Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: (2x) Verschlüsselungstrojaner! +OTL Dateien

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 13.06.2012, 16:18   #1
urml99
 
(2x) Verschlüsselungstrojaner! +OTL Dateien - Standard

(2x) Verschlüsselungstrojaner! +OTL Dateien



OTL Dateien:
OTL.txt:
OTL logfile created on: 13.06.2012 16:57:07 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,98 Gb Total Physical Memory | 14,30 Gb Available Physical Memory | 89,46% Memory free
31,96 Gb Paging File | 30,06 Gb Available in Paging File | 94,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 61,49 Gb Free Space | 55,05% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1038,32 Gb Free Space | 74,31% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 69,85 Mb Free Space | 69,85% Space Free | Partition Type: NTFS

Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.13 16:56:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.10 16:30:40 | 000,018,432 | ---- | M] () -- C:\Users\***\AppData\LocalLow\SumatraPDF\IE\SumatraPDFUpdater.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.05.12 16:50:03 | 001,990,656 | ---- | M] (CMedia) -- C:\Programme\ASUS Xonar D2X Audio\Customapp\AsusAudioCenter.exe
PRC - [2009.11.06 14:41:06 | 002,080,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008.07.11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011.04.19 14:56:58 | 000,143,360 | ---- | M] () -- C:\Programme\ASUS Xonar D2X Audio\Customapp\VmixP8.dll
MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.11.06 14:41:06 | 002,080,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
MOD - [2009.03.04 09:52:36 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\WlanDll.dll
MOD - [2008.12.29 17:13:24 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\KJLog.dll
MOD - [2008.07.11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.06.10 20:33:56 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.01 17:37:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.10 16:30:40 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\***\AppData\LocalLow\SumatraPDF\IE\SumatraPDFUpdater.exe -- (SumatraPDFUpdater)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 15:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2009.11.18 17:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 A4 BF C4 F5 46 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.10 14:05:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.10 14:07:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012.06.10 12:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.06.11 16:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***s\AppData\Roaming\mozilla\Firefox\Profiles\hj0c7nw7.default\extensions
[2012.06.10 12:53:53 | 000,000,000 | ---D | M] (SumatraPDF) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hj0c7nw7.default\extensions\sumatrapdf@kowalczyk.info
[2012.06.11 17:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.11 17:21:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.01 17:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SumatraPDF) - {EA58BBDF-F45C-4F28-8E52-CD5AA70D2C1E} - C:\Users\***\AppData\LocalLow\SumatraPDF\IE\SumatraPDF.dll (Krzysztof Kowalczyk)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] D:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3183A2EB-3602-42FC-91C7-78FBA3DB988A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.10 08:34:13 | 000,000,000 | RH-D | M] - D:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.11 18:56:03 | 018,685,560 | ---- | C] (Blizzard Entertainment) -- C:\Users\***\Desktop\Diablo III.exe
[2012.06.11 17:21:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype
[2012.06.11 17:21:37 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.06.11 17:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.06.11 16:50:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.06.10 20:56:10 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Diablo III
[2012.06.10 20:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.06.10 20:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2012.06.10 20:54:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nero
[2012.06.10 20:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.06.10 20:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012.06.10 20:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.06.10 20:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012.06.10 20:47:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.06.10 20:47:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.06.10 20:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012.06.10 20:06:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\fs_randec
[2012.06.10 14:20:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI
[2012.06.10 14:20:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI
[2012.06.10 14:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.06.10 14:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.06.10 14:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.06.10 14:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.06.10 14:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.06.10 14:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.06.10 14:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.06.10 14:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.06.10 14:15:43 | 000,000,000 | ---D | C] -- C:\AMD
[2012.06.10 14:13:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.06.10 14:13:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thunderbird
[2012.06.10 14:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.06.10 14:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.06.10 14:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.06.10 14:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.06.10 14:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.10 14:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.10 14:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.06.10 13:55:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2012.06.10 13:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2012.06.10 13:00:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ASUS
[2012.06.10 13:00:19 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.06.10 13:00:19 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.06.10 13:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.06.10 13:00:13 | 008,769,536 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CmiCnfgp.dll
