Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: S.M.A.R.T HDD Virus entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.07.2012, 16:16   #1
J_Jones1302
 
S.M.A.R.T HDD Virus entfernen - Standard

S.M.A.R.T HDD Virus entfernen



Hallo zusammen,

habe mir anscheinend gestern den "Smart HDD" eingefangen und auch schon die in diesem Forum vorzufindende Anleitung benutzt, aber leider ohne Erfolg.
Um jetzt vielleicht bessere Ergebnisse zu erzielen, wende ich mich nun an Euch . Ich habe auch schon das "OTL"-Programm laufen lassen und
werde die zwei entstandenen Logfiles an die Nachricht anhängen.
Es wäre toll, wenn ihr mir helfen könntet, hänge leider schon den halben Tag an der bis jetzt misslungenen Problembeseitigung.

Danke schonmal im Voraus!

OTL Extras logfile created on: 07.07.2012 16:10:09 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Philipp\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,87 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 74,82% Memory free
7,73 Gb Paging File | 6,90 Gb Available in Paging File | 89,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 392,93 Gb Free Space | 65,92% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 595,94 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive H: | 100,00 Mb Total Space | 71,81 Mb Free Space | 71,82% Space Free | Partition Type: NTFS

Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12550C6E-9807-4162-AEF2-7677F41A57DA}" = rport=137 | protocol=17 | dir=out | app=system |
"{1565F5B8-D38B-4E23-9E27-FD90477BBAD0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D803A6B-BE6B-4896-B62F-0F61C97C8695}" = rport=445 | protocol=6 | dir=out | app=system |
"{20800252-122C-4AC1-84B6-51757091FB4D}" = lport=445 | protocol=6 | dir=in | app=system |
"{37E1F924-E2FA-418C-8D8B-3BAAE3D4848F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{399108FF-4DDC-4345-865A-BB48DF7CB0A3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54602850-8238-41ED-ADF2-D8C319010F68}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59290054-BDAE-4454-881C-E5B9972716A8}" = rport=139 | protocol=6 | dir=out | app=system |
"{600428A9-7009-4ACE-931D-4F485723C7D6}" = rport=138 | protocol=17 | dir=out | app=system |
"{72F26C60-5535-4451-A7CD-08B1A010DA81}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 |
"{77D73CA9-470E-4F28-8055-8CF106C04924}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88EE5A78-11DA-40AB-AE23-5AC583031F82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BF83052-4450-4E28-BB30-C72D6384FB9D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CA3D4A9-6654-4F59-9BF1-C2FFBF99F5A3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A0AD26B2-013A-4E5C-A228-8C21F3581854}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A537308B-B8EB-4E78-BA56-4B8421D3A585}" = lport=138 | protocol=17 | dir=in | app=system |
"{AA2C9F3F-A249-4A27-A7B7-994D98FAE061}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB854713-BF39-4F43-88CE-008440E9511A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD37D1C0-E1E6-4978-AA14-400E4890DFBE}" = lport=139 | protocol=6 | dir=in | app=system |
"{B0D85C04-DC3D-44F8-BC16-A1774E8F4C4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3A728A9-6FF6-4D5F-85F4-1C5EF2F05EFB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BBD0557C-3A0F-4D4F-8299-890EEDD33193}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBE49607-8B48-47EA-AF7C-E09D2EDA396C}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 |
"{DF437E72-F156-4828-B8C6-64C82F02A562}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DF8B8D8D-6C8B-4647-B61C-664982971D4C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E32405B1-5B73-4F91-95C1-13DA0109E9F7}" = lport=137 | protocol=17 | dir=in | app=system |
"{EA83923E-8F4D-4903-AF19-6E17EC091F5E}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0086B692-2DE5-41CC-901F-40F7780A194A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{071B2BAC-AB5A-43F1-8A64-5EE06B04B5E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D949740-F5D8-4709-95F7-4E86466BA91F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1EC12AB2-12AE-4D2F-925A-9990145C69FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EC98D0A-0780-4329-958B-1AAB2786EC16}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{21D1668A-97A0-4F71-AD28-28FC877B393D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32033BE8-15FC-4371-A528-C9020E55B3F2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{47EE1660-24D0-4CED-8EF7-E8C90CEA3D95}" = dir=in | app=c:\program files (x86)\rapidsolution\audials 9\audials.exe |
