4 - Startup: C:\Users\All Users\NTUser.dat.LOG2 ()
O4 - Startup: C:\Users\All Users\NTUser.dat{cbfac04d-e9dd-11df-a01c-20cf30e13a22}.TM.blf ()
O4 - Startup: C:\Users\All Users\NTUser.dat{cbfac04d-e9dd-11df-a01c-20cf30e13a22}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\All Users\NTUser.dat{cbfac04d-e9dd-11df-a01c-20cf30e13a22}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\All Users\NTUser.dat{cbfac058-e9dd-11df-a01c-20cf30e13a22}.TM.blf ()
O4 - Startup: C:\Users\All Users\NTUser.dat{cbfac058-e9dd-11df-a01c-20cf30e13a22}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\All Users\NTUser.dat{cbfac058-e9dd-11df-a01c-20cf30e13a22}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\All Users\PrintProjects [2011.12.31 15:53:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2012.03.05 20:30:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Startmenü [2010.11.06 21:25:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010.12.05 13:21:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Temp [2010.12.27 17:22:34 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\TerraTec [2011.10.13 19:14:11 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Visan [2011.12.17 19:18:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Vorlagen [2010.11.06 21:25:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2011.01.15 14:28:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Anwendungsdaten [2010.11.06 21:25:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2009.07.14 05:20:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2010.11.06 21:25:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Druckumgebung [2010.11.06 21:25:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Eigene Dateien [2010.11.06 21:25:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Favorites [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Lokale Einstellungen [2010.11.06 21:25:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Netzwerkumgebung [2010.11.06 21:25:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009.07.14 04:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Startmenü [2010.11.06 21:25:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Vorlagen [2010.11.06 21:25:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Public\CyberLink [2010.12.27 17:26:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Desktop [2012.04.29 21:04:55 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010.11.06 21:25:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009.07.14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009.07.14 04:34:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2010.12.22 20:10:07 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009.07.14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\NTUser.dat ()
O4 - Startup: C:\Users\Public\NTUser.dat.LOG1 ()
O4 - Startup: C:\Users\Public\NTUser.dat.LOG2 ()
O4 - Startup: C:\Users\Public\NTUser.dat{cbfac054-e9dd-11df-a01c-20cf30e13a22}.TM.blf ()
O4 - Startup: C:\Users\Public\NTUser.dat{cbfac054-e9dd-11df-a01c-20cf30e13a22}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Public\NTUser.dat{cbfac054-e9dd-11df-a01c-20cf30e13a22}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Public\NTUser.dat{cbfac05f-e9dd-11df-a01c-20cf30e13a22}.TM.blf ()
O4 - Startup: C:\Users\Public\NTUser.dat{cbfac05f-e9dd-11df-a01c-20cf30e13a22}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Public\NTUser.dat{cbfac05f-e9dd-11df-a01c-20cf30e13a22}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Public\Pictures [2009.07.14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2011.05.14 18:56:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\sdelevURL.tmp ()
O4 - Startup: C:\Users\Public\Videos [2009.07.14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Tim\.dsa4.properties ()
O4 - Startup: C:\Users\Tim\.heldEinstellungen.xml ()
O4 - Startup: C:\Users\Tim\.heldEinstellungen4_1.xml ()
O4 - Startup: C:\Users\Tim\.VirtualBox [2011.01.31 13:41:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Tim\Anwendungsdaten [2010.11.06 21:26:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Tim\AppData [2010.11.06 21:26:04 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Tim\Contacts [2012.02.17 00:33:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Tim\Cookies [2010.11.06 21:26:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Tim\Desktop [2012.05.01 22:34:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Tim\Documents [2012.03.13 18:45:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Tim\Downloads [2012.05.02 22:55:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Tim\Dropbox [2012.04.30 00:37:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Tim\Druckumgebung [2010.11.06 21:26:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Tim\EasternGraphics [2011.02.21 20:33:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Tim\Eigene Dateien [2010.11.06 21:26:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Tim\eTeks [2011.02.21 21:00:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Tim\Favorites [2012.02.17 00:33:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Tim\helden [2011.03.28 19:22:34 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Tim\helden.zip.hld ()