[2012.06.10 13:00:13 | 000,465,408 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysNative\cmasiopx.dll
[2012.06.10 13:00:13 | 000,303,104 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\cmasiop.dll
[2012.06.10 13:00:13 | 000,217,088 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\HsSrv2.dll
[2012.06.10 13:00:13 | 000,217,088 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\HsSrv.dll
[2012.06.10 13:00:13 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\Cmpaoxy.dll
[2012.06.10 13:00:13 | 000,122,880 | ---- | C] (CMedia Electronics Inc.) -- C:\Windows\SysWow64\Cm_Oal.dll
[2012.06.10 13:00:13 | 000,122,880 | ---- | C] (CMedia Electronics Inc.) -- C:\Windows\SysNative\Cm_Oal.dll
[2012.06.10 13:00:13 | 000,121,856 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\HsSrv642.dll
[2012.06.10 13:00:13 | 000,121,856 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\HsSrv64.dll
[2012.06.10 13:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS Xonar D2X Audio
[2012.06.10 12:59:59 | 002,725,376 | ---- | C] (C-Media Inc) -- C:\Windows\SysNative\drivers\cmudaxp.sys
[2012.06.10 12:59:59 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\CmiFltr.dll
[2012.06.10 12:59:59 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\CmiFltr.dll
[2012.06.10 12:59:59 | 000,032,768 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysNative\cmudaxp.dll
[2012.06.10 12:59:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.06.10 12:55:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.06.10 12:55:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2012.06.10 12:55:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.06.10 12:55:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.06.10 12:53:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2012.06.10 12:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.06.10 12:29:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.10 12:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.10 12:29:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.10 12:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.10 12:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.06.10 12:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.06.10 12:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.06.10 12:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.06.10 12:23:13 | 000,000,000 | ---D | C] -- C:\OEMSettings
[2012.06.10 12:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.06.10 12:22:52 | 000,446,976 | ---- | C] (NETGEAR Inc. ) -- C:\Windows\SysNative\drivers\wg111v3.sys
[2012.06.10 12:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2012.06.10 12:22:36 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.06.10 12:22:36 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.06.10 12:15:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.06.10 12:15:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2012.06.10 12:15:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2012.06.08 12:16:47 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.06.08 11:21:20 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.08 11:21:20 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2012.06.08 11:21:20 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.06.08 11:21:14 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2012.06.08 11:21:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2012.06.08 11:21:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2012.06.08 11:21:11 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2012.06.08 11:21:11 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2012.06.08 11:21:11 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2012.06.08 11:21:11 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2012.06.08 11:21:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2012.06.08 11:21:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2012.06.08 11:21:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.06.08 11:21:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.06.08 11:21:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.06.08 11:17:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.06.08 11:17:31 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012.06.13 16:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.13 16:37:56 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 16:37:56 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 16:33:49 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.13 16:33:49 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.13 16:33:49 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.13 16:33:49 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.13 16:33:49 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.13 16:29:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.13 16:29:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.06.13 16:29:37 | 4280,184,830 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.11 16:53:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.10 20:47:38 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012.06.10 14:18:24 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.06.10 14:03:30 | 000,275,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.10 13:46:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.10 13:46:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.06.10 13:00:19 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.06.10 13:00:19 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.06.10 13:00:13 | 000,043,007 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012.06.10 13:00:13 | 000,000,946 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.imi
[2012.06.10 13:00:13 | 000,000,885 | ---- | M] () -- C:\Windows\System\Cmicnfgp.ini
[2012.06.10 13:00:13 | 000,000,142 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2012.06.10 12:51:34 | 000,000,094 | ---- | M] () -- C:\Users\***\Desktop\nbg_m.pls
[2012.06.10 12:35:56 | 000,000,048 | ---- | M] () -- C:\Users\***\AppData\Roaming\mbam.context.scan
[2012.06.10 12:29:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.10 12:22:52 | 000,002,073 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Setup-Assistent.lnk
[2012.06.10 12:22:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.06.08 11:19:08 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.06.08 11:19:08 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.06.07 21:48:12 | 018,685,560 | ---- | M] (Blizzard Entertainment) -- C:\Users\***
========== Files Created - No Company Name ==========