"{60AA2302-4EA7-4133-B03A-CFFC850F3653}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{65F8EF2C-A931-48ED-AAF7-6E8098C086E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A74420F-0A40-45D0-A273-837C4C07A248}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F7D4EBC-19F6-4299-82AC-D935CB85228E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{737FDAAE-AFE8-439B-BE7C-CE9C973E82C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7380F069-4DDF-4D81-BBFB-1E796A8436CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7476CFBB-32A9-4A91-A0A7-3FB76C1C751F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78D7D200-CB25-4BB4-B618-F1AFA4B9ED4A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{86E45785-132B-45C6-A3EA-30C642BFA93C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8B075BC6-C546-4CAC-ADB5-C14638958A0A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8C43F08F-5BAC-435D-9A13-A5AD9DE40AF3}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{8F03FBCE-E9C4-4621-9BD8-4C70054FC26A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A034F8E6-BD0A-45E6-82C7-0A7BBA6A7E58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AAD4B5A7-2EB5-42ED-BF64-439C5FA53415}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ACA79145-EA4C-40C9-A220-A6D00D439709}" = protocol=6 | dir=out | app=system |
"{B2F452F7-6F6F-407E-8698-293FBA3D64B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B889676B-07B2-45DA-B847-8DE7203AFAFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CC391CE8-AD01-433F-8A90-C90F19DC53C3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D16B2CFB-FBB2-4397-AD43-E023591EC235}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D2BBCDAC-FF80-4C87-A9E1-ED5E1812F80F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DA2B40BD-0365-4F72-8F08-81FACA6E52E7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E08D0C2C-750F-490D-AE6A-DCE20FC8696A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E4CC6133-A6CA-474C-8984-CA26A22662D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7CE945F-CB9F-4B57-9D70-EAF5DF508BF0}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{FC17285E-8480-4823-9CB1-34A1A09035A8}" = dir=in | app=c:\users\philipp\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{0493141C-98A6-49AD-9657-7428836B5FEC}C:\program files (x86)\adidas\micoach manager\micoachmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adidas\micoach manager\micoachmanager.exe |
"TCP Query User{68202DB0-CE16-4581-94AE-9E5A5EB3F0DE}C:\program files (x86)\adidas\micoach manager\micoachmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adidas\micoach manager\micoachmanager.exe |
"TCP Query User{ACB8AC06-3816-4421-BA47-2307A1112E84}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{D4BAA963-D11F-4B56-A5A8-906F423BF6C6}C:\program files (x86)\tensons\download accelerator manager\mgrabber.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tensons\download accelerator manager\mgrabber.exe |
"UDP Query User{01C5199F-E133-4995-8B8D-3DDE072E1919}C:\program files (x86)\tensons\download accelerator manager\mgrabber.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tensons\download accelerator manager\mgrabber.exe |
"UDP Query User{10F7CA78-B828-4970-B513-37087F7472D1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{81C01B8A-E9E3-4C8A-B572-AEC27BA34DC8}C:\program files (x86)\adidas\micoach manager\micoachmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adidas\micoach manager\micoachmanager.exe |
"UDP Query User{F66890C6-0A9A-42A8-B33C-C43A33887577}C:\program files (x86)\adidas\micoach manager\micoachmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adidas\micoach manager\micoachmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0D0EB043-73A9-B71E-BA0B-1F6126BD2524}" = Napster 5.0 Beta
"{0F931735-0098-4FF6-A49D-17882A294F51}" = Microsoft VC90 CRT + OMP
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}" = ICQ Sparberater
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DA078193-6951-49D6-9702-0E92B569E182}" = Audials
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"adidas miCoach Manager_is1" = miCoach Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"com.Rhapsody.Napster5" = Napster 5.0 Beta
"ESET Online Scanner" = ESET Online Scanner v3
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 5.0.3.1206
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Funkyplot_is1" = Funkyplot 1.1.0-pre1
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"IsoBuster_is1" = IsoBuster 2.8.5
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"phase-6" = phase-6 2.1.2.3a
"PhotoScape" = PhotoScape
"PSP Video 9" = PSP Video 9 6
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"UseNeXT_is1" = UseNeXT
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.10
"WinAVI DVD Ripper" = WinAVI DVD Ripper
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"XMedia Recode" = XMedia Recode 3.0.0.5
"YouTube Downloader App" = YouTube Downloader App 3.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"MediaJoin" = MediaJoin

