Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.07.2012, 21:19   #1
LouisM
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



Hallo miteinander,

Avira Free Antivirus hat beim Systemstart heute morgen in einer DLL-Datei C:\Users\****\AppData\Roaming\cnemc.dll den Trojaner TR\Crypt.EPACK.Gen8 ausfindig gemacht, den Zugriff gesperrt und das Objekt in Quarantäne verschoben.

Eine voller Systemscan hat dann im Verzeichnis C:\Users\****\AppData\Local\Temp folgende Funde ans Tageslicht befördert:
meacrwxons.exe - TR\Vcaredrix.A.3
aemwrosxnc.exe - TR\Crypt.ZPACK.Gen8
und hat diese ebenfalls unter Quarantäne gestellt.

Ich bin mir nicht sicher, ob es sich um Falschmeldungen oder Befall handelt, Symptome, wie sie im Netz beschrieben sind, kann ich keine feststellen.

Hier nun die Logfiles von OTL

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 29.07.2012 21:52:46 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\****\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 44,71% Memory free
7,60 Gb Paging File | 5,35 Gb Available in Paging File | 70,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,95 Gb Total Space | 143,53 Gb Free Space | 48,17% Space Free | Partition Type: NTFS
Drive D: | 6,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 2,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: WOTAN | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.29 21:51:18 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2012.07.29 21:50:09 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe
PRC - [2012.07.23 13:06:21 | 011,078,520 | ---- | M] (TeamDrive Systems GmbH) -- C:\Program Files (x86)\TeamDrive 3\TeamDrive3.exe
PRC - [2012.06.29 15:59:30 | 008,180,224 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2012.06.06 14:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2012.06.06 14:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe
PRC - [2012.06.06 14:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.09 15:51:49 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 15:51:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 15:51:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.16 20:53:04 | 000,052,392 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntu-sso-login.exe
PRC - [2011.12.16 20:52:42 | 000,058,536 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe
PRC - [2011.12.16 20:52:07 | 000,053,928 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe
PRC - [2011.10.11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.07.22 08:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009.05.12 18:50:32 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
PRC - [2009.05.12 18:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.29 21:50:09 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe
MOD - [2011.12.16 20:53:04 | 000,052,392 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntu-sso-login.exe
MOD - [2011.12.16 20:52:42 | 000,058,536 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe
MOD - [2011.12.16 20:52:07 | 000,053,928 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.09.13 18:30:08 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32_crypto.pyd
MOD - [2011.08.02 19:01:16 | 000,468,992 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\PyQt4.QtNetwork.pyd
MOD - [2011.08.02 18:59:34 | 005,688,832 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\PyQt4.QtGui.pyd
MOD - [2011.08.02 18:48:42 | 001,608,704 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\PyQt4.QtCore.pyd
MOD - [2011.08.02 18:41:40 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\sip.pyd
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.05.15 20:20:24 | 007,950,848 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\QtGui4.dll
MOD - [2011.05.15 20:12:06 | 000,948,736 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\QtNetwork4.dll
MOD - [2011.05.15 20:11:08 | 002,248,192 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\QtCore4.dll
MOD - [2011.04.13 11:03:25 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\simplejson._speedups.pyd
MOD - [2010.12.20 22:19:35 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd
MOD - [2010.11.30 03:26:56 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\twisted.python._initgroups.pyd
MOD - [2010.11.30 03:26:54 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\twisted.protocols._c_urlarg.pyd
MOD - [2010.11.27 23:31:18 | 000,152,576 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\pyexpat.pyd
MOD - [2010.11.27 23:31:16 | 000,721,920 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_ssl.pyd
MOD - [2010.11.27 23:31:16 | 000,285,184 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_hashlib.pyd
MOD - [2010.11.27 23:31:16 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_elementtree.pyd
MOD - [2010.11.27 23:31:16 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_ctypes.pyd
MOD - [2010.11.27 23:31:16 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\select.pyd
MOD - [2010.11.27 23:31:14 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_socket.pyd
MOD - [2010.11.01 19:54:08 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\OpenSSL.SSL.pyd
MOD - [2010.11.01 19:54:06 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\OpenSSL.crypto.pyd
MOD - [2010.11.01 19:54:06 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\OpenSSL.rand.pyd
MOD - [2009.07.22 08:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
MOD - [2009.07.06 12:16:10 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32file.pyd
MOD - [2009.07.05 14:51:28 | 000,263,168 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32com.shell.shell.pyd
MOD - [2009.07.05 14:49:50 | 000,354,304 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\pythoncom27.dll
MOD - [2009.07.05 14:49:00 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32api.pyd
MOD - [2009.07.05 14:48:54 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32trace.pyd
MOD - [2009.07.05 14:48:52 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32security.pyd
MOD - [2009.07.05 14:48:48 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32process.pyd
MOD - [2009.07.05 14:48:38 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32event.pyd
MOD - [2009.07.05 14:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32cred.pyd
MOD - [2009.07.05 14:48:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\pywintypes27.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.02 04:11:17 | 000,116,224 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe -- (postgresql-x64-9.1)
SRV:64bit: - [2011.11.13 22:17:28 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.27 17:47:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.29 15:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.06.06 14:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012.05.09 15:51:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 15:51:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.27 15:13:10 | 002,557,176 | ---- | M] (South River Technologies, LLC) [Auto | Running] -- C:\Programme\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.29 23:41:52 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009.10.20 11:02:10 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.12 18:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.05.20 18:39:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.09 15:51:49 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 15:51:49 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.11.13 22:17:28 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.11.13 22:17:28 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.06.22 04:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.11.27 14:38:22 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009.11.27 14:38:14 | 000,019,504 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.10.02 22:24:18 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.28 19:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.08.28 19:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2012.02.27 15:13:04 | 000,089,336 | ---- | M] () [File_System | Auto | Running] -- C:\Programme\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 02 74 B4 01 6C CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011.11.13 23:18:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.16 21:34:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 08:17:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 08:17:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.21 11:38:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2011.11.13 23:18:16 | 000,000,000 | ---D | M]
 