[2012.06.11 16:53:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.10 20:47:38 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012.06.10 14:18:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.06.10 13:55:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.06.10 13:46:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.10 13:46:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.06.10 13:00:13 | 001,144,983 | ---- | C] () -- C:\Windows\KB936225x64.msu
[2012.06.10 13:00:13 | 000,805,376 | ---- | C] () -- C:\Windows\SysNative\Cmeauoxy.exe
[2012.06.10 13:00:13 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CmiCnfgp.cpl
[2012.06.10 13:00:13 | 000,282,112 | ---- | C] () -- C:\Windows\System\HsMgr64.exe
[2012.06.10 13:00:13 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012.06.10 13:00:13 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012.06.10 13:00:13 | 000,043,007 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012.06.10 13:00:13 | 000,000,142 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2012.06.10 13:00:13 | 000,000,053 | ---- | C] () -- C:\Windows\SysNative\cmasiopx.ini
[2012.06.10 13:00:13 | 000,000,049 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2012.06.10 13:00:08 | 000,000,946 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012.06.10 13:00:06 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2012.06.10 13:00:06 | 000,004,977 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012.06.10 13:00:06 | 000,000,885 | ---- | C] () -- C:\Windows\System\Cmicnfgp.ini
[2012.06.10 13:00:06 | 000,000,593 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2012.06.10 12:55:21 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.10 12:51:34 | 000,000,094 | ---- | C] () -- C:\Users\***\Desktop\nbg_m.pls
[2012.06.10 12:35:56 | 000,000,048 | ---- | C] () -- C:\Users\***\AppData\Roaming\mbam.context.scan
[2012.06.10 12:29:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.10 12:22:52 | 000,002,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Setup-Assistent.lnk
[2012.06.10 12:22:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.06.08 11:21:21 | 000,001,405 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.06.08 11:21:20 | 000,001,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.08 11:17:31 | 4280,184,830 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012.06.10 13:00:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS
[2012.06.10 14:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2009.07.14 07:08:49 | 000,005,922 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >




Extras.txt:
OTL Extras logfile created on: 13.06.2012 16:57:07 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,98 Gb Total Physical Memory | 14,30 Gb Available Physical Memory | 89,46% Memory free
31,96 Gb Paging File | 30,06 Gb Available in Paging File | 94,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 61,49 Gb Free Space | 55,05% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1038,32 Gb Free Space | 74,31% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 69,85 Mb Free Space | 69,85% Space Free | Partition Type: NTFS

Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "f:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "f:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "f:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "f:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17E1A215-1531-4744-A277-6C1E40122776}" = lport=139 | protocol=6 | dir=in | app=system |
"{22901943-F5AC-4803-B62C-9E2C5CDF1267}" = rport=445 | protocol=6 | dir=out | app=system |
"{2BDDAF61-EB7D-47EA-A337-FD6377548CF9}" = lport=445 | protocol=6 | dir=in | app=system |
"{2DB399E7-640F-4801-BC83-9605B1292B96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32BB9F15-8FFF-4480-BAE9-3D184C326387}" = rport=138 | protocol=17 | dir=out | app=system |
"{41F6BEEC-006E-45FD-8A03-E50ADA6F761D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45DAA85A-1350-4B99-A65F-7E5F95E0DC2D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5B17199F-BB3B-4626-B944-1DDB0826C90D}" = rport=137 | protocol=17 | dir=out | app=system |
"{74A5A899-5137-4090-8E76-8E238E62B32D}" = lport=137 | protocol=17 | dir=in | app=system |
"{7C3670B7-5C9A-4921-AA97-19D7FA96E746}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{803B6B60-3975-4D35-B0FD-30892A4F70BF}" = rport=139 | protocol=6 | dir=out | app=system |
"{8522049B-2B90-4C62-9365-2372C7D2819E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8B56818E-350D-46F2-8154-9AE9CFEFA2F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{909FF450-7B58-4C70-97D4-153F6ABE29A2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9C566474-C688-4AA4-8F44-6E9F4E2FCF88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A058728B-D425-47E1-BD51-B742D97DCE8D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1CAF706-0FCA-48BD-AF0B-3D3BCDD39C6E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B037F9A6-ACDA-479A-9487-442E34988BE3}" = lport=138 | protocol=17 | dir=in | app=system |
"{B4A10760-7CBD-4D52-98C1-089324DDAD09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BE91FD4A-1106-46D4-8268-27D439D037EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC8DDF64-D6A3-4C60-A65F-81449799E314}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C71F972-E7A4-4B54-AE0C-D673764E7A5A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0E3AF874-F83F-47A0-92A7-4814E9965705}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15A30646-A213-4A4F-A552-BFECA9D92EA5}" = protocol=6 | dir=out | app=system |
"{165D752B-4094-4F6A-940A-6C60B72062E3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{2578E832-FF36-4C9B-8B87-6E288C0C3A26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AE65015-E04C-41E8-B9B0-AAD87051B888}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EF8C064-E3C8-4683-B05F-A73D62767AF1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{670C6105-E19E-47B2-8FA6-E034F89E2F62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8793C14D-3AA0-486A-A15C-529C33CC933B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{931025F8-CF80-4D69-956C-426791A04B8B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{95A06131-0513-4B1C-91FF-1F8FE479DEF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A760A54A-B0F5-4DC4-BB77-C2CDE6B0E4BC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AFB39A58-FA3B-4E48-BED6-B29F2D895C6A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B18FC8D6-618F-4EEE-95C6-B1AFC80256CB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BF6A86FE-AE9E-4291-B021-5C38C98024CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D5A27256-D221-400A-9EA5-4548140D280A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D83AAC1B-F511-48B9-950F-C5D3BBE97E7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DAF52ABD-2CE2-4A11-9E0A-E1EA8089A3FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E30CBF56-61AA-4C7A-9796-2747A3530D0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ED8E24A1-6660-455E-B2D2-EE09A2AD319C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB3CD971-DE88-4355-9CE4-EE2E0DA4B519}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4A18C8B3-24F5-4DFE-91AE-08930D61CF41}D:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe |
"TCP Query User{D844CBAF-37CE-4FC7-AE3F-3B908971DF99}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"UDP Query User{2E510292-3BA1-4D0A-98D6-931E5972A609}D:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe |
"UDP Query User{6A16EE84-A3E2-4ED1-A60C-2C858C941B3F}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"C-Media Oxygen HD Audio Driver" = ASUS Xonar D2X Audio Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.11 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6E2455-E318-4A60-9174-754D1BE5E7A4}" = Nero 11
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience)
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{CF9041ED-60C9-36ED-9DB9-F55AAD993865}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E7382773-CBE8-33A9-862E-C2337CD0F359}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"Mozilla Thunderbird 13.0 (x86 de)" = Mozilla Thunderbird 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"VLC media player" = VLC media player 2.0.1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13.06.2012 10:37:21 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:37:21 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:40:27 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:40:27 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:40:32 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:40:32 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:40:34 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:40:34 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:41:26 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 10:41:26 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

[ System Events ]
Error - 10.06.2012 08:01:31 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "UMVPFSrv" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.

