Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)


Plagegeister aller Art und deren Bekämpfung: Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 27.04.2012, 23:32   #1
koestertim
 
Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Standard

Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)


Hallo ihr fleißigen Helfer,

mein Computer wurde heute von einem Virus/Trojaner oder soetwas befallen. Kurz nachdem ich ein Word Dokument (Anhang einer Email) geöffnet habe wurde der Bildschrim fast komplett Weiß. Nur oben stand "Die Navigation zu der Webseite wurde abgebrochen. ..." (sieht aus wie eine Fehlermeldung vom Internetexplorer)
In diesem Zustand kann ich nix machen ausser mit dem "Affengriff" dieses Menü öffnen. Allerdings kann ich dort den Task Manager nicht starten.
Auch in den verschiedenen abgesicherten Modi geht nichts.
Da ich einige Probleme beim Anmelden hatte, habe ich bereits nach einer Anleitung hier aus dem Forum (http://www.trojaner-board.de/100215-...tml#post671012) einen USB Stick mit OTLPE "gebastelt". Das Funktioniert auch soweit und ich kann den Scan über dieses Reatogo durchlaufen lassen. Heraus kommen folgende Logs:

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/28/2012 4:22:39 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.15 Mb Free Space | 74.15% Space Free | Partition Type: NTFS
Drive D: | 472.76 Gb Total Space | 356.78 Gb Free Space | 75.47% Space Free | Partition Type: NTFS
Drive E: | 458.66 Gb Total Space | 285.25 Gb Free Space | 62.19% Space Free | Partition Type: NTFS
Drive X: | 1.86 Gb Total Space | 1.52 Gb Free Space | 81.69% Space Free | Partition Type: FAT
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/09/28 21:51:08 | 000,203,264 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto] -- D:\Windows\System32\ini910u.dll -- (dlartl_n)
SRV - [2012/04/27 12:13:03 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/22 13:59:04 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/15 08:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 08:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/19 11:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto] -- D:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/07/14 09:41:41 | 000,107,832 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/07/14 09:41:32 | 000,066,872 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () [Auto] -- D:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/23 08:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- D:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/16 05:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto] -- D:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/01/31 13:51:49 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/12/10 09:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/12/01 08:39:06 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/28 22:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/28 21:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/08/16 06:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/05/30 23:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/26 21:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/26 21:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/23 08:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/02 07:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/02/08 03:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/12/21 21:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/03 11:25:10 | 000,193,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\V0330Vid.sys -- (V0330VID)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/11/16 13:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/01/02 07:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System] -- D:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
DRV:64bit: - [2007/07/12 15:38:10 | 000,042,016 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TTCinergyT2BDA.sys -- (TTCinergyT2) TerraTec Cinergy T² (BDA)
DRV - [2009/02/28 14:40:18 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/12/27 16:24:33] [Kernel | Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\Tim_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\Tim_ON_D\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Tim_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tim_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_2_202_233.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/25 03:52:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/21 15:53:13 | 000,000,000 | ---D | M]
 