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13.06.2012 06:53:18 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 06:53:18 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 06:53:19 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 06:53:19 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 06:53:19 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 06:53:19 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 06:53:19 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 06:53:19 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.06.2012 06:53:20 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 20.06.2012 09:20:34 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/9FAD91A6CE6AC6C50047C44EC9D4A50D92D84979.crt>.
Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. .

[ System Events ]
Error - 07.07.2012 10:00:33 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 07.07.2012 10:02:41 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 07.07.2012 10:02:41 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 07.07.2012 10:02:41 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 07.07.2012 10:07:41 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 07.07.2012 10:07:41 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 07.07.2012 10:07:41 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 07.07.2012 10:09:47 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 07.07.2012 10:09:47 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 07.07.2012 10:09:47 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068


< End of report >

OTL logfile created on: 07.07.2012 16:10:09 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Philipp\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,87 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 74,82% Memory free
7,73 Gb Paging File | 6,90 Gb Available in Paging File | 89,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 392,93 Gb Free Space | 65,92% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 595,94 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive H: | 100,00 Mb Total Space | 71,81 Mb Free Space | 71,82% Space Free | Partition Type: NTFS

Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Philipp\Desktop\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========

MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) Logitech QuickCam 3000(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D 61 C6 29 90 5D CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.autocompletepro.com/?si=10214&bi=400&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "ACPro"
FF - prefs.js..browser.search.defaultenginename: "ACPro"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.order.1: "ACPro"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.autocompletepro.com?si=10214&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Philipp\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.28 17:48:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.28 17:48:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.06.18 12:11:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2012.06.03 16:56:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2n7k3s8w.default\extensions
[2012.03.30 18:31:23 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2n7k3s8w.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.23 16:38:40 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2n7k3s8w.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.28 10:04:22 | 000,000,000 | -H-D | M] (Разпознаване на устройство Logitech) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2n7k3s8w.default\extensions\DeviceDetection@logitech.com
[2012.06.03 16:56:20 | 000,000,000 | -H-D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2n7k3s8w.default\extensions\support@predictad.com
[2012.07.02 21:52:55 | 000,000,950 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\searchplugins\icqplugin-1.xml
[2011.09.09 16:59:02 | 000,000,950 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\searchplugins\icqplugin-2.xml
[2011.09.16 18:16:45 | 000,000,950 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\searchplugins\icqplugin-3.xml
[2011.09.30 14:47:57 | 000,000,950 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\searchplugins\icqplugin-4.xml
[2011.10.01 10:05:17 | 000,000,950 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\searchplugins\icqplugin-5.xml
[2011.11.14 15:08:14 | 000,000,950 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\searchplugins\icqplugin-6.xml
[2011.08.28 11:33:45 | 000,001,056 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\searchplugins\icqplugin.xml
[2012.01.07 11:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.28 17:48:26 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.03 16:56:20 | 000,003,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml
[2012.06.28 17:48:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.28 17:48:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.28 17:48:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.28 17:48:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.28 17:48:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.28 17:48:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\64\AutocompletePro64.dll (SimplyGen)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Philipp\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [micoach] "C:\Program Files (x86)\adidas\miCoach Manager\miCoachManager.exe" /autostart File not found
O4 - HKCU..\Run: [miCoach Manager] C:\Program Files (x86)\adidas\miCoach Manager\SyncManager.exe (adidas)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [MoTclEWUtACM.exe] C:\ProgramData\MoTclEWUtACM.exe (JFF)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12184E8F-961F-4EF7-8E2D-5942233A646E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.07 15:54:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2012.07.07 15:17:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.07.07 15:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.07 10:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.07.07 10:38:06 | 000,000,000 | -H-D | C] -- C:\Users\Philipp\Documents\Anti-Malware
[2012.07.07 10:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.07.07 09:33:32 | 000,000,000 | -H-D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes
[2012.07.07 09:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.07 09:33:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.07 09:33:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2012.07.07 09:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.06 22:09:42 | 000,000,000 | -H-D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.07.06 22:09:28 | 000,251,640 | -H-- | C] (JFF) -- C:\ProgramData\GlWubSvLY8ymFc.exe
[2012.07.06 21:58:37 | 000,344,312 | -H-- | C] (JFF) -- C:\ProgramData\MoTclEWUtACM.exe
[2012.07.06 18:20:38 | 000,000,000 | -H-D | C] -- C:\Users\Philipp\AppData\Roaming\UseNeXT
[2012.07.06 18:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[2012.06.23 18:29:19 | 000,000,000 | -H-D | C] -- C:\Users\Philipp\AppData\Local\Macromedia
[2012.06.23 14:32:44 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.23 14:32:44 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.23 14:32:44 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.23 14:32:36 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.23 14:32:36 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.23 14:32:36 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.23 14:32:21 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.23 14:32:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.13 12:02:26 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 12:02:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.13 12:02:19 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.06.13 12:02:18 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.13 12:02:18 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.13 12:02:17 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.13 12:02:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.13 12:02:17 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.13 12:02:17 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.13 12:01:20 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.13 12:01:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.13 12:01:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.13 12:01:15 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.13 12:01:15 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.13 12:01:14 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.13 12:00:34 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.13 12:00:29 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 12:00:29 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.12 15:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.12 15:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.12 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.06.12 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2007.08.13 17:46:00 | 000,102,912 | -H-- | C] (Albert L Faber) -- C:\Users\Philipp\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | -H-- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Philipp\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | -H-- | C] (Un4seen Developments) -- C:\Users\Philipp\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | -H-- | C] (Un4seen Developments) -- C:\Users\Philipp\AppData\Local\bass.dll