[2011.11.14 22:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012.05.18 07:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\apnt54ca.default\extensions
[2012.05.14 08:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.14 08:34:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.07.16 21:34:09 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.11.16 23:57:27 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\APNT54CA.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012.05.18 07:22:47 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\APNT54CA.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.04.26 22:40:27 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\APNT54CA.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.03.20 13:05:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[1999.12.31 16:00:00 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.03.20 13:05:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.20 13:05:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.20 13:05:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.20 13:05:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.20 13:05:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.20 13:05:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.24 12:01:43 | 000,000,872 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	timstein.de
O1 - Hosts: 127.0.0.1	www.timstein.de
O2:64bit: - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe (DigitalPersona, Inc.)
O4 - HKCU..\Run: [cnemc] rundll32.exe "C:\Users\****\AppData\Roaming\cnemc.dll",FIsHTMLFileW File not found
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [Ubuntu One] C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKCU..\Run: [Ubuntu One Icon] C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - HKCU..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe (South River Technologies, LLC)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk = C:\Program Files (x86)\TeamDrive 3\TeamDrive3.exe (TeamDrive Systems GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9021DC6B-73B4-4F8A-9769-FE2331350805}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.03 18:24:20 | 000,043,344 | R--- | M] (Microsoft Corporation) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.02.03 12:05:02 | 000,000,048 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c8127738-9b76-11e1-9695-d17409a2f8a4}\Shell - "" = AutoRun
O33 - MountPoints2\{c8127738-9b76-11e1-9695-d17409a2f8a4}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2010.04.03 18:24:20 | 000,043,344 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.29 21:51:18 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.07.24 14:04:08 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Macromedia
[2012.07.24 11:15:08 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2012.07.24 11:07:08 | 000,000,000 | ---D | C] -- C:\xampp
[2012.07.24 10:57:24 | 000,000,000 | ---D | C] -- C:\SERVER
[2012.07.24 10:04:26 | 000,000,000 | --SD | C] -- C:\Users\****\Documents\Spaces
[2012.07.23 14:38:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\TeamDrive3
[2012.07.23 14:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamDrive 3
[2012.07.23 14:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamDrive 3
[2012.07.23 10:45:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Microsoft Games
[2012.07.23 10:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2012.07.16 21:44:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\DDMSettings
[2012.07.15 21:20:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Skype
[2012.07.15 21:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.15 21:19:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.07.15 21:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.15 21:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.07.06 13:04:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2012.07.06 13:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.07.06 12:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.29 21:51:18 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.07.29 21:50:53 | 000,000,168 | ---- | M] () -- C:\Users\****\defogger_reenable
[2012.07.29 21:50:09 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe
[2012.07.29 21:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 18:05:41 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 18:05:41 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 18:01:20 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.29 18:01:20 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.29 18:01:20 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.29 18:01:20 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.29 18:01:20 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.29 17:55:36 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job
[2012.07.29 17:54:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.29 17:54:23 | 3062,833,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.27 17:55:29 | 000,000,600 | ---- | M] () -- C:\Users\****\AppData\Local\PUTTY.RND
[2012.07.27 15:40:59 | 000,007,253 | ---- | M] () -- C:\Users\****\.recently-used.xbel
[2012.07.24 12:01:43 | 000,000,872 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.23 14:37:45 | 000,001,086 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk
[2012.07.22 13:26:48 | 000,243,367 | ---- | M] () -- C:\Users\****\Desktop\Panorama_SeeRhein_(Konstanz)_2047g+.jpg
[2012.07.22 13:24:25 | 007,750,918 | ---- | M] () -- C:\Users\****\Desktop\Panorama_SeeRhein_(Konstanz)_2047.jpg
[2012.07.12 09:19:42 | 000,325,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.07.29 21:50:53 | 000,000,168 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012.07.29 21:50:09 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe
[2012.07.27 15:40:59 | 000,007,253 | ---- | C] () -- C:\Users\****\.recently-used.xbel
[2012.07.23 14:37:45 | 000,001,086 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk
[2012.07.22 13:26:47 | 000,243,367 | ---- | C] () -- C:\Users\****\Desktop\Panorama_SeeRhein_(Konstanz)_2047g+.jpg
[2012.07.22 13:24:22 | 007,750,918 | ---- | C] () -- C:\Users\****\Desktop\Panorama_SeeRhein_(Konstanz)_2047.jpg
[2012.07.12 22:07:30 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.06 12:55:41 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.06.20 10:22:40 | 000,000,000 | ---- | C] () -- C:\Users\****\raum.tiff
[2012.05.21 11:28:32 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.15 09:14:17 | 000,000,386 | ---- | C] () -- C:\Users\****\.JavaPowUpload.properties
[2012.03.28 13:13:46 | 000,001,003 | ---- | C] () -- C:\Users\****\.scala_history
[2012.02.25 16:52:50 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.02.25 16:52:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.02.12 23:39:36 | 000,000,104 | ---- | C] () -- C:\Users\****\.asadminpass
[2011.11.29 00:17:31 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Local\PUTTY.RND
[2011.11.13 22:47:19 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.11.13 22:47:19 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011.11.13 22:47:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011.11.13 22:47:19 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.11.13 22:47:18 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
 