O4 - Startup: C:\Users\Tim\helden.zip.hld.ok ()
O4 - Startup: C:\Users\Tim\hilfetexte [2011.04.04 20:28:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Tim\hintergruende [2011.04.10 20:05:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Tim\Links [2012.02.17 00:33:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Tim\Lokale Einstellungen [2010.11.06 21:26:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Tim\Music [2012.02.17 00:33:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Tim\Netzwerkumgebung [2010.11.06 21:26:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Tim\ntuser.dat ()
O4 - Startup: C:\Users\Tim\ntuser.dat.LOG ()
O4 - Startup: C:\Users\Tim\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Tim\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Tim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Tim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Tim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Tim\ntuser.dat{e7337d63-e9e8-11df-8287-20cf30e13a22}.TM.blf ()
O4 - Startup: C:\Users\Tim\ntuser.dat{e7337d63-e9e8-11df-8287-20cf30e13a22}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Tim\ntuser.dat{e7337d63-e9e8-11df-8287-20cf30e13a22}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Tim\ntuser.ini ()
O4 - Startup: C:\Users\Tim\Pictures [2012.02.17 00:33:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Tim\plugins [2011.03.28 19:22:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Tim\Recent [2010.11.06 21:26:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Tim\riotsGamesLogs [2012.02.14 22:28:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Tim\Saved Games [2012.02.17 00:33:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Tim\Searches [2012.02.17 00:33:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Tim\SendTo [2010.11.06 21:26:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Tim\Startmenü [2010.11.06 21:26:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Tim\Tracing [2012.04.30 00:37:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Tim\Videos [2012.02.17 00:33:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Tim\Vorlagen [2010.11.06 21:26:04 | 000,000,000 | -HSD | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8EBF3BE-BC56-4863-962F-42C041933557}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 13:06:42 | 000,000,053 | ---- | M] () - I:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE - (McAfee, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^Tim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ATICustomerCare - hkey= - key= - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
MsConfig:64bit - StartUpReg: Bing Bar - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Creative WebCam Tray - hkey= - key= - C:\Program Files (x86)\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: Grid - hkey= - key= - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Remote Control Editor - hkey= - key= - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
MsConfig:64bit - StartUpReg: RemoteControl9 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Six Engine - hkey= - key= - C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - E:\Spiele\KriegimNorden\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: TurboV EVO - hkey= - key= - C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
MsConfig:64bit - StartUpReg: V0330Mon.exe - hkey= - key= - C:\Windows\V0330Mon.exe (Creative Technology Ltd.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A3607E4B-FEE9-0C44-430C-CBF5A7568CA9} - Microsoft Windows Media Player
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.03 17:19:07 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.05.03 17:19:07 | 000,000,000 | -HSD | C] -- \found.000
[2012.05.02 16:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.01 21:18:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.01 21:18:22 | 000,000,000 | ---D | C] -- \_OTL
[2012.04.29 21:04:46 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Vorlagen
[2012.04.29 21:04:46 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Startmenü
[2012.04.29 21:04:46 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo
[2012.04.29 21:04:46 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent
[2012.04.29 21:04:46 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Netzwerkumgebung
[2012.04.29 21:04:46 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Lokale Einstellungen
[2012.04.29 21:04:46 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Eigene Dateien