========== Files - Modified Within 30 Days ==========

[2012.07.07 15:54:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2012.07.07 15:38:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.07 15:38:44 | 3113,574,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.07 15:28:50 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.07 15:28:50 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.07 15:19:46 | 000,000,936 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1394845363-2140404158-1724030329-1001UA.job
[2012.07.07 15:17:18 | 611,823,817 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.07 15:04:04 | 000,000,655 | -H-- | M] () -- C:\Users\Philipp\Desktop\Data_Recovery.lnk
[2012.07.07 15:04:04 | 000,000,160 | -H-- | M] () -- C:\ProgramData\-GlWubSvLY8ymFcr
[2012.07.07 15:04:04 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-GlWubSvLY8ymFc
[2012.07.07 15:04:01 | 000,000,256 | -H-- | M] () -- C:\ProgramData\GlWubSvLY8ymFc
[2012.07.07 08:59:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.06 22:09:28 | 000,251,640 | -H-- | M] (JFF) -- C:\ProgramData\GlWubSvLY8ymFc.exe
[2012.07.06 21:56:15 | 000,344,312 | -H-- | M] (JFF) -- C:\ProgramData\MoTclEWUtACM.exe
[2012.07.06 21:19:00 | 000,000,914 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1394845363-2140404158-1724030329-1001Core.job
[2012.07.06 19:03:44 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.06 19:03:44 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.06 19:03:44 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.06 19:03:44 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.06 19:03:44 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.06 18:20:35 | 000,001,861 | -H-- | M] () -- C:\Users\Philipp\Desktop\UseNeXT.lnk
[2012.07.01 12:33:41 | 000,338,387 | -H-- | M] () -- C:\Users\Philipp\Desktop\iberostar-sunny-beach-resort-pool.jpg
[2012.07.01 12:33:22 | 000,183,855 | -H-- | M] () -- C:\Users\Philipp\Desktop\iberostar-sunny-beach-resort-double-room.jpg
[2012.07.01 12:32:52 | 000,245,561 | -H-- | M] () -- C:\Users\Philipp\Desktop\SUNNY_B._GEN1-8.05.jpg
[2012.07.01 12:24:25 | 000,001,314 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.06.23 18:44:40 | 000,040,960 | -H-- | M] () -- C:\Users\Philipp\Desktop\photothumb.db
[2012.06.23 17:00:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.23 17:00:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.14 16:18:29 | 000,416,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 15:29:12 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012.07.07 15:17:18 | 611,823,817 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.07 15:04:04 | 000,000,655 | -H-- | C] () -- C:\Users\Philipp\Desktop\Data_Recovery.lnk
[2012.07.07 12:02:32 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.07.07 12:02:32 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
[2012.07.07 12:02:32 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\Logitech-Webkamera-Software.lnk
[2012.07.07 12:02:32 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.07 12:02:32 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2012.07.07 12:02:32 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2012.07.07 12:02:32 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.07.07 12:02:32 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.07 12:02:32 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.07.07 12:02:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.07.07 12:02:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.07.07 12:02:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.07.07 12:02:32 | 000,001,273 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
[2012.07.07 12:02:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.07.07 12:02:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.07.07 12:02:32 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.07 12:02:32 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\phase-6 premium.lnk
[2012.07.07 12:02:32 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Napster 5.0.lnk
[2012.07.07 12:02:31 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.07 12:02:31 | 000,000,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster 5.0.lnk
[2012.07.07 12:02:30 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.07.07 12:02:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.07.07 12:02:30 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.07.07 12:02:30 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.07.06 22:09:43 | 000,000,160 | -H-- | C] () -- C:\ProgramData\-GlWubSvLY8ymFcr
[2012.07.06 22:09:43 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-GlWubSvLY8ymFc
[2012.07.06 22:09:39 | 000,000,256 | -H-- | C] () -- C:\ProgramData\GlWubSvLY8ymFc
[2012.07.06 18:20:35 | 000,001,861 | -H-- | C] () -- C:\Users\Philipp\Desktop\UseNeXT.lnk
[2012.07.01 12:33:34 | 000,338,387 | -H-- | C] () -- C:\Users\Philipp\Desktop\iberostar-sunny-beach-resort-pool.jpg
[2012.07.01 12:33:20 | 000,183,855 | -H-- | C] () -- C:\Users\Philipp\Desktop\iberostar-sunny-beach-resort-double-room.jpg
[2012.07.01 12:32:51 | 000,245,561 | -H-- | C] () -- C:\Users\Philipp\Desktop\SUNNY_B._GEN1-8.05.jpg
[2012.04.12 17:33:51 | 000,001,472 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\RecConfig.xml
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.24 01:59:55 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.07.24 01:57:32 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.06.21 14:18:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.04.01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.04.01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2007.08.13 17:46:00 | 000,155,136 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\no23xwrapper.dll