[2012/01/25 03:52:49 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/08 15:28:18 | 000,000,000 | ---D | M] (Facebook Connect) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{9a4e42f4-ee19-467a-ad67-3c31ed29837b}
[2012/01/25 03:52:48 | 000,121,816 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/02 23:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 05:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- D:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012/01/25 03:52:47 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/25 03:52:47 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/25 03:52:47 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/25 03:52:47 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/25 03:52:47 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/25 03:52:47 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/03/29 11:21:51 | 000,001,395 | RHS- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 149.5.18.172 www.google-analytics.com.
O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.
O1 - Hosts: 149.5.18.172 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: (Facebook Connect) - {11DCAFD6-DDBA-4ADA-998B-996B7B691AE0} - D:\Users\Tim\AppData\Roaming\FBConnect\IE\FBConnect.dll (Facebook Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - File not found
O3:64bit: - HKU\Tim_ON_D\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O4:64bit: - HKLM..\Run: [C:\Windows\system32\V0330Ext.ax] D:\Windows\System32\V0330Ext.ax (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [EKAIO2StatusMonitor] D:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [itype] D:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] D:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BDRegion] D:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [C:\Windows\SysWOW64\V0330Ext.ax] D:\Windows\SysWOW64\V0330Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [Conime] File not found
O4 - HKLM..\Run: [HDAudDeck] D:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] D:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] D:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] D:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Six Engine] D:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TurboV EVO] D:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [V0330Mon.exe] D:\Windows\V0330Mon.exe (Creative Technology Ltd.)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Tim_ON_D..\Run: [Creative WebCam Tray] D:\Program Files (x86)\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
O4 - HKU\Tim_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Tim_ON_D..\Run: [Grid] D:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()
O4 - HKU\Tim_ON_D..\Run: [Remote Control Editor] D:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - HKU\Tim_ON_D..\Run: [Steam] E:\Spiele\KriegimNorden\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] D:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (C:\Windows\Temp\heubha\setup.exe) - D:\Windows\Temp\heubha\setup.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - C:\Windows\Temp\heubha\setup.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 13:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/04/27 12:13:01 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/27 11:30:13 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{83E92DF6-ABDC-469D-9588-D62E67A364A6}
[2012/04/27 11:30:01 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{AA77A1B0-193C-4C2F-A246-A8830D139A62}
[2012/04/27 02:35:52 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/27 02:35:49 | 000,000,000 | ---D | C] -- D:\Windows\system64
[2012/04/27 02:04:19 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{801DC3C3-B87A-4715-9E9B-D80DFBD5C4EA}
[2012/04/27 02:04:07 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{E2755D05-35C3-4082-9C61-43EDB096FFF4}
[2012/04/26 15:29:21 | 000,000,000 | ---D | C] -- D:\Users\Tim\Desktop\radio
[2012/04/26 11:05:58 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{76CF81CB-A077-4079-A07B-C6C3E3DF14B7}
[2012/04/26 11:05:46 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{C0040439-5FC5-4BBD-BB97-89A499D6913A}
[2012/04/26 04:16:02 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{9DB710D2-770E-4259-ACA2-6DF042036639}
[2012/04/26 04:15:47 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{C082A878-2ECD-4802-AF8E-EA1ADE358E91}
[2012/04/26 02:47:45 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{9D581E3F-8B3A-460B-AC58-C150D5AB20C8}
[2012/04/26 02:47:30 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{848229DB-B926-4422-BBDB-E5B5AAE73912}
[2012/04/25 03:09:42 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{6BC94234-6036-45E3-AE48-DA7BF2D237CE}
[2012/04/25 03:09:30 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{8A58A72D-7C0B-4B04-9B4C-3660A9FC86AF}
[2012/04/24 10:12:52 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{5FD44B3E-EA32-4222-8156-F8D6203419A9}
[2012/04/24 10:12:32 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{221C7044-9291-4975-B4FA-31E72BBFFF53}
[2012/04/24 01:48:01 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{C77969A4-FEC4-440E-8CBF-409C079DC8D4}
[2012/04/24 01:47:50 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{E9AF7F1E-47E1-483F-B123-7678F5E8CE40}
[2012/04/23 10:13:54 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{2AE25AF1-E077-4CB9-B22B-13D8EE502F11}
[2012/04/23 10:13:37 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{1BD2CE50-536F-47E3-9AD6-14C389BCDC1A}
[2012/04/23 03:33:28 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{016549C6-ECBE-4CD1-8C87-773AFCED5C82}
[2012/04/23 03:33:16 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{656337CE-D485-42C7-829A-767095B4A30A}
[2012/04/22 13:59:21 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{97486C6B-7784-4197-AFDC-CFD71035BF4F}
[2012/04/22 13:59:09 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{7B4A634C-94B1-45D0-887B-822CC1FC4433}
[2012/04/20 02:07:55 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{10B813A3-35FA-439E-918A-B9DEF0C6BA18}
[2012/04/20 02:07:41 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{A56ACC2D-A8E1-4A8E-8EDA-F2D94845C5B2}
[2012/04/19 16:52:37 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{ECEA2B6A-99C2-45C6-BB9F-726F7CD834C9}
[2012/04/19 16:52:24 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{98A9F589-7511-434B-9949-3B4BA6D3A265}