[2012.04.29 21:04:46 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Druckumgebung
[2012.04.29 21:04:46 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies
[2012.04.29 21:04:46 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Anwendungsdaten
[2012.04.29 21:04:45 | 000,000,000 | R--D | C] -- C:\Users\Admin\Videos
[2012.04.29 21:04:45 | 000,000,000 | R--D | C] -- C:\Users\Admin\Pictures
[2012.04.29 21:04:45 | 000,000,000 | R--D | C] -- C:\Users\Admin\Music
[2012.04.29 21:04:45 | 000,000,000 | R--D | C] -- C:\Users\Admin\Links
[2012.04.29 21:04:45 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites
[2012.04.29 21:04:45 | 000,000,000 | R--D | C] -- C:\Users\Admin\Downloads
[2012.04.29 21:04:45 | 000,000,000 | R--D | C] -- C:\Users\Admin\Documents
[2012.04.29 21:04:45 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop
[2012.04.29 21:04:45 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData
[2012.04.29 21:04:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\Saved Games
[2012.04.29 20:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.04.29 20:51:24 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.04.29 20:51:24 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.04.29 20:51:22 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.04.29 20:51:20 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.04.29 20:51:17 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.04.29 20:51:15 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.04.29 20:51:14 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.04.29 20:51:00 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.04.29 20:51:00 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.04.29 20:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.04.27 08:35:49 | 000,000,000 | ---D | C] -- C:\Windows\system64
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.04 15:45:13 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.05.04 15:42:13 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.04 15:42:13 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.04 15:39:59 | 001,492,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.04 15:39:59 | 000,651,996 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.04 15:39:59 | 000,614,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.04 15:39:59 | 000,129,036 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.04 15:39:59 | 000,105,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.04 15:35:26 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.04 15:35:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.04 15:34:52 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.03 22:16:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\PrintProjects Communicator.job
[2012.05.03 22:13:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.03 17:21:15 | 000,003,344 | ---- | M] () -- C:\bootsqm.dat
[2012.05.02 16:10:08 | 000,711,240 | ---- | M] () -- C:\Windows\is-VS5LU.exe
[2012.05.02 16:10:08 | 000,012,782 | ---- | M] () -- C:\Windows\is-VS5LU.msg
[2012.05.02 16:10:08 | 000,000,439 | ---- | M] () -- C:\Windows\is-VS5LU.lst
[2012.05.01 21:18:22 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012.04.29 20:51:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.05.03 17:21:15 | 000,003,344 | ---- | C] () -- C:\bootsqm.dat
[2012.05.03 17:21:15 | 000,003,344 | ---- | C] () -- \bootsqm.dat
[2012.05.02 16:10:08 | 000,711,240 | ---- | C] () -- C:\Windows\is-VS5LU.exe
[2012.05.02 16:10:08 | 000,012,782 | ---- | C] () -- C:\Windows\is-VS5LU.msg
[2012.05.02 16:10:08 | 000,000,439 | ---- | C] () -- C:\Windows\is-VS5LU.lst
[2012.04.29 20:51:14 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011.07.14 15:41:34 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.14 15:41:32 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.07.14 15:41:32 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.04.14 21:33:02 | 000,402,432 | ---- | C] () -- C:\Windows\SysWow64\C4fox.dll
[2011.04.14 21:33:02 | 000,314,368 | ---- | C] () -- C:\Windows\SysWow64\Mdi32kh.dll
[2011.04.14 21:33:02 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\Mview.dll
[2011.01.31 13:56:28 | 001,575,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.07 20:41:35 | 000,000,177 | -H-- | C] () -- \dvmexp.idx
[2010.11.07 04:19:58 | 3219,791,872 | -HS- | C] () -- \hiberfil.sys
[2010.11.07 00:46:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.07 00:42:53 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.11.06 21:45:07 | 000,037,173 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.11.06 21:36:27 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.11.06 21:36:27 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.11.06 21:29:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.11.06 21:29:50 | 000,029,940 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== LOP Check ==========
 