========== LOP Check ==========

[2011.07.13 21:46:28 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\Canon
[2012.04.08 10:13:58 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\com.Rhapsody.Napster5
[2012.02.01 17:53:33 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft
[2011.07.23 16:38:39 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.09 15:18:55 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\ICQ
[2011.10.28 10:16:14 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech
[2011.08.29 11:56:26 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\Phase6
[2012.05.22 15:31:02 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\PhotoScape
[2011.07.18 21:48:27 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\Red Kawa
[2012.02.23 19:36:08 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\UDC Profiles
[2012.07.06 22:06:33 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\UseNeXT
[2011.07.23 13:53:18 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\WinAVI
[2012.06.03 16:47:41 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\XMedia Recode
[2012.07.06 21:19:00 | 000,000,914 | -H-- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1394845363-2140404158-1724030329-1001Core.job
[2012.07.07 15:19:46 | 000,000,936 | -H-- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1394845363-2140404158-1724030329-1001UA.job
[2012.03.01 18:23:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Alt 09.07.2012, 19:43   #2
markusg
/// Malware-holic
 
S.M.A.R.T HDD Virus entfernen - Standard

S.M.A.R.T HDD Virus entfernen



hi
du hast eset und Malwarebytes genutzt, logs verfügbar, dann posten bitte
__________________

__________________

Alt 10.07.2012, 10:33   #3
J_Jones1302
 
S.M.A.R.T HDD Virus entfernen - Standard

S.M.A.R.T HDD Virus entfernen



Hey,

Danke schonmal für deine Antwort.
Weil der Virus ja immer wieder meine Dateien versteckt, habe ich beide Scanner nochmal laufen lassen. Konnte nur durch das Programm Emsisoft den Quarantänebericht finden. Ich hänge nun die beiden neuen Berichte und den Bericht über die in die Quarantäne verschobenen Dateien an und verschiebe die gefundenen Viren in Quarantäne.

Quarantänebericht:
Emsisoft Anti-Malware v. 6.6.0.1
(C) 2003-2012 Emsisoft - Emsisoft Anti-Malware - Best antivirus and firewall to protect from viruses, bots, spyware, keyloggers, trojans, scareware and rootkits

ID Object
0 C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2f97c582-385383c9 Exploit.-!E2
1 C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\254547f7-3727ddfe Exploit.Java.CVE-2012!E2


Malwarebytes:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.10.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Philipp :: PHILIPP-PC [Administrator]

Schutz: Deaktiviert

10.07.2012 09:00:25
detail.php.txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 429548
Laufzeit: 43 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Philipp\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> Keine Aktion durchgeführt.

(Ende)

Emsisoft:
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 07.07.2012 10:41:38

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, H:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 10.07.2012 09:45:47

c:\users\philipp\appdata\roaming\microsoft\internet explorer\quick launch\data_recovery.lnk gefunden: Trace.File.datarecovery.b!E1
c:\users\philipp\desktop\data_recovery.lnk gefunden: Trace.File.datarecovery.b!E1

Gescannt 647914
Gefunden 2

Scan Ende: 10.07.2012 10:21:30
Scan Zeit: 0:35:43

Hier noch der nach der Löschung entstandene Log:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.10.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Philipp :: PHILIPP-PC [Administrator]

Schutz: Deaktiviert

10.07.2012 09:00:25
mbam-log-2012-07-10 (09-00-25).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 429548
Laufzeit: 43 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Philipp\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________

Alt 11.07.2012, 02:13   #4
markusg
/// Malware-holic
 
S.M.A.R.T HDD Virus entfernen - Standard

S.M.A.R.T HDD Virus entfernen



lade unhide:
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.07.2012, 09:02   #5
J_Jones1302
 