========== LOP Check ==========
 
[2012.05.07 10:21:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ASCOMP Software
[2012.07.06 13:04:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2012.03.10 15:10:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2011.11.13 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DigitalPersona
[2012.07.29 21:55:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Dropbox
[2012.03.07 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\e-academy Inc
[2012.03.23 18:57:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2012.07.22 13:26:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0
[2011.11.21 20:30:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LibreOffice
[2012.07.26 18:38:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia
[2011.11.17 00:16:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Notepad++
[2011.11.13 22:27:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2012.02.24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\postgresql
[2011.11.15 19:25:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Revolver Preferences
[2012.04.05 16:04:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Subversion
[2012.07.29 17:57:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamDrive3
[2012.03.13 11:58:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2011.11.14 22:37:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2011.12.07 19:19:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Trillian
[2012.02.12 23:38:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\updatetool
[2012.04.29 20:41:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\xm1
[2012.07.29 17:55:36 | 000,000,560 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
[2009.07.14 07:08:49 | 000,029,862 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
und die Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 29.07.2012 21:52:46 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\****\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 44,71% Memory free
7,60 Gb Paging File | 5,35 Gb Available in Paging File | 70,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,95 Gb Total Space | 143,53 Gb Free Space | 48,17% Space Free | Partition Type: NTFS
Drive D: | 6,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 2,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: WOTAN | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ED1C66C-0D9D-4FB4-B522-CC741F9A8530}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AE3EC49A-F1E5-40B8-A5B4-80179AD38B05}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059262B9-8E0B-41A0-B465-C8C497333211}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0A809180-2582-403E-9CAC-2BD51B47BD57}" = dir=in | app=c:\program files\bonjour\mdnsresponder.exe\bonjour\mdnsresponder.exe | 
"{109E5748-1B2A-41D3-93CC-0A3CD8F9A15B}" = protocol=17 | dir=in | app=c:\program files\webdrive\webdrive.exe | 
"{135961FC-3878-42BB-92AB-334BD00CD0EA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe | 
"{13FF5BCA-30E9-4147-B6F6-1B1720A42066}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{156450FB-98CE-4E0B-B8C4-B363471C98B7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{159C5108-9550-4E31-ABD8-8C33E9954946}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1C2C062F-E582-41D9-A7B1-24FE1F9E73D9}" = dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{1DA2436F-21D6-450C-9108-B302F023A22F}" = protocol=17 | dir=in | app=c:\program files\webdrive\wdservice.exe | 
"{21C337E9-070E-4D4F-9121-A84C96C79631}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{2CB8AED5-2E13-49F4-AEF7-8F5E270878AC}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{39970A6E-2502-4817-B828-56543794D061}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{3DBB311E-9766-48FA-82D3-FC392FD52B38}" = protocol=6 | dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntu-sso-login.exe | 
"{3FD551C3-CA76-41B6-835E-1E0E176CCFCA}" = protocol=17 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe | 
"{45F4E8C9-BDC4-4155-A642-743BDC1C8D2E}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"{4C9BDB0B-8F79-4A3B-9511-0C63576D8831}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{50306D93-F32E-4925-B52D-9C9C2FD56C38}" = protocol=6 | dir=in | app=c:\program files\glassfish3\jdk7\bin\java.exe | 
"{5076E8EE-44C3-4A12-BE38-2D37AD0975AC}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"{54F605A4-B0C8-4D4C-B9B0-3FDB7080B375}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | 
"{55751293-7DB8-4E19-8016-DEA0561997E7}" = protocol=6 | dir=in | app=c:\program files\webdrive\wdservice.exe | 
"{5B5A7D17-E1DB-4A2F-9CDB-62871F8BEC85}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{61BF9F19-AFD3-406E-88B0-0337CDC22FEA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntu-sso-login.exe | 
"{6D9E1945-2F1A-4B28-BC66-20A60773AFD1}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"{73075364-C80D-4445-A063-19D0EDDA2801}" = protocol=6 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe | 
"{7C3CA4C6-8FA8-4F09-9694-08E77399C560}" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe | 
"{865B76AF-1313-432B-96B7-140B13599EAC}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"{8969F3AD-3F5F-4B36-8A20-91F98B044040}" = protocol=17 | dir=in | app=c:\program files\glassfish3\jdk7\bin\java.exe | 
"{93E360E1-4D83-409C-ADBE-C65F2BBFBD5C}" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe | 
"{97C2B30B-D98C-444B-B080-5894771893D4}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{A1077D28-28E7-4238-B8A9-E4E603CA2783}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{A4AC4BB8-79D0-4900-A818-457963E33B04}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\vlc setup helper.exe | 
"{A9D9938A-D027-4C4B-98AD-97FE7113A4ED}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AAC1EFF1-DB2B-4552-A87D-CE5950F5115E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B758D238-C2F9-4BDF-BC4B-85182D8EA7E0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B905FDC5-75F8-4254-AB8B-AAA19335F405}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{BCFD538C-C232-41AE-AFB6-049A67C51F48}" = protocol=6 | dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe | 
"{D4BBEB8F-9015-41A0-AB32-92FD3BA4B6A3}" = protocol=6 | dir=in | app=c:\program files\webdrive\webdrive.exe | 
"{D51A68FA-9DCE-4224-ACDF-04BE425F03F5}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"{E610A91B-2CBB-4596-9008-AD92594A2A71}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EB8A432A-3970-47D0-A49F-CA66C6BAD087}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{EBADE8AA-55BE-40F2-8E16-DFE006506A8B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{EBEE3B0B-78B8-46AC-BE86-7DA5489E9D43}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{F3BACC1A-DF89-4B2E-B20F-7BA8CE1A03F3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{FA7055C9-B200-449C-BDC5-93F21EE6C721}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"{FDBCB88D-C832-46CE-B120-7C82C42FD2F4}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{1F1B825A-5BE5-4A09-AF85-A2A230216077}C:\users\****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{48356998-C60A-4B8E-9A8A-BB8CFD85795B}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{6E298A7F-C8A4-4197-9374-F8DDB1570D7D}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{6FEBF13F-EB2A-4E80-A505-3440E68422C8}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{8F0836E9-0035-4037-86A2-67FFE447FF11}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{9AB1D9CF-AA90-4525-AA3F-D2678F902447}C:\program files\glassfish3\jdk7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\glassfish3\jdk7\bin\java.exe | 
"TCP Query User{AB72FDEF-00E0-4720-842E-5D5F229AF195}C:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe | 
"TCP Query User{BDBA4CE1-CE8C-4603-ACFE-9C318D5E4AAC}C:\program files (x86)\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe | 
"TCP Query User{C025494F-9B81-4ECC-B111-0E9732000042}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{D78F6321-6F66-410B-95E0-849CCC9F8EA1}C:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe | 
"TCP Query User{E1B89A04-0B19-4C92-8C3A-667836D7B7E6}C:\program files (x86)\revolver office\revolver office.exe" = protocol=6 | dir=in | app=c:\program files (x86)\revolver office\revolver office.exe | 
"TCP Query User{EF50EB4B-676B-4506-881C-17AD8B67387B}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{FBCBF4C0-E4B5-4BE9-96ED-EDAF42365AF3}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{17E2C28C-6306-4475-B123-52F32832971F}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{1A4C567F-11EA-4757-9EC9-ADD294C20162}C:\program files (x86)\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe | 
"UDP Query User{34A3D9A8-76AB-4A3F-8D28-8D56A499230B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{659C1499-A527-4DBF-B11D-516DC321FE31}C:\program files (x86)\revolver office\revolver office.exe" = protocol=17 | dir=in | app=c:\program files (x86)\revolver office\revolver office.exe | 
"UDP Query User{6EE11CE3-1093-49F5-84C4-2604AECD8D17}C:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe | 
"UDP Query User{8CE25D05-80CB-4CC3-B04D-61D861D96103}C:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe | 
"UDP Query User{9468F6E8-C96A-41D3-8CB5-F67E69EEE622}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{A4EB03A0-265A-49B2-A25F-CBC381029D61}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{AFE7E5DD-CA26-4083-9080-F814B06D9FA0}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{D2E42964-3ED3-48AC-A35C-161CEC17657B}C:\users\****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{D858BDD8-BD6E-48BF-9111-F3EBC60DB204}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{E73265AC-98CA-4CD9-86E8-FC330E67DD1D}C:\program files\glassfish3\jdk7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\glassfish3\jdk7\bin\java.exe | 
"UDP Query User{F883F82E-C70D-4842-B031-127DD9947327}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4371D69B-FB6A-4A61-8477-C1B919FB2311}" = TortoiseSVN 1.7.7.22907 (64 bit)
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{9CFA7A85-AEB6-487B-9C8E-C3C9432AA8F7}" = TortoiseOverlays
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{ECAD1063-CF2B-45F3-8355-A8B970007A80}" = Intel® SDK for OpenCL* Applications 2012
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F08E87FD-F62B-4BAC-A2D6-A94755653F30}" = WebDrive
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC09380E-74BE-41F5-8353-E97113969040}" = DigitalPersona Personal 4.01
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FD67869B-C97B-4F2C-AD80-ABF130238441}" = Oracle VM VirtualBox 4.1.16
"26DF6674D7C1C08AE6A9F0AB0F04558F369FF15F" = Windows Driver Package - Broadcom Bluetooth  (12/01/2009 6.2.0.9411)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"DW WLAN Card Utility" = DW WLAN Card Utility
"Matlab R2012a" = MATLAB R2012a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"NVIDIA Drivers" = NVIDIA Drivers
"PostgreSQL 9.1" = PostgreSQL 9.1 
"TortoiseCVS_is1" = TortoiseCVS 1.12.5
"WinRAR archiver" = WinRAR 4.10 beta 5 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2460EA85-D9D1-4D44-915E-6019271AFB1D}" = VC9RunTimeX64
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A37B181-B8D0-48C3-B4A4-5DC1ED104CED}" = VC9RunTime
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7606E6DA-E168-42B5-8345-B08BF774CB30}" = The Scala Programming Language
"{76F9F5C5-FF87-4ED8-B63C-2A25A299C4AA}" = CVSNT 2.5.05.3744
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8619B63A-4E7F-44A5-8CA6-2B0A16EC864D}" = Giter8
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3 : Raven Shield
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9DCF4E9-A41B-40E7-B028-2255E36D2A1C}" = TortoiseOverlays
"{CE07BE71-510D-414A-92D4-DFF47631848A}" = Simple Build Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CMake 2.8.8" = CMake 2.8, a cross-platform, open-source build system
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.5.3
"Git_is1" = Git version 1.7.10-preview20120409
"IETester" = IETester v0.4.11 (remove only)
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)
"JabRef 2.7.2" = JabRef 2.7.2
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"Notepad++" = Notepad++
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Opera 12.00.1467" = Opera 12.00
"pgJDBC 9.0-801-1" = pgJDBC 9.0-801
"Revolver Office_is1" = Revolver Office 8.4.5
"Secure Eraser_is1" = Secure Eraser v4.0
"TeamDrive 3 3.0.4.151" = TeamDrive 3
"TeamViewer 7" = TeamViewer 7
"Texmaker" = Texmaker
"Trillian" = Trillian
"Ubuntu One 2.0.3" = Ubuntu One
"VLC media player" = VLC media player 2.0.1
"VLC Setup Helper_is1" = VLC Setup Helper
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.5
"xampp" = XAMPP 1.8.0
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{a440ca9f-b112-4900-852e-f90baf37ce20}" = The Typesafe Stack
"Dropbox" = Dropbox
"Qt SDK" = Qt SDK
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.07.2012 11:56:58 | Computer Name = Wotan | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8159
 