[2012/04/19 11:34:51 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{8CA3ED0C-EB01-4674-87E8-4FBD9CD4BFFE}
[2012/04/19 11:34:39 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{ADEE034D-5D19-4EE3-8F91-3582F901814F}
[2012/04/19 01:37:45 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{5CE7EF0F-7B6E-447D-9590-C6EC4974C14D}
[2012/04/19 01:37:33 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{49E5C818-1B6D-47F0-A971-8FFC7FEDFB82}
[2012/04/18 10:55:01 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{6486857A-F714-4BCA-BF8B-7FB79ABDE099}
[2012/04/18 10:54:47 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{63292166-F98E-476B-995C-68324E03DF7A}
[2012/04/18 03:03:49 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{C7708DDB-3BDA-48E8-8813-C043C0FEABE4}
[2012/04/18 03:03:35 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{E613C793-1939-4509-9DAD-E637EC6AA3FD}
[2012/04/17 13:36:23 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{0017441A-FEB3-403A-8D25-D069EE58FF72}
[2012/04/17 13:36:11 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{ABCAE68F-CA98-4AEA-9AFB-6450C975FFA8}
[2012/04/17 01:23:47 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{946D6132-F9DD-47B8-9010-5CBC2D0182A0}
[2012/04/17 01:23:32 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{E187FEC9-806C-43A3-9AC3-5CAFEF46668A}
[2012/04/16 13:46:00 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{606F1D37-16DF-4141-8B6E-175986904A88}
[2012/04/16 13:45:46 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{CD8B8BBE-0E1C-4DEB-AC94-49A96F6688F3}
[2012/04/16 02:58:42 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{2A036F31-B85B-4FD4-9926-3A253F80D03F}
[2012/04/16 02:58:30 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{8611B7F5-C6D3-44DE-96CA-E6F547534412}
[2012/04/15 07:35:10 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{77A520AE-0C35-46C0-A182-67FD32101C36}
[2012/04/15 07:34:55 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{165BC1C3-0BB2-4A66-82AA-15C010AD26CF}
[2012/04/14 08:13:45 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{18C0DDCC-2FC2-497B-9E86-DFB180E2D732}
[2012/04/14 08:13:33 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{D88AFB35-BF31-40CD-A4DB-2319D1E14357}
[2012/04/14 04:30:40 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{525F42FA-E268-4EFD-A382-E00B8ADBD44C}
[2012/04/14 04:30:28 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{C8716F35-E6CE-4EFD-A9B6-7FF0026756E8}
[2012/04/13 17:49:16 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{55A5DC7D-AF9D-45C6-9D73-F1E9DBBB9905}
[2012/04/13 17:49:04 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{C9217DEB-2D10-4DE3-967F-6DE7133C85C3}
[2012/04/13 13:55:20 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{BBA61206-8B5B-4715-B1AD-2F5DE56855EE}
[2012/04/12 15:53:43 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{D7695E10-5D67-495B-BAE3-502C24324777}
[2012/04/12 05:55:32 | 000,096,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2012/04/12 05:55:31 | 002,311,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2012/04/12 05:55:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012/04/12 05:55:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012/04/12 05:55:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2012/04/12 05:55:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2012/04/12 05:55:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2012/04/12 05:55:30 | 001,799,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2012/04/12 05:55:30 | 001,493,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2012/04/12 05:55:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2012/04/12 05:55:30 | 000,818,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2012/04/12 05:55:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2012/04/12 05:55:09 | 005,559,152 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe
[2012/04/12 05:55:08 | 003,968,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/12 05:55:08 | 003,913,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe
[2012/04/12 05:53:44 | 000,220,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wintrust.dll
[2012/04/12 05:53:44 | 000,172,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wintrust.dll
[2012/04/12 05:53:44 | 000,159,232 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\imagehlp.dll
[2012/04/12 05:53:44 | 000,081,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\imagehlp.dll
[2012/04/12 05:53:44 | 000,023,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\fs_rec.sys
[2012/04/12 03:53:18 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{C6A60153-951C-4F65-BB8A-59EE903C2176}
[2012/04/11 04:55:44 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{D844912A-D9E8-413F-97E0-0FECDCE4F745}
[2012/04/10 16:55:19 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{186CAB2D-7E69-4119-9B94-ED0123C665AE}
[2012/04/09 15:53:32 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{3716EF8D-673F-423C-B87E-F733B13281E4}
[2012/04/09 03:53:07 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{12FFB608-6418-4C5F-AE1A-FBD52A7C3C30}
[2012/04/08 14:37:14 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{76B136AE-8682-4B71-9188-24D365F61A7D}
[2012/04/04 17:06:14 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{6D44F035-C97E-4AF4-B9FD-346DAD6F7A35}
[2012/04/04 05:05:49 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{6BF544DB-8E3F-4A3F-80F6-0F901FEBC859}
[2012/04/03 14:19:19 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{F211B9F7-EE86-452B-8BD4-BDB1C014CAC9}
[2012/04/02 14:54:43 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{6A196D33-2E2A-4D90-B2DB-274CCD560789}
[2012/04/02 02:54:15 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{5A1D9B98-A6F7-4DAB-8448-FC4906E66DE6}
[2012/04/01 05:18:41 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{6865FE20-66AA-4E1D-A6CB-C87F3BB85E3D}
[2012/03/31 06:44:45 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{F446B152-6AF2-4805-A455-C389CE421F83}
[2012/03/30 11:54:16 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/30 11:54:04 | 000,000,000 | ---D | C] -- D:\Program Files\iTunes
[2012/03/30 11:54:04 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\iTunes
[2012/03/30 11:54:04 | 000,000,000 | ---D | C] -- D:\Program Files\iPod
[2012/03/30 11:25:34 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Einsteins DSA Tool