S.M.A.R.T HDD Virus entfernen - Standard

S.M.A.R.T HDD Virus entfernen



Sehr gut
Scheint auf den ersten Blick so, als ob es funktioniert hat.
DANKE!!
Hier noch die Log-File von Combofix:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-10.01 - Philipp 11.07.2012   7:09.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2338 [GMT 2:00]
ausgeführt von:: c:\users\Philipp\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\64\AutocompletePro64.dll
c:\program files (x86)\AutocompletePro\AutocompletePro.dll
c:\program files (x86)\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files (x86)\AutocompletePro\ChromeSetSearchInBrowser.exe
c:\program files (x86)\AutocompletePro\FireFoxExtension.exe
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
c:\programdata\GlWubSvLY8ymFc
c:\users\Philipp\AppData\Local\lame_enc.dll
c:\users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A89AC333-16FC-4EE1-BF70-F5D27AB20DDC}.xps
c:\users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DBFA9E63-04B8-4F47-8490-9AFC4472CACF}.xps
c:\users\Philipp\AppData\Local\no23xwrapper.dll
c:\users\Philipp\AppData\Local\ogg.dll
c:\users\Philipp\AppData\Local\Temp\{369237A6-EFF7-4FF5-A4FC-2768FFD3B6EA}\fpb.tmp
c:\users\Philipp\AppData\Local\vorbis.dll
c:\users\Philipp\AppData\Local\vorbisenc.dll
c:\users\Philipp\AppData\Local\vorbisfile.dll
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\Setup.log
c:\windows\TEMP\logishrd\LVPrcInj04.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-11 bis 2012-07-11  ))))))))))))))))))))))))))))))
.
.
2012-07-10 13:23 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FCD9C75-8337-4DA6-8F9A-303A89FA085E}\mpengine.dll
2012-07-07 13:10 . 2012-07-07 13:10	--------	d-----w-	c:\program files (x86)\ESET
2012-07-07 08:38 . 2012-07-11 05:14	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2012-07-07 07:33 . 2012-07-07 07:33	--------	d-----w-	c:\users\Philipp\AppData\Roaming\Malwarebytes
2012-07-07 07:33 . 2012-07-10 07:22	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-07 07:33 . 2012-07-07 07:33	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-07 07:33 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-06 16:20 . 2012-07-06 20:06	--------	d-----w-	c:\users\Philipp\AppData\Roaming\UseNeXT
2012-06-28 15:48 . 2012-06-28 15:48	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-28 15:48 . 2012-06-28 15:48	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-23 16:29 . 2012-06-23 16:29	--------	d-----w-	c:\users\Philipp\AppData\Local\Macromedia
2012-06-23 12:32 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-23 12:32 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-23 12:32 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-23 12:32 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-23 12:32 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-23 12:32 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-23 12:32 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-23 12:32 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-23 12:32 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-13 10:01 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 10:01 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-13 10:01 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-13 10:01 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-06-13 10:01 . 2012-05-04 11:06	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-06-13 10:01 . 2012-05-04 10:03	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 10:01 . 2012-05-04 10:03	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 10:00 . 2012-05-15 01:32	3146752	----a-w-	c:\windows\system32\win32k.sys
