Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: gvu trojaner win7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.08.2012, 18:09   #1
nicola1997
 
gvu trojaner win7 - Standard

gvu trojaner win7



Hallo liebes Trojaner board team.

Ich habe mir heute einen trojaner eingefangen der àhnlichkeiten mit dem gema trojaner hatIch kann leider nicht mit meinen pc ins internet den sobald ich mein lan kabel an den pc anschliese sich der trojaner wieder in den vordergrund schiebt.
Der trojaner ist in etwa wie der gema trojaner blos steht oben gvu
ich habe leider keinen plan wie ich mit dem pc hier etwas posten kann ohne das es sich wieder öffnet ich habe einen screen von dem trojaner doch leider kann ich nichts mit dem smartphone uploaden wist ihr evtl was ich machen koennte

Edit: Ich weis das eine systemwiederherstellung den trojaner nicht entfernt doch kann ich dan fuer eine zeit meinen pc nutzen so das ich hier alles in den anhang tun kann was ihr benoetigt ?

mfg nico

Geändert von nicola1997 (01.08.2012 um 18:19 Uhr)

Alt 01.08.2012, 18:53   #2
markusg
/// Malware-holic
 
gvu trojaner win7 - Standard

gvu trojaner win7



starte neu drücke f8 wähle abgesicherter modus mit netzwerk
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 01.08.2012, 19:17   #3
nicola1997
 
gvu trojaner win7 - Standard

gvu trojaner win7



Ist es schlimm wenn ich den PC normal gestartet habe? bin auf herunterfahren dan auf abrechen und er war weg oder muss es im abgesicherten modus sein?

Edit:habe jetzt den screen
__________________
Miniaturansicht angehängter Grafiken
gvu trojaner win7-2012-08-01-18.53.02.jpg  

Geändert von nicola1997 (01.08.2012 um 19:23 Uhr)

Alt 01.08.2012, 19:43   #4
nicola1997
 
gvu trojaner win7 - Standard

gvu trojaner win7



ok habe es durchlaufen lassen als der pc normal gestartet war falls dies schlimm ist werde ich es nochmal im abgesicherten modus machen habe hier das von der Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.08.2012 20:26:07 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Mom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 69,03% Memory free
7,50 Gb Paging File | 6,17 Gb Available in Paging File | 82,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 689,42 Gb Total Space | 613,26 Gb Free Space | 88,95% Space Free | Partition Type: NTFS
Drive D: | 9,12 Gb Total Space | 0,92 Gb Free Space | 10,10% Space Free | Partition Type: NTFS
 