[2012/03/30 11:18:52 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft SQL Server Compact Edition
[2012/03/30 08:44:06 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{83F73B6E-76A7-450B-833F-9E7DAE97ACEA}
[2012/03/29 15:27:04 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Local\{66A01F83-8391-4738-B113-E73C0DBC1902}
[2012/03/29 12:13:46 | 000,000,000 | ---D | C] -- D:\Users\Tim\AppData\Roaming\Malwarebytes
[2012/03/29 12:13:40 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys
[2012/03/29 12:13:40 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2012/03/29 12:13:39 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware
[1 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/27 21:18:10 | 000,001,100 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/27 21:18:10 | 000,000,939 | ---- | M] () -- D:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe.lnk
[2012/04/27 21:17:41 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/04/27 21:17:33 | 3219,791,872 | -HS- | M] () -- D:\hiberfil.sys
[2012/04/27 15:29:15 | 000,000,000 | -HS- | M] () -- D:\Windows\System32\dds_trash_log.cmd
[2012/04/27 13:04:07 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/27 12:16:06 | 000,000,300 | ---- | M] () -- D:\Windows\tasks\PrintProjects Communicator.job
[2012/04/27 12:15:03 | 000,000,177 | -H-- | M] () -- D:\dvmexp.idx
[2012/04/27 12:13:03 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/27 12:13:03 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/27 12:13:01 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/27 12:13:00 | 000,001,104 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/27 12:12:04 | 000,017,136 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 12:12:04 | 000,017,136 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 12:10:37 | 001,557,274 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/27 12:10:37 | 000,673,634 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/04/27 12:10:37 | 000,624,320 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/04/27 12:10:37 | 000,135,650 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/04/27 12:10:37 | 000,111,250 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/04/26 02:48:35 | 000,001,051 | ---- | M] () -- D:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/26 02:48:17 | 000,001,015 | ---- | M] () -- D:\Users\Tim\Desktop\Dropbox.lnk
[2012/03/30 11:54:54 | 000,002,515 | ---- | M] () -- D:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/30 11:54:54 | 000,002,503 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/03/30 11:54:16 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/30 11:25:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Einsteins DSA Tool
[2012/03/29 11:21:51 | 000,001,395 | RHS- | M] () -- D:\Windows\System32\drivers\etc\hosts
[1 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/04/27 11:42:46 | 000,000,939 | ---- | C] () -- D:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe.lnk
[2012/04/27 02:36:54 | 000,000,000 | -HS- | C] () -- D:\Windows\System32\dds_trash_log.cmd
[2012/04/27 02:35:53 | 000,000,884 | ---- | C] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/23 13:18:12 | 1667,493,766 | ---- | C] () -- D:\Users\Tim\Desktop\Machete.mkv
[2011/07/14 09:41:34 | 000,107,832 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2011/07/14 09:41:32 | 000,682,280 | ---- | C] () -- D:\Windows\SysWow64\pbsvc.exe
[2011/07/14 09:41:32 | 000,066,872 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2011/07/02 08:05:54 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/04/14 15:33:02 | 000,402,432 | ---- | C] () -- D:\Windows\SysWow64\C4fox.dll
[2011/04/14 15:33:02 | 000,314,368 | ---- | C] () -- D:\Windows\SysWow64\Mdi32kh.dll
[2011/04/14 15:33:02 | 000,003,072 | ---- | C] () -- D:\Windows\SysWow64\Mview.dll
[2011/01/31 07:56:28 | 001,557,274 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/28 10:38:25 | 000,000,600 | ---- | C] () -- D:\Users\Tim\AppData\Roaming\winscp.rnd
[2010/11/06 18:46:39 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2010/11/06 18:42:53 | 000,002,857 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2010/11/06 15:45:07 | 000,037,173 | ---- | C] () -- D:\Windows\Ascd_log.ini
[2010/11/06 15:36:27 | 000,024,576 | R--- | C] () -- D:\Windows\SysWow64\AsIO.dll
[2010/11/06 15:36:27 | 000,013,440 | R--- | C] () -- D:\Windows\SysWow64\drivers\AsIO.sys
[2010/11/06 15:29:54 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2010/11/06 15:29:50 | 000,029,940 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/07/05 22:48:34 | 000,013,368 | R--- | C] () -- D:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/30 02:32:40 | 000,032,768 | R--- | C] () -- D:\Windows\DAODx.exe
[2008/12/01 13:32:32 | 000,362,029 | ---- | C] () -- D:\Windows\SysWow64\sqlite3.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelKorean.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelGerman.dll
[2008/04/28 06:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010/11/06 15:25:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2010/11/06 15:41:32 | 000,000,000 | ---D | M] -- D:\ProgramData\ASUS OC Profiles
[2010/11/06 17:18:43 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2010/11/06 17:18:25 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Pro
[2010/11/06 17:49:51 | 000,000,000 | ---D | M] -- D:\ProgramData\DassaultSystemes
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/11/06 15:25:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2010/11/06 15:25:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/01/27 10:38:24 | 000,000,000 | ---D | M] -- D:\ProgramData\ICQ
[2011/10/19 05:34:48 | 000,000,000 | ---D | M] -- D:\ProgramData\kds_kodak
[2010/12/28 11:26:12 | 000,000,000 | ---D | M] -- D:\ProgramData\KONAMI
[2011/12/31 09:53:52 | 000,000,000 | ---D | M] -- D:\ProgramData\PrintProjects
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/11/06 15:25:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2010/12/27 11:22:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/10/13 13:14:11 | 000,000,000 | ---D | M] -- D:\ProgramData\TerraTec
[2011/12/17 13:18:56 | 000,000,000 | ---D | M] -- D:\ProgramData\Visan
[2010/11/06 15:25:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2011/01/15 08:28:40 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/04/27 12:16:06 | 000,000,300 | ---- | M] () -- D:\Windows\Tasks\PrintProjects Communicator.job
[2012/02/28 10:31:24 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---