[2012.04.29 21:04:46 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Anwendungsdaten
[2012.04.29 21:04:46 | 000,000,000 | -H-D | M] -- C:\Users\Admin\AppData
[2012.04.29 21:04:46 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Cookies
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Desktop
[2012.04.29 21:04:46 | 000,000,000 | R--D | M] -- C:\Users\Admin\Documents
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Downloads
[2012.04.29 21:04:46 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Druckumgebung
[2012.04.29 21:04:46 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Eigene Dateien
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Favorites
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Links
[2012.04.29 21:04:46 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Lokale Einstellungen
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Music
[2012.04.29 21:04:46 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Netzwerkumgebung
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Pictures
[2012.04.29 21:04:46 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Recent
[2009.07.14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\Saved Games
[2012.04.29 21:04:46 | 000,000,000 | -HSD | M] -- C:\Users\Admin\SendTo
[2012.04.29 21:04:46 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Startmenü
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Videos
[2012.04.29 21:04:46 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Vorlagen
[2010.11.06 21:25:39 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2010.11.06 21:41:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\ASUS OC Profiles
[2012.04.29 20:50:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVAST Software
[2010.11.06 23:18:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite
[2010.11.06 23:18:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Pro
[2010.11.06 23:49:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\DassaultSystemes
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2010.11.06 21:25:39 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2010.11.06 21:25:39 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2011.01.27 16:38:24 | 000,000,000 | ---D | M] -- C:\Users\All Users\ICQ
[2011.10.19 11:34:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\kds_kodak
[2010.12.28 17:26:12 | 000,000,000 | ---D | M] -- C:\Users\All Users\KONAMI
[2011.12.31 15:53:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\PrintProjects
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2010.11.06 21:25:39 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2010.12.27 17:22:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2011.10.13 19:14:11 | 000,000,000 | ---D | M] -- C:\Users\All Users\TerraTec
[2011.12.17 19:18:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\Visan
[2010.11.06 21:25:39 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2011.01.15 14:28:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.11.06 21:25:39 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009.07.14 05:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2010.11.06 21:25:39 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2010.11.06 21:25:39 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2010.11.06 21:25:39 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2010.11.06 21:25:39 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2010.11.06 21:25:39 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009.07.14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2010.11.06 21:25:39 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2010.11.06 21:25:39 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2012.04.29 21:04:55 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2010.11.06 21:25:39 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009.07.14 04:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2010.12.22 20:10:07 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2011.05.14 18:56:00 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2011.01.31 13:41:12 | 000,000,000 | ---D | M] -- C:\Users\Tim\.VirtualBox
[2010.11.06 21:26:04 | 000,000,000 | -HSD | M] -- C:\Users\Tim\Anwendungsdaten
[2010.11.06 21:26:04 | 000,000,000 | -H-D | M] -- C:\Users\Tim\AppData
[2012.02.17 00:33:24 | 000,000,000 | R--D | M] -- C:\Users\Tim\Contacts
[2010.11.06 21:26:04 | 000,000,000 | -HSD | M] -- C:\Users\Tim\Cookies
[2012.05.01 22:34:50 | 000,000,000 | R--D | M] -- C:\Users\Tim\Desktop
[2012.03.13 18:45:43 | 000,000,000 | R--D | M] -- C:\Users\Tim\Documents
[2012.05.02 22:55:46 | 000,000,000 | R--D | M] -- C:\Users\Tim\Downloads
[2012.04.30 00:37:50 | 000,000,000 | R--D | M] -- C:\Users\Tim\Dropbox
[2010.11.06 21:26:04 | 000,000,000 | -HSD | M] -- C:\Users\Tim\Druckumgebung
[2011.02.21 20:33:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\EasternGraphics
[2010.11.06 21:26:04 | 000,000,000 | -HSD | M] -- C:\Users\Tim\Eigene Dateien
[2011.02.21 21:00:55 | 000,000,000 | ---D | M] -- C:\Users\Tim\eTeks
[2012.02.17 00:33:24 | 000,000,000 | R--D | M] -- C:\Users\Tim\Favorites
[2011.03.28 19:22:34 | 000,000,000 | ---D | M] -- C:\Users\Tim\helden
[2011.04.04 20:28:54 | 000,000,000 | ---D | M] -- C:\Users\Tim\hilfetexte
[2011.04.10 20:05:13 | 000,000,000 | ---D | M] -- C:\Users\Tim\hintergruende
[2012.02.17 00:33:24 | 000,000,000 | R--D | M] -- C:\Users\Tim\Links
[2010.11.06 21:26:04 | 000,000,000 | -HSD | M] -- C:\Users\Tim\Lokale Einstellungen
[2012.02.17 00:33:24 | 000,000,000 | R--D | M] -- C:\Users\Tim\Music
[2010.11.06 21:26:04 | 000,000,000 | -HSD | M] -- C:\Users\Tim\Netzwerkumgebung
[2012.02.17 00:33:24 | 000,000,000 | R--D | M] -- C:\Users\Tim\Pictures
[2011.03.28 19:22:05 | 000,000,000 | ---D | M] -- C:\Users\Tim\plugins
[2010.11.06 21:26:04 | 000,000,000 | -HSD | M] -- C:\Users\Tim\Recent
[2012.02.14 22:28:46 | 000,000,000 | ---D | M] -- C:\Users\Tim\riotsGamesLogs
[2012.02.17 00:33:24 | 000,000,000 | R--D | M] -- C:\Users\Tim\Saved Games
[2012.02.17 00:33:24 | 000,000,000 | R--D | M] -- C:\Users\Tim\Searches
[2010.11.06 21:26:04 | 000,000,000 | -HSD | M] -- C:\Users\Tim\SendTo
[2010.11.06 21:26:04 | 000,000,000 | -HSD | M] -- C:\Users\Tim\Startmenü
[2012.04.30 00:37:43 | 000,000,000 | ---D | M] -- C:\Users\Tim\Tracing
[2012.02.17 00:33:24 | 000,000,000 | R--D | M] -- C:\Users\Tim\Videos
[2010.11.06 21:26:04 | 000,000,000 | -HSD | M] -- C:\Users\Tim\Vorlagen
[2012.05.03 22:16:00 | 000,000,300 | ---- | M] () -- C:\Windows\Tasks\PrintProjects Communicator.job
[2012.02.28 16:31:24 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.02 16:12:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2012.04.29 21:04:47 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2012.01.01 17:26:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Temp
 