Computer Name: MOM-HP | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1433DDC0-F5A3-4E2B-B6C9-640672ACD947}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1ADE500A-DFF5-4B22-B4B4-0D2A74894F06}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2F039E62-A808-4280-BE02-658B132AD69B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3E051FBA-B932-41BF-95A0-985711E3B822}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4023CBC5-EDEB-401B-AB8E-FDB50476E090}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BFC0F06-486B-4CC0-A2DD-20DF24EE7153}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4D3D5F12-1A71-4F6A-8278-FE735898B7EE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{538F38DB-451B-4A9D-8080-FB4A6CC6B3B7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{57FB95BA-88AA-4DB4-8AF8-0C1E0FEDF8BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5D296322-6818-4F53-B5E2-E6A80A81413C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5F78685D-5D8C-452D-8B10-123B60CC5980}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5F95D45F-D7FD-4E46-8CA9-A7F10C90EC6B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80D57E17-15F3-41E7-90D8-40A16A68884C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{853DB6E4-05A4-4CED-A9C8-8A2162F36895}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8570737D-FC2D-4E7A-B27A-D45C50AB5ECF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8AA3955C-612F-48D8-9399-C7197D8A5835}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A68856C-F921-46E5-9BF3-B8002A7CED02}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A3568E10-CD22-4CCC-A22C-6A757A906BF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A3E6F063-48C4-4552-9DDF-A2C0D68682CA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A950260A-631F-4E55-B5C1-5411A8BE4A59}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AE39D62A-3C36-4447-B6EA-3DD4500253F3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C5DEEE9A-E333-4C66-A9AA-7222765CF8ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D452C105-735B-4446-9382-7776729A788D}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EADF00-D4C7-4E95-B9E7-84FB03041050}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0EC18888-5FCD-4915-A2E0-574DCBC4209F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{1223EAD1-C2B1-4737-8F7B-2479C31ACC0F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1952FF92-361B-4CB4-B3B7-CD75B2DAD822}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1F15C25A-EA99-4CD2-B283-12668212311C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2230547B-9C8D-4D12-AF18-CF7BEB5B55D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2833DD04-1E25-44C1-9F9C-3D8F1628FB11}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{298FC596-9F32-474B-86F6-5AD30C2AF55A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E40FB5D-FFCD-4651-987F-2B53404B6A67}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2EBE613F-DAE0-4AE7-8B53-C7A7675AEE74}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{33737C72-C696-4C87-AB85-218EE85EC2E1}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{360CF7E9-FB19-4199-BB24-832564621D80}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{38E295B3-D440-4A48-AC61-D02FCE566804}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3C875009-A423-488A-B26D-17E642B8F92F}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | 
"{3EE93850-8EDE-485F-BB59-2B534A3E8B9E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3F119BD9-EA5B-4C1A-9572-BDB4E6DAEFF3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{4183369D-CCF0-4CA8-909D-5D2A8EFB7D6C}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{41902E09-0046-46D5-9A91-156B23DA1B2D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{41FEF437-C220-4ECA-8993-1855C5AB69CF}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{45612111-6193-489D-8BB1-6824373A6B43}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{4BCA5FCD-647C-4D57-B0A7-DDB22D2AAD9D}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{4D17D31D-0385-4350-A0F4-4021D6D3ADA7}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{4E598B7F-CEAF-4D13-8E6F-9BFC14519FD9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5027AD76-6FFD-4ED8-90B6-21FCE5A42981}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5DC91C74-D446-41D8-AFCF-1FC09B46AECC}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{5F4B3826-B95D-47F3-87E9-4BD6577CF64A}" = protocol=58 | dir=in | app=system | 
"{687C18CF-F47D-49CC-A162-1EA1DAFC5821}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{6A921A74-518E-4ED9-B3B4-C249602D3CB6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6BDAE84F-F1C0-4E67-AB3A-E011EB2105C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{79072EC2-4881-4A93-8ABA-3CA8A500E56B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{79F14708-9FA4-4C85-95EE-50339345657C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{8ABB13B3-42EF-499E-A648-7D2088CC4904}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | 
"{8C3AC7DD-ABC3-4CF3-9FEE-D6DF575B62F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D114B22-7DC4-4C2D-9266-74E5A3D715CA}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | 
"{93F13761-814C-4AFD-A76F-CFA5E8ED869D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B844EFC-D588-49AF-B8D3-7E755DA765A2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9F9FAF09-BD2B-49DB-9C23-916541E1DD47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A668F980-E71B-4A74-8F24-0E152B8F206B}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{AA789C41-DC46-427E-8220-646623BA58E7}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | 
"{AFCE7FB5-02B6-429D-A551-0077744297B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B56D962B-5907-4390-B97C-95166737023A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C61D0B5A-5A5F-42C5-B7D3-F8587E21FE63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D63D94AE-D0D5-459A-9F31-EC3296D4B2AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D8F08D9A-3A50-4AD6-BCFC-05332555F2FC}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{EF1EBCB8-402C-4C59-AFA5-7BF113F36CB0}" = protocol=6 | dir=out | app=system | 