EXTRAS:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 4/28/2012 4:22:39 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.15 Mb Free Space | 74.15% Space Free | Partition Type: NTFS
Drive D: | 472.76 Gb Total Space | 356.78 Gb Free Space | 75.47% Space Free | Partition Type: NTFS
Drive E: | 458.66 Gb Total Space | 285.25 Gb Free Space | 62.19% Space Free | Partition Type: NTFS
Drive X: | 1.86 Gb Total Space | 1.52 Gb Free Space | 81.69% Space Free | Partition Type: FAT
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- D:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{22421266-50FE-48AF-A536-20AE32563B22}" = Oracle VM VirtualBox 3.2.12
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64
"{35B226DA-E3F6-21FD-31AB-0046C6E87043}" = ATI Problem Report Wizard
"{3DF2B8CD-072D-49F5-BCF8-1DB86B0DF632}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B0748C5-2E63-B954-8C3F-71918C599800}" = WMV9/VC-1 Video Playback
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{698EDD46-FC0B-926F-54DF-23B6BB20EDFC}" = AMD Drag and Drop Transcoding
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{852AFE33-BB5C-1A0A-586E-9402D9895992}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B45B5123-C009-F8B4-FE93-45B42C8A786F}" = ATI AVIVO64 Codecs
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CACBDC26-D504-49ED-3FEC-0CDDB3700240}" = ATI Catalyst Install Manager
"{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}" = Microsoft SQL Server Compact 4.0 x64 DEU
"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Creative VF0330" = Creative WebCam Vista/Live! Cam Chat (VF0330) Driver (1.12.01.00)
"Dassault Systemes B19_0" = Dassault Systemes Software B19
"MatlabR2010a" = MATLAB R2010a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{22421266-50FE-48AF-A536-20AE32563B22}" = Oracle VM VirtualBox 3.2.12
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64
"{35B226DA-E3F6-21FD-31AB-0046C6E87043}" = ATI Problem Report Wizard
"{3DF2B8CD-072D-49F5-BCF8-1DB86B0DF632}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B0748C5-2E63-B954-8C3F-71918C599800}" = WMV9/VC-1 Video Playback
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{698EDD46-FC0B-926F-54DF-23B6BB20EDFC}" = AMD Drag and Drop Transcoding
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{852AFE33-BB5C-1A0A-586E-9402D9895992}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B45B5123-C009-F8B4-FE93-45B42C8A786F}" = ATI AVIVO64 Codecs
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CACBDC26-D504-49ED-3FEC-0CDDB3700240}" = ATI Catalyst Install Manager
"{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}" = Microsoft SQL Server Compact 4.0 x64 DEU
"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Creative VF0330" = Creative WebCam Vista/Live! Cam Chat (VF0330) Driver (1.12.01.00)
"Dassault Systemes B19_0" = Dassault Systemes Software B19
"MatlabR2010a" = MATLAB R2010a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Tim_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Third Age - Total War 3.0 (Part 1of2)" = Third Age - Total War 3.0 (Part 1of2)
"Third Age - Total War 3.0 (Part 2of2)" = Third Age - Total War 3.0 (Part 2of2)
 