Error - 27.07.2012 11:56:59 | Computer Name = Wotan | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 27.07.2012 11:56:59 | Computer Name = Wotan | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9158
 
Error - 27.07.2012 11:56:59 | Computer Name = Wotan | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9158
 
Error - 27.07.2012 19:14:50 | Computer Name = Wotan | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 27.07.2012 19:14:50 | Computer Name = Wotan | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1076
 
Error - 27.07.2012 19:14:50 | Computer Name = Wotan | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1076
 
Error - 28.07.2012 13:05:50 | Computer Name = Wotan | Source = EventSystem | ID = 4622
Description = 
 
Error - 29.07.2012 06:03:30 | Computer Name = Wotan | Source = PostgreSQL | ID = 0
Description = Zeitüberschreitung beim Warten auf Start des Servers 
 
Error - 29.07.2012 11:56:19 | Computer Name = Wotan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768,
 Zeitstempel: 0x4d688122  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec4b137  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000031a3d
ID
 des fehlerhaften Prozesses: 0xc48  Startzeit der fehlerhaften Anwendung: 0x01cd6da290615a6c
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: ef80086f-d995-11e1-9095-f04da282106d
 
[ Broadcom Wireless LAN Events ]
Error - 30.05.2012 03:29:17 | Computer Name = Wotan | Source = WLAN-Tray | ID = 0
Description = 09:29:17, Wed, May 30, 12 Error - Unable to gain access to user store

 
[ System Events ]
Error - 19.07.2012 11:39:07 | Computer Name = Wotan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?07.?2012 um 17:34:37 unerwartet heruntergefahren.
 
Error - 19.07.2012 11:45:36 | Computer Name = Wotan | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 24.07.2012 05:38:07 | Computer Name = Wotan | Source = DCOM | ID = 10010
Description = 
 
Error - 26.07.2012 06:19:50 | Computer Name = Wotan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?07.?2012 um 12:16:32 unerwartet heruntergefahren.
 
Error - 26.07.2012 06:23:48 | Computer Name = Wotan | Source = DCOM | ID = 10010
Description = 
 
Error - 26.07.2012 09:27:47 | Computer Name = Wotan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?07.?2012 um 15:19:38 unerwartet heruntergefahren.
 
Error - 26.07.2012 09:34:23 | Computer Name = Wotan | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 29.07.2012 06:09:51 | Computer Name = Wotan | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 29.07.2012 11:54:31 | Computer Name = Wotan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?07.?2012 um 15:38:06 unerwartet heruntergefahren.
 