Error - 10.06.2012 08:03:38 | Computer Name = ***C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%16405

Error - 10.06.2012 08:06:42 | Computer Name = *** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Internet Explorer 8 unter
Windows 7 für x64-basierte Systeme (KB2544521)

Error - 10.06.2012 08:06:42 | Computer Name = *** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
(KB2632503)

Error - 10.06.2012 08:06:42 | Computer Name = *** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für
Internet Explorer 8 für Windows 7 für x64-basierte Systeme (KB2598845)

Error - 10.06.2012 08:13:20 | Computer Name = *** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f020b fehlgeschlagen: SAMSUNG Electronics Co., Ltd. - Other hardware
- SAMSUNG Mobile USB Composite Device

Error - 10.06.2012 08:14:33 | Computer Name = *** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f020b fehlgeschlagen: SAMSUNG Electronics Co., Ltd. - Other hardware
- SAMSUNG Mobile USB Composite Device

Error - 10.06.2012 12:38:50 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?06.?2012 um 14:45:22 unerwartet heruntergefahren.

Error - 10.06.2012 13:39:37 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%1062

Error - 11.06.2012 12:48:35 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?06.?2012 um 18:46:41 unerwartet heruntergefahren.


< End of report >


Alt 15.06.2012, 18:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
(2x) Verschlüsselungstrojaner! +OTL Dateien - Standard

(2x) Verschlüsselungstrojaner! +OTL Dateien



Ein Strang reicht!!
=> http://www.trojaner-board.de/117262-...l-dateien.html
__________________

__________________

 

Themen zu (2x) Verschlüsselungstrojaner! +OTL Dateien
adobe, bho, error, explorer, fehler, firefox, flash player, format, helper, home, install.exe, installation, langs, logfile, mozilla, netgear, object, plug-in, programme, realtek, registry, rundll, scan, searchscopes, security, software, svchost.exe, udp, usb 2.0, windows



Ähnliche Themen: (2x) Verschlüsselungstrojaner! +OTL Dateien


  1. Verschlüsselungstrojaner- Dateien entschlüsseln
    Plagegeister aller Art und deren Bekämpfung - 09.03.2015 (4)
  2. Verschlüsselungstrojaner, jpg-Dateien 26kb größer
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (3)
  3. Dateien nach Verschlüsselungstrojaner entschlüsseln
    Überwachung, Datenschutz und Spam - 06.02.2013 (2)
  4. Infizierung Verschlüsselungstrojaner - Erzeugt Dateien ohne Endung
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (3)
  5. Der Verschlüsselungstrojaner mal wieder - Dateien wiederherstellen
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (44)
  6. Dateien vom Verschlüsselungstrojaner umbenannt und verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (1)
  7. Dateien verschlüsselt nach verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (1)
  8. Verschlüsselungstrojaner - Alle Dateien weg!
    Log-Analyse und Auswertung - 19.06.2012 (31)
  9. Verschlüsselungstrojaner! +OTL Dateien
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (5)
  10. Dateien entschlüsseln nach Verschlüsselungstrojaner funktioniert nicht
    Log-Analyse und Auswertung - 13.06.2012 (3)
  11. Verschlüsselungstrojaner - Dateien lassen sich nicht entschlüsseln
    Log-Analyse und Auswertung - 07.06.2012 (5)
  12. VerschlüsselungsTrojaner entfernt, Dateien immernoch verschlüsselt
    Log-Analyse und Auswertung - 01.06.2012 (1)
  13. Verschlüsselungstrojaner benennt Dateien um
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (2)
  14. Verschlüsselungstrojaner Dateien wiederherstellen
    Log-Analyse und Auswertung - 25.05.2012 (2)
  15. Welche Dateien verschlüsselt der Verschlüsselungstrojaner?
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (3)
  16. locked-Dateien - Verschlüsselungstrojaner?
    Log-Analyse und Auswertung - 03.05.2012 (1)
  17. Verschlüsselungstrojaner hat alle privaten Dateien umbenannt - was tun?
    Plagegeister aller Art und deren Bekämpfung - 26.04.2012 (1)

Zum Thema (2x) Verschlüsselungstrojaner! +OTL Dateien - OTL Dateien: OTL.txt: OTL logfile created on: 13.06.2012 16:57:07 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = - (2x) Verschlüsselungstrojaner! +OTL Dateien...
Archiv
Du betrachtest: (2x) Verschlüsselungstrojaner! +OTL Dateien auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.