< End of report >
--- --- ---

Ich hatte vor kurzem schon einmal soetwas und hatte mir damals auf anraten eines Freundes Malwarebite heruntergeladen und durchlaufen lassen. Danach hatte alles wieder Funktioniert.

Meine Platte hat 2 Partitionen wobei auf der einen nur die Windows Installation sowie Programme die ich leicht wieder installieren kann sind. Macht es Sinn zuerst dort neu Windows zu Installieren und zu gucken ob auf der anderen Partition keine infizierten Dateien sind?

Achso ich bin Morgen den ganzen Tag nicht Zuhause und kann erst Sonntag wieder an dem Rechner etwas tun. Werde morgen trotzdem mal reinschauen und gucken ob ihr mir helfen könnt.

Gruß Tim

ich weiß es wird nicht gern gesehen aber ich wollt meinen Beitrag nochmal pushen...
jemand kann mir doch bestimmt helfen oder?

 

Themen zu Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
adobe, autorun, bho, bonjour, computer, email, error, fehlermeldung, firefox, flash player, format, google earth, home, infizierte, install.exe, installation, launch, logfile, plug-in, realtek, registry, remote control, rundll, scan, security, security scan, software, stick, temp, usb, usb 3.0, vdeck.exe, verschlüsselungs trojaner, version=1.0, virtualbox, virus/trojaner, windows, windows verschlüsselungs trojaner


« Windowsverschlüsselungstrojaner 4096er Verschlüsselung auf Vista | suisa Virus »


Ähnliche Themen: Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)


  1. Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (13)
  2. GVU-Trojaner 2.07 / Windows 7 64bit
    Log-Analyse und Auswertung - 06.09.2012 (13)
  3. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  4. windows verschlüsselungs trojaner-sofortiger TRojaner hinweis
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (9)
  5. gvu trojaner 2.07 auf windows 7 64bit
    Log-Analyse und Auswertung - 30.07.2012 (3)
  6. Verschlüsselungs-Trojaner Generic VB.iv (neuverlieben.de) 64bit Windows 7
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (7)
  7. Verschlüsselungs Trojaner Windows 7 64bit --> Fortsetzung
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  8. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  9. EXP/CVE-2010-0840.EO (evtl. Verschlüsselungs/BKA-Trojaner)
    Log-Analyse und Auswertung - 13.06.2012 (7)
  10. windows verschlüsselungs Flirtfever-Trojaner, Windows XP
    Log-Analyse und Auswertung - 13.06.2012 (1)
  11. windows verschlüsselungs trojaner, OTL.txt im Anhang, Windows XP
    Log-Analyse und Auswertung - 08.06.2012 (2)
  12. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  13. Verschlüsselungs Trojaner Windows 7 64bit
    Log-Analyse und Auswertung - 25.05.2012 (7)
  14. Windows-Verschlüsselungs-Trojaner unter Windows XP
    Log-Analyse und Auswertung - 16.05.2012 (9)
  15. Windows-Verschlüsselungs Trojaner Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (10)
  16. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  17. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) - Hallo ihr fleißigen Helfer, mein Computer wurde heute von einem Virus/Trojaner oder soetwas befallen. Kurz nachdem ich ein Word Dokument (Anhang einer Email) geöffnet habe wurde der Bildschrim fast komplett - Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)...
Archiv
Du betrachtest: Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131