2012-06-13 10:00 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 10:00 . 2012-04-07 12:31	3216384	----a-w-	c:\windows\system32\msi.dll
2012-06-13 10:00 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2012-06-13 10:00 . 2012-04-24 05:37	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-13 10:00 . 2012-04-24 05:37	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-13 10:00 . 2012-04-24 05:37	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-06-13 10:00 . 2012-04-24 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-13 10:00 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-13 10:00 . 2012-04-24 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-12 13:28 . 2012-06-12 13:28	--------	d-----w-	c:\program files\iPod
2012-06-12 13:28 . 2012-06-12 13:29	--------	d-----w-	c:\program files\iTunes
2012-06-12 13:28 . 2012-06-12 13:29	--------	d-----w-	c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 15:00 . 2012-04-08 08:36	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 15:00 . 2011-06-18 10:14	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 05:04 . 2011-11-14 14:53	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-09 05:04 . 2011-11-14 14:53	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}]
2011-06-30 12:27	50240	----a-w-	c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"miCoach Manager"="c:\program files (x86)\adidas\miCoach Manager\SyncManager.exe" [2011-11-16 3801072]
"Facebook Update"="c:\users\Philipp\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-02 137536]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
phase-6 Reminder.lnk - c:\program files (x86)\phase-6\phase-6\reminder\reminder.exe [2011-8-10 1032192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-28 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-04-02 37480]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-06-17 3069752]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam 3000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-04-02 37480]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 15:00]
.
2012-07-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1394845363-2140404158-1724030329-1001Core.job
- c:\users\Philipp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 19:13]
.
2012-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1394845363-2140404158-1724030329-1001UA.job
- c:\users\Philipp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 19:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.autocompletepro.com/?si=10214&bi=400
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.autocompletepro.com?si=10214&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-micoach - c:\program files (x86)\adidas\miCoach Manager\miCoachManager.exe
AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1394845363-2140404158-1724030329-1001\Software\SecuROM\License information*]
"datasecu"=hex:a1,dc,69,ab,2b,8e,4e,aa,3f,14,73,90,20,d4,de,a2,37,6d,22,d4,4f,
   d5,72,dd,61,fc,04,86,ec,3a,cf,45,6e,c9,e3,94,a2,4e,39,0c,84,0c,4a,2a,52,79,\
"rkeysecu"=hex:31,c0,f4,62,e8,19,ad,29,f9,f1,40,58,f3,ab,5b,75
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-11  07:19:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-11 05:19
.
Vor Suchlauf: 15 Verzeichnis(se), 422.063.931.392 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 422.422.499.328 Bytes frei
.
- - End Of File - - C154839DC14313B890A23DD4A58F4B59
         