< %APPDATA%\*.exe /s >
[2012.01.01 17:26:52 | 000,800,824 | ---- | M] (Microsoft Corporation) -- C:\Users\Admin\AppData\Roaming\DPInst.exe
[2012.01.01 17:26:52 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Users\Admin\AppData\Roaming\gacutil.exe
[2012.01.01 17:26:52 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Users\Admin\AppData\Roaming\PnPutil.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\system64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.23 17:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Program Files\MATLAB\R2010a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\system64\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\system64\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\system64\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
         

Alt 04.05.2012, 16:07   #14
koestertim
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



der zweite teil:
Code:
ATTFilter
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\system64\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\system64\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\system64\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\system64\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
         

Alt 04.05.2012, 19:44   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=60348991-2c0d-11e1-b200-20cf30e13a22&q={searchTerms}
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\..\SearchScopes\{6B6D9671-BB9D-4BCF-B60B-682CE5791847}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=60348991-2c0d-11e1-b200-20cf30e13a22&q={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=sm&tb_ver=1.1.8&q="
FF - prefs.js..network.proxy.ftp: "213.170.47.244"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "213.170.47.244"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "213.170.47.244"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "213.170.47.244"
FF - prefs.js..network.proxy.ssl_port: 80
FF - user.js - File not found
[2011.03.10 12:58:55 | 000,002,342 | ---- | M] () -- \Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mcyji42f.default\searchplugins\icq-search.xml
[2011.03.24 21:30:23 | 000,000,950 | ---- | M] () -- \Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mcyji42f.default\searchplugins\icqplugin.xml
[2011.12.21 21:53:14 | 000,000,792 | ---- | M] () -- \Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mcyji42f.default\searchplugins\startsear.xml
[2012.04.29 21:44:19 | 000,002,102 | ---- | M] () -- \Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mcyji42f.default\searchplugins\suche.xml
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL File not found
O3:64bit: - HKU\S-1-5-21-3779999737-2682174491-3117732128-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 13:06:42 | 000,000,053 | ---- | M] () - I:\AUTORUN.INF -- [ FAT ]
[2012.05.03 17:19:07 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.04.27 08:35:49 | 000,000,000 | ---D | C] -- C:\Windows\system64
:Files
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Geändert von cosinus (04.05.2012 um 19:52 Uhr)

Antwort

Themen zu Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
adobe, autorun, bho, bonjour, computer, email, error, fehlermeldung, firefox, flash player, format, google earth, home, infizierte, install.exe, installation, launch, logfile, realtek, registry, remote control, rundll, scan, security, security scan, software, stick, temp, usb, usb 3.0, vdeck.exe, verschlüsselungs trojaner, version=1.0, virus/trojaner, windows, windows verschlüsselungs trojaner



Ähnliche Themen: Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)


  1. Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (13)
  2. GVU-Trojaner 2.07 / Windows 7 64bit
    Log-Analyse und Auswertung - 06.09.2012 (13)
  3. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  4. windows verschlüsselungs trojaner-sofortiger TRojaner hinweis
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (9)
  5. gvu trojaner 2.07 auf windows 7 64bit
    Log-Analyse und Auswertung - 30.07.2012 (3)
  6. Verschlüsselungs-Trojaner Generic VB.iv (neuverlieben.de) 64bit Windows 7
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (7)
  7. Verschlüsselungs Trojaner Windows 7 64bit --> Fortsetzung
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  8. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  9. EXP/CVE-2010-0840.EO (evtl. Verschlüsselungs/BKA-Trojaner)
    Log-Analyse und Auswertung - 13.06.2012 (7)
  10. windows verschlüsselungs Flirtfever-Trojaner, Windows XP
    Log-Analyse und Auswertung - 13.06.2012 (1)
  11. windows verschlüsselungs trojaner, OTL.txt im Anhang, Windows XP
    Log-Analyse und Auswertung - 08.06.2012 (2)
  12. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  13. Verschlüsselungs Trojaner Windows 7 64bit
    Log-Analyse und Auswertung - 25.05.2012 (7)
  14. Windows-Verschlüsselungs-Trojaner unter Windows XP
    Log-Analyse und Auswertung - 16.05.2012 (9)
  15. Windows-Verschlüsselungs Trojaner Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (10)
  16. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  17. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)

Zum Thema Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Hallo ihr fleißigen Helfer, mein Computer wurde heute von einem Virus/Trojaner oder soetwas befallen. Kurz nachdem ich ein Word Dokument (Anhang einer Email) geöffnet habe wurde der Bildschrim fast komplett - Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)...
Archiv
Du betrachtest: Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.