Error - 29.07.2012 12:00:48 | Computer Name = Wotan | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
 
< End of report >
         
Für Hilfe wäre ich sehr dankbar!

Viele Grüße,
Louis

Alt 30.07.2012, 14:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 30.07.2012, 21:15   #3
LouisM
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



Hallo cosinus,

erstmal vielen Dank, dass Du meinem Problem deine Zeit opferst!

Malwarebytes ist nun nach vielen vielen Stunden durchgelaufen:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.30.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: WOTAN [Administrator]

30.07.2012 17:00:58
mbam-log-2012-07-30 (17-00-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1498993
Laufzeit: 5 Stunde(n), 8 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET werde ich dann jetzt auch anwerfen.
Um eine Standardfrage, die ich hier oft lese vorwegzunehmen: Nein, es gab keine früheren Malwarebyte Scans.

Nochmals vielen Dank und viele Grüße,
Louis
__________________

Alt 31.07.2012, 07:29   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



Zitat:
Um eine Standardfrage, die ich hier oft lese vorwegzunehmen: Nein, es gab keine früheren Malwarebyte Scans.
Danke für die Info
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.07.2012, 08:06   #5
LouisM
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



Guten Morgen cosinus,

hier das Log des ESET Scans:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5d35ed7aa4271b4ba0f2935c9d3927d6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 03:38:20
# local_time=2012-07-31 05:38:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 22467255 22467255 0 0
# compatibility_mode=5893 16776573 100 94 187813 96088666 0 0
# compatibility_mode=8192 67108863 100 0 3322 3322 0 0
# scanned=1304944
# found=0
# cleaned=0
# scan_time=22905
         
Gruß,
Louis


Alt 31.07.2012, 11:16   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8

Alt 31.07.2012, 11:44   #7
LouisM
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



Hallo cosinus,

schon gehts weiter:

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/31/2012 at 12:41:58
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional  (64 bits)
# User : **** - WOTAN
# Running from : C:\Users\****\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\****\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (de)

Profile name : default 
File : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\apnt54ca.default\prefs.js

[OK] File is clean.

-\\ Opera v12.0.1467.0

File : C:\Users\****\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1303 octets] - [31/07/2012 12:41:58]

########## EOF - C:\AdwCleaner[R1].txt - [1431 octets] ##########
         
Gruß,
Louis

Alt 31.07.2012, 13:41   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.07.2012, 13:51   #9
LouisM
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



Hallo cosinus,

ist erledigt.
Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/31/2012 at 14:43:02
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional  (64 bits)
# User : **** - WOTAN
# Running from : C:\Users\****\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\****\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (de)

Profile name : default 
File : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\apnt54ca.default\prefs.js

[OK] File is clean.

-\\ Opera v12.0.1467.0

File : C:\Users\****\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1428 octets] - [31/07/2012 12:41:58]
AdwCleaner[S1].txt - [1202 octets] - [31/07/2012 14:43:02]

########## EOF - C:\AdwCleaner[S1].txt - [1330 octets] ##########
         
Gruß,
Louis

Alt 31.07.2012, 19:16   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.07.2012, 19:50   #11
LouisM
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



Hallo cosinus

1.) Der normale Modus hat die ganze zeit ausgezeichnet funktioniert
2.) Nein, das Startmenp scheint in Ordnung zu sein

Gruß,
Louis

Alt 01.08.2012, 19:06   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.08.2012, 09:08   #13
LouisM
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



Hallo cosinus,

gesagt - getan. Hier die OTL.txt:

Code:
ATTFilter
OTL logfile created on: 02.08.2012 01:04:31 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\****\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 72,43% Memory free
7,60 Gb Paging File | 5,59 Gb Available in Paging File | 73,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,95 Gb Total Space | 139,54 Gb Free Space | 46,83% Space Free | Partition Type: NTFS
 