--- --- ---


Alt 11.07.2012, 18:51   #6
markusg
/// Malware-holic
 
S.M.A.R.T HDD Virus entfernen - Standard

S.M.A.R.T HDD Virus entfernen



lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
--> S.M.A.R.T HDD Virus entfernen

Antwort

Themen zu S.M.A.R.T HDD Virus entfernen
audacity, avira, bho, bonjour, converter, document, downloader, emsisoft, entfernen, entfernen or reparieren, error, excel, fehler, flash player, google, google earth, helper, home, install.exe, intranet, langs, limited.com/facebook, lws.exe, microsoft office word, mozilla, mp3, object, realtek, registry, scan, searchscopes, security, senden, sketchup, smart hdd entfernen, software, super, svchost.exe, trojaner, usenext, virus, virus entfernen, windows, youtube downloader



Ähnliche Themen: S.M.A.R.T HDD Virus entfernen


  1. V9 Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.08.2015 (11)
  2. Babylon toolbar entfernen, BrowserCompanion entfernen, DealPly entfernen, GinyasBrowserCompanions entfernen
    Log-Analyse und Auswertung - 17.12.2014 (9)
  3. Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (53)
  4. GVU Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (11)
  5. MOM.exe Virus entfernen?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (2)
  6. AKM Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (1)
  7. GVU 2.07 Virus entfernen
    Log-Analyse und Auswertung - 27.09.2012 (18)
  8. GVU-Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  9. GUV-Virus entfernen
    Log-Analyse und Auswertung - 09.07.2012 (3)
  10. Virus entfernen?
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  11. S.M.A.R.T. HDD Virus entfernen
    Log-Analyse und Auswertung - 30.04.2012 (1)
  12. S.M.A.R.T. HDD Virus entfernen
    Log-Analyse und Auswertung - 12.04.2012 (11)
  13. S.M.A.R.T. HDD Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (1)
  14. S.M.A.R.T. HDD Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (9)
  15. Virus entfernen?
    Log-Analyse und Auswertung - 27.12.2011 (1)
  16. Virus entfernen
    Log-Analyse und Auswertung - 03.04.2011 (1)
  17. Virus? Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 19.08.2008 (5)

Zum Thema S.M.A.R.T HDD Virus entfernen - Hallo zusammen, habe mir anscheinend gestern den "Smart HDD" eingefangen und auch schon die in diesem Forum vorzufindende Anleitung benutzt, aber leider ohne Erfolg. Um jetzt vielleicht bessere Ergebnisse zu - S.M.A.R.T HDD Virus entfernen...
Archiv
Du betrachtest: S.M.A.R.T HDD Virus entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.