Computer Name: WOTAN | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.02 01:01:57 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2012.07.23 13:06:21 | 011,078,520 | ---- | M] (TeamDrive Systems GmbH) -- C:\Program Files (x86)\TeamDrive 3\TeamDrive3.exe
PRC - [2012.06.29 15:59:30 | 008,180,224 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2012.06.06 14:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2012.06.06 14:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe
PRC - [2012.05.09 15:51:49 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 15:51:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 15:51:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.02.15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011.12.16 20:53:04 | 000,052,392 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntu-sso-login.exe
PRC - [2011.12.16 20:52:42 | 000,058,536 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe
PRC - [2011.12.16 20:52:07 | 000,053,928 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe
PRC - [2011.10.11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.07.22 08:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009.05.12 18:50:32 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
PRC - [2009.05.12 18:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.16 20:53:04 | 000,052,392 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntu-sso-login.exe
MOD - [2011.12.16 20:52:42 | 000,058,536 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe
MOD - [2011.12.16 20:52:07 | 000,053,928 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.09.13 18:30:08 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32_crypto.pyd
MOD - [2011.08.02 19:01:16 | 000,468,992 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\PyQt4.QtNetwork.pyd
MOD - [2011.08.02 18:59:34 | 005,688,832 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\PyQt4.QtGui.pyd
MOD - [2011.08.02 18:48:42 | 001,608,704 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\PyQt4.QtCore.pyd
MOD - [2011.08.02 18:41:40 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\sip.pyd
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.05.15 20:20:24 | 007,950,848 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\QtGui4.dll
MOD - [2011.05.15 20:12:06 | 000,948,736 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\QtNetwork4.dll
MOD - [2011.05.15 20:11:08 | 002,248,192 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\QtCore4.dll
MOD - [2011.04.13 11:03:25 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\simplejson._speedups.pyd
MOD - [2010.12.20 22:19:35 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd
MOD - [2010.11.30 03:26:56 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\twisted.python._initgroups.pyd
MOD - [2010.11.30 03:26:54 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\twisted.protocols._c_urlarg.pyd
MOD - [2010.11.27 23:31:18 | 000,152,576 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\pyexpat.pyd
MOD - [2010.11.27 23:31:16 | 000,721,920 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_ssl.pyd
MOD - [2010.11.27 23:31:16 | 000,285,184 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_hashlib.pyd
MOD - [2010.11.27 23:31:16 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_elementtree.pyd
MOD - [2010.11.27 23:31:16 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_ctypes.pyd
MOD - [2010.11.27 23:31:16 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\select.pyd
MOD - [2010.11.27 23:31:14 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_socket.pyd
MOD - [2010.11.01 19:54:08 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\OpenSSL.SSL.pyd
MOD - [2010.11.01 19:54:06 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\OpenSSL.crypto.pyd
MOD - [2010.11.01 19:54:06 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\OpenSSL.rand.pyd
MOD - [2009.07.22 08:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
MOD - [2009.07.06 12:16:10 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32file.pyd
MOD - [2009.07.05 14:51:28 | 000,263,168 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32com.shell.shell.pyd
MOD - [2009.07.05 14:49:50 | 000,354,304 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\pythoncom27.dll
MOD - [2009.07.05 14:49:00 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32api.pyd
MOD - [2009.07.05 14:48:54 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32trace.pyd
MOD - [2009.07.05 14:48:52 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32security.pyd
MOD - [2009.07.05 14:48:48 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32process.pyd
MOD - [2009.07.05 14:48:38 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32event.pyd
MOD - [2009.07.05 14:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32cred.pyd
MOD - [2009.07.05 14:48:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\pywintypes27.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.02 04:11:17 | 000,116,224 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe -- (postgresql-x64-9.1)
SRV:64bit: - [2011.11.13 22:17:28 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.27 17:47:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.29 15:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.06.06 14:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012.05.09 15:51:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 15:51:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.27 15:13:10 | 002,557,176 | ---- | M] (South River Technologies, LLC) [Auto | Running] -- C:\Programme\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.29 23:41:52 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009.10.20 11:02:10 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.12 18:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.05.20 18:39:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.09 15:51:49 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 15:51:49 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.11.13 22:17:28 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.11.13 22:17:28 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.06.22 04:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.11.27 14:38:22 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009.11.27 14:38:14 | 000,019,504 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.10.02 22:24:18 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.28 19:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.08.28 19:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2012.02.27 15:13:04 | 000,089,336 | ---- | M] () [File_System | Auto | Running] -- C:\Programme\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1839249763-3240733801-3600457415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1839249763-3240733801-3600457415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1839249763-3240733801-3600457415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 02 74 B4 01 6C CD 01  [binary data]
IE - HKU\S-1-5-21-1839249763-3240733801-3600457415-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1839249763-3240733801-3600457415-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1839249763-3240733801-3600457415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011.11.13 23:18:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.16 21:34:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 08:17:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 08:17:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.21 11:38:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2011.11.13 23:18:16 | 000,000,000 | ---D | M]
 
[2011.11.14 22:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012.05.18 07:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\apnt54ca.default\extensions
[2012.05.14 08:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.14 08:34:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.07.16 21:34:09 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.11.16 23:57:27 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\APNT54CA.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012.05.18 07:22:47 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\APNT54CA.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.04.26 22:40:27 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\APNT54CA.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.03.20 13:05:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[1999.12.31 16:00:00 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.03.20 13:05:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.20 13:05:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.20 13:05:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.20 13:05:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.20 13:05:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.20 13:05:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.24 12:01:43 | 000,000,872 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	timstein.de
O1 - Hosts: 127.0.0.1	www.timstein.de
O2:64bit: - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1839249763-3240733801-3600457415-1000..\Run: [cnemc] rundll32.exe "C:\Users\****\AppData\Roaming\cnemc.dll",FIsHTMLFileW File not found
O4 - HKU\S-1-5-21-1839249763-3240733801-3600457415-1000..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-1839249763-3240733801-3600457415-1000..\Run: [Ubuntu One] C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-1839249763-3240733801-3600457415-1000..\Run: [Ubuntu One Icon] C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - HKU\S-1-5-21-1839249763-3240733801-3600457415-1000..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe (South River Technologies, LLC)
O4 - HKU\S-1-5-21-1839249763-3240733801-3600457415-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1839249763-3240733801-3600457415-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk = C:\Program Files (x86)\TeamDrive 3\TeamDrive3.exe (TeamDrive Systems GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9021DC6B-73B4-4F8A-9769-FE2331350805}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c8127738-9b76-11e1-9695-d17409a2f8a4}\Shell - "" = AutoRun
O33 - MountPoints2\{c8127738-9b76-11e1-9695-d17409a2f8a4}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 14:42:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\KeePass
[2012.07.31 14:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2012.07.30 22:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.30 16:59:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2012.07.30 16:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.30 16:57:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.30 16:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.30 16:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.29 21:51:18 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.07.24 14:04:08 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Macromedia
[2012.07.24 11:15:08 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2012.07.24 11:07:08 | 000,000,000 | ---D | C] -- C:\xampp
[2012.07.24 10:57:24 | 000,000,000 | ---D | C] -- C:\SERVER
[2012.07.24 10:04:26 | 000,000,000 | --SD | C] -- C:\Users\****\Documents\Spaces
[2012.07.23 14:38:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\TeamDrive3
[2012.07.23 14:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamDrive 3
[2012.07.23 14:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamDrive 3
[2012.07.23 10:45:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Microsoft Games
[2012.07.23 10:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2012.07.16 21:44:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\DDMSettings
[2012.07.15 21:20:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Skype
[2012.07.15 21:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.15 21:19:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.07.15 21:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.15 21:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.07.06 13:04:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2012.07.06 13:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.07.06 12:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.02 01:01:57 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.08.02 00:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.01 23:53:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.01 17:57:41 | 000,000,600 | ---- | M] () -- C:\Users\****\AppData\Roaming\winscp.rnd
[2012.08.01 17:56:54 | 000,000,600 | ---- | M] () -- C:\Users\****\AppData\Local\PUTTY.RND
[2012.08.01 13:02:13 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job
[2012.08.01 10:25:51 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.01 10:25:51 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.01 10:25:51 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.01 10:25:51 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.01 10:25:51 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.01 10:01:34 | 000,094,340 | ---- | M] () -- C:\Users\****\Desktop\dropbox_1.4.0_amd64.deb
[2012.08.01 09:58:24 | 000,110,704 | ---- | M] () -- C:\Users\****\Desktop\dropbox.py
[2012.07.31 17:27:30 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 17:27:30 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 17:17:45 | 3062,833,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.31 12:41:26 | 000,632,049 | ---- | M] () -- C:\Users\****\Desktop\adwcleaner.exe
[2012.07.31 12:11:55 | 000,007,253 | ---- | M] () -- C:\Users\****\.recently-used.xbel
[2012.07.30 16:57:49 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.29 21:50:53 | 000,000,168 | ---- | M] () -- C:\Users\****\defogger_reenable
[2012.07.29 21:50:09 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe
[2012.07.24 12:01:43 | 000,000,872 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.23 14:37:45 | 000,001,086 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk
[2012.07.22 13:26:48 | 000,243,367 | ---- | M] () -- C:\Users\****\Desktop\Panorama_SeeRhein_(Konstanz)_2047g+.jpg
[2012.07.22 13:24:25 | 007,750,918 | ---- | M] () -- C:\Users\****\Desktop\Panorama_SeeRhein_(Konstanz)_2047.jpg
[2012.07.12 09:19:42 | 000,325,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.08.01 10:01:34 | 000,094,340 | ---- | C] () -- C:\Users\****\Desktop\dropbox_1.4.0_amd64.deb
[2012.08.01 09:58:21 | 000,110,704 | ---- | C] () -- C:\Users\****\Desktop\dropbox.py
[2012.07.31 14:35:11 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Roaming\winscp.rnd
[2012.07.31 14:26:02 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2012.07.31 12:41:25 | 000,632,049 | ---- | C] () -- C:\Users\****\Desktop\adwcleaner.exe
[2012.07.31 12:11:55 | 000,007,253 | ---- | C] () -- C:\Users\****\.recently-used.xbel
[2012.07.30 16:57:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.29 21:50:53 | 000,000,168 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012.07.29 21:50:09 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe
[2012.07.23 14:37:45 | 000,001,086 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk
[2012.07.22 13:26:47 | 000,243,367 | ---- | C] () -- C:\Users\****\Desktop\Panorama_SeeRhein_(Konstanz)_2047g+.jpg
[2012.07.22 13:24:22 | 007,750,918 | ---- | C] () -- C:\Users\****\Desktop\Panorama_SeeRhein_(Konstanz)_2047.jpg
[2012.07.12 22:07:30 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.06 12:55:41 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.06.20 10:22:40 | 000,000,000 | ---- | C] () -- C:\Users\****\raum.tiff
[2012.05.21 11:28:32 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.15 09:14:17 | 000,000,386 | ---- | C] () -- C:\Users\****\.JavaPowUpload.properties
[2012.03.28 13:13:46 | 000,001,003 | ---- | C] () -- C:\Users\****\.scala_history
[2012.02.25 16:52:50 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.02.25 16:52:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.02.12 23:39:36 | 000,000,104 | ---- | C] () -- C:\Users\****\.asadminpass
[2011.11.29 00:17:31 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Local\PUTTY.RND
[2011.11.13 22:47:19 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.11.13 22:47:19 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011.11.13 22:47:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011.11.13 22:47:19 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.11.13 22:47:18 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
 
========== LOP Check ==========
 
[2012.05.07 10:21:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ASCOMP Software
[2012.07.06 13:04:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2012.03.10 15:10:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2011.11.13 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DigitalPersona
[2012.08.01 22:31:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Dropbox
[2012.03.07 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\e-academy Inc
[2012.03.23 18:57:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2012.07.22 13:26:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0
[2012.08.01 17:58:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\KeePass
[2011.11.21 20:30:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LibreOffice
[2012.07.26 18:38:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia
[2011.11.17 00:16:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Notepad++
[2011.11.13 22:27:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2012.02.24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\postgresql
[2011.11.15 19:25:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Revolver Preferences
[2012.04.05 16:04:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Subversion
[2012.08.02 00:16:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamDrive3
[2012.03.13 11:58:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2011.11.14 22:37:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2011.12.07 19:19:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Trillian
[2012.02.12 23:38:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\updatetool
[2012.04.29 20:41:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\xm1
[2012.08.01 13:02:13 | 000,000,560 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
[2009.07.14 07:08:49 | 000,030,366 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.14 22:56:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe
[2012.03.07 11:29:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer
[2012.05.07 10:21:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ASCOMP Software
[2011.11.13 23:28:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Avira
[2012.07.06 13:04:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2012.03.10 15:10:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2011.11.13 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DigitalPersona
[2012.05.18 09:22:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DivX
[2012.08.01 22:31:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Dropbox
[2012.07.25 23:42:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\dvdcss
[2012.03.07 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\e-academy Inc
[2012.03.23 18:57:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2012.07.22 13:26:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0
[2011.11.13 21:54:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities
[2011.11.13 22:17:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield
[2012.08.01 17:58:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\KeePass
[2011.11.21 20:30:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LibreOffice
[2011.11.14 22:56:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia
[2011.11.13 23:02:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macrovision
[2012.07.30 16:59:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2012.05.20 23:15:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MathWorks
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs
[2012.07.24 14:04:08 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft
[2012.04.29 21:23:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MiKTeX
[2011.11.16 23:51:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla
[2012.07.26 18:38:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia
[2011.11.17 00:16:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Notepad++
[2011.11.13 22:27:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2012.02.24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\postgresql
[2011.11.15 19:25:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Revolver Preferences
[2012.07.31 17:27:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Skype
[2012.04.05 16:04:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Subversion
[2012.08.02 00:16:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamDrive3
[2012.03.13 11:58:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2011.11.14 22:37:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2012.05.03 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TortoiseSVN
[2011.12.07 19:19:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Trillian
[2012.02.12 23:38:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\updatetool
[2012.08.01 16:58:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\vlc
[2011.12.29 16:40:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinRAR
[2012.04.29 20:41:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\xm1
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\****\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.03.07 18:42:22 | 000,009,662 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}\_112D608FD02CD87FDC7735.exe
[2012.03.07 18:42:22 | 000,009,662 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}\_3E73EB2AE0BDEC4F4221FF.exe
[2012.03.07 18:42:22 | 000,009,662 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}\_853F67D554F05449430E7E.exe
[2012.03.01 15:14:20 | 000,060,512 | R--- | M] (Acresso Software Inc.) -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{F08E87FD-F62B-4BAC-A2D6-A94755653F30}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2012.06.06 14:30:30 | 000,026,112 | ---- | M] () MD5=1EBB071E5585A41583C89BC0CC135CE3 -- C:\xampp\perl\vendor\lib\auto\Win32\EventLog\EventLog.dll
[2010.01.26 23:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2012a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\es.dll
 
<           >

< End of report >
         
Nach diesem Scan und dem darauf folgenden Reboot zeigen sich eigenartige Symptome!

1. Auf meinem Desktop sind zwei versteckte Dateien "desktop.ini" aufgetaucht.
2. In C:\Users\MeinBenutzername, sind versteckte Verknüpfungen aufgetaucht die aber auf nichts gültiges verweisen. z.B. ist im Ordner "Eigene Dokumente" eine Verknüpfung zu "Eigene Bilder", die zeigt aber gar nicht nach C:\Users\Pictures sondern nach C:\Users\MeinBenutzername\Documents\Eigene Bilder - also auf sich selbst. Außerdem gibt es dann noch jeweils eine korrespondierende Verknüpfung auf den Public Benutzer, aber mit den gleichen Problemen. Erstellt worden sind diese Verknüpfungen laut Explorer am 13.11.2011 - das müsste das Datum sein, an dem ich das System zuletzt neu aufgesetzt habe.

Nachtrag: Die desktop.ini Dateien finden sich auch noch in ganz anderen Ordner, wie z.B. Eigene Videos...

Geändert von LouisM (02.08.2012 um 09:31 Uhr)

Alt 03.08.2012, 10:11   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - user.js - File not found
O4 - HKU\S-1-5-21-1839249763-3240733801-3600457415-1000..\Run: [cnemc] rundll32.exe "C:\Users\****\AppData\Roaming\cnemc.dll",FIsHTMLFileW File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1839249763-3240733801-3600457415-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c8127738-9b76-11e1-9695-d17409a2f8a4}\Shell - "" = AutoRun
O33 - MountPoints2\{c8127738-9b76-11e1-9695-d17409a2f8a4}\Shell\AutoRun\command - "" = E:\autorun.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.08.2012, 12:16   #15
LouisM
 
Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Standard

Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8



Hallo cosinus,

hier das Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1839249763-3240733801-3600457415-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cnemc deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1839249763-3240733801-3600457415-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8127738-9b76-11e1-9695-d17409a2f8a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8127738-9b76-11e1-9695-d17409a2f8a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8127738-9b76-11e1-9695-d17409a2f8a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8127738-9b76-11e1-9695-d17409a2f8a4}\ not found.
File move failed. E:\AUTORUN.EXE scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ****
->Temp folder emptied: 1393027859 bytes
->Temporary Internet Files folder emptied: 255737440 bytes
->Java cache emptied: 3998252 bytes
->FireFox cache emptied: 372585192 bytes
->Apple Safari cache emptied: 3814400 bytes
->Opera cache emptied: 561329020 bytes
->Flash cache emptied: 36180 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 406552577 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.858,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: ****
->Flash cache emptied: 0 bytes
 
User: postgres
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.55.0 log created on 08032012_123707

Files\Folders moved on Reboot...
File\Folder E:\AUTORUN.EXE not found!
C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File E:\AUTORUN.EXE not found!
File C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
Die ominösen Dateien und Verknüpfungen sind nun wieder verschwunden.
Gruß,
Louis

Antwort

Themen zu Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8
7-zip, adobe, antivirus, application/pdf:, autorun, avg, avira, bho, bonjour, browser, cpu, document, eraser, error, firefox, flash player, format, gesperrt, grand theft auto, helper, install.exe, langs, mp3, nicht sicher, ntdll.dll, realtek, registry, rundll, software, tr/crpyt.epack.gen8, tr/crypt.zpack.gen8, tr/vcaredrix.a.3, tracker, trojaner, udp, visual studio, windows, wlan



Ähnliche Themen: Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8


  1. TR/Crypt.ZPACK.Gen8 gefunden
    Log-Analyse und Auswertung - 23.01.2014 (5)
  2. Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (7)
  3. Probleme mit der Tastatur und dann TR/Crypt.ZPACK.Gen8 von Avira gefunden...
    Log-Analyse und Auswertung - 31.05.2013 (4)
  4. C:TR/Crypt.ZPACK.Gen8
    Log-Analyse und Auswertung - 12.03.2013 (23)
  5. TR/Crypt/ZPACK.Gen8 in Avira Quarantäne
    Log-Analyse und Auswertung - 04.03.2013 (20)
  6. AVIRA meldet 'TR/Crypt.ZPACK.Gen8' (C:\System Volume Information\_restore{...}\RP353\A0103375.exe)
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (11)
  7. TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (21)
  8. TR/Crypt.EPACK.Gen2 / TR/Spy.Banker.Gen8
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (5)
  9. Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los?
    Log-Analyse und Auswertung - 14.11.2012 (8)
  10. Verschlüsselungstrojaner noch auf PC? (TR/Crypt.EPACK.Gen8, wroui.dll)
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (3)
  11. TR/Crypt.EPACK.Gen8, TR/Crypt.XPACK.Gen, TR/Vcaredrix.A.3 und einige EXP/CVE-xx, EXP/2010-xx Viren.
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (7)
  12. TR/Crypt.XPACK.Gen8 - TR/Crypt.EPACK.Gen2 - TR/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (18)
  13. Virus TR/Crypt.EPACK.Gen8' [trojan] > Daten verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  14. TR/Crypt.ZPACK.GEN8
    Log-Analyse und Auswertung - 09.06.2012 (6)
  15. TR/Crypt.ZPACK.GEN8 - nach Start schwarzer Desktop, keine Progr./Dateien; AVIRA Warnung, Systemfehle
    Log-Analyse und Auswertung - 19.05.2012 (1)
  16. TR/Crypt.ZPACK.Gen8 - Virusproblem
    Log-Analyse und Auswertung - 17.05.2012 (10)
  17. TR/Crypt.ZPACK.GEN8 - nach Start schwarzer Desktop, keine Progr./Dateien; AVIRA Warnung, Systemfehle
    Log-Analyse und Auswertung - 17.04.2012 (19)

Zum Thema Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 - Hallo miteinander, Avira Free Antivirus hat beim Systemstart heute morgen in einer DLL-Datei C:\Users\****\AppData\Roaming\cnemc.dll den Trojaner TR\Crypt.EPACK.Gen8 ausfindig gemacht, den Zugriff gesperrt und das Objekt in Quarantäne verschoben. Eine voller - Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8...
Archiv
Du betrachtest: Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.