"{F084EE57-A9C8-4C44-84DD-471371C764FC}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{F9FF847C-4920-4182-9E34-75138A265537}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{FC84804F-4BDA-4065-9AB7-DDAF364911B0}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{948B1FD6-9F98-47EE-AABF-8697F2FD44B0}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E50A5077-1654-BEAE-986B-7B7133DA7C48}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = Hardwarediagnosetools
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08235411-48C8-A293-8642-D9575891E7D9}" = Catalyst Control Center InstallProxy
"{08548558-3EC9-BD0B-3D09-632500268F59}" = CCC Help Portuguese
"{137B2CE7-30A2-4836-0830-707F1010F517}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25F2A86D-E2E2-C2AD-8173-86C18632F214}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2842077A-7895-5310-4F0C-42C83501E770}" = CCC Help Thai
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2ACAB850-69A5-8090-08B7-D27CC6D8652C}" = CCC Help German
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BAD00A4-7FD1-61C5-10C3-8275723943AD}" = CCC Help Danish
"{2BF943D5-1468-589A-50E3-DD0ED6596022}" = Catalyst Control Center Graphics Full New
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{34DB1D69-9FFC-7899-6F4D-22C4C15ADD54}" = CCC Help Polish
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F310D8D-AC3B-5478-5AEA-D2EF5D7437E7}" = CCC Help Swedish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5884CB45-C54B-4550-BAD5-3E060FD75D17}" = ZoneAlarm Firewall
"{595007B2-E139-535C-D723-4B0442FC40F5}" = CCC Help Italian
"{5A21C631-0494-7377-1E3B-99353E04F83B}" = CCC Help Japanese
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{695C04CF-CF98-FAD6-9590-6C555B2E2E79}" = CCC Help Chinese Standard
"{6F277272-77D6-1E03-B8BB-B408B26C5140}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A994-0ED4-4841-AD3B-5E5F72850F67}" = Catalyst Control Center Graphics Previews Vista
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7C66E480-E42D-3664-B207-5CE9A706BC1F}" = Catalyst Control Center Graphics Light
"{7CAAA7B2-D9EA-2416-9D63-DDBC8E669059}" = CCC Help French
"{84B4C4F4-F244-6A7E-EDC6-ECD46ACAAE59}" = CCC Help Greek
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3E8FC19-2107-49DA-967F-23E1B5210D9C}" = ZoneAlarm Security
"{AF4A82A7-F453-CE12-A942-E55FAC234387}" = ccc-core-static
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B5B7E8FF-62F6-FA85-4C4A-83AAF816CE6E}" = CCC Help Spanish
"{B8089767-9A45-0E84-FCDE-15698650FF17}" = CCC Help Hungarian
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C9496C0E-BE4C-7800-900B-5E66B958AEC1}" = CCC Help Russian
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB1A6595-613F-9654-E58E-0876F8B0E8F3}" = Catalyst Control Center Localization All
"{EDD1E22B-249A-5ED7-BA0A-C41BAA8256ED}" = CCC Help Korean
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F012A635-8E2C-4AF2-BD46-C508D00289B2}" = ZoneAlarm Antivirus
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F252C428-A4AE-C73E-031A-C451FDD660A9}" = CCC Help Norwegian
"{F67EA3C6-38B0-675A-E2F9-8C343DE1C826}" = Catalyst Control Center Graphics Full Existing
"{F686E613-03C4-085F-188A-9E5DC1455787}" = CCC Help Turkish
"{F7F7626C-4612-BF7B-38D5-07E247973A1A}" = Catalyst Control Center Core Implementation
"{F8CA8746-F561-61D7-A496-8D4C4E1F8A57}" = CCC Help Dutch
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCDDC9D3-5524-9AD1-651C-467910CC1903}" = CCC Help Finnish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AstrumNival Allods" = Allods Online 3.0.00.50
"AVG Secure Search" = AVG Security Toolbar
"BitTorrent" = BitTorrent
"Combat Arms EU" = Combat Arms EU
"Diablo II" = Diablo II
"dlanconftiny" = HomePlug-Konfigurationsassistent
"Easy Macro Recorder_is1" = Easy Macro Recorder 4.21
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.25.627
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicStationNetstaller" = MusicStation
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PDF Complete" = PDF Complete Special Edition
"PowerISO" = PowerISO
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Update Engine" = Sony Ericsson Update Engine
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2012 05:22:27 | Computer Name = Mom-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 21.07.2012 12:51:44 | Computer Name = Mom-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Mom\Desktop\SoftonicDownloader_fuer_camtasia-studio.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 21.07.2012 12:52:08 | Computer Name = Mom-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Mom\Desktop\SoftonicDownloader_fuer_camtasia-studio.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 21.07.2012 12:52:10 | Computer Name = Mom-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Mom\Desktop\SoftonicDownloader_fuer_camtasia-studio.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 21.07.2012 12:52:16 | Computer Name = Mom-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Mom\Desktop\SoftonicDownloader_fuer_camtasia-studio.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 21.07.2012 12:52:22 | Computer Name = Mom-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Mom\Desktop\SoftonicDownloader_fuer_camtasia-studio.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 22.07.2012 06:34:24 | Computer Name = Mom-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 22.07.2012 19:43:11 | Computer Name = Mom-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 12.0.0.4493,
 Zeitstempel: 0x4f9207d9  Name des fehlerhaften Moduls: xul.dll, Version: 12.0.0.4493,
 Zeitstempel: 0x4f92069e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001115b8  ID des fehlerhaften
 Prozesses: 0x158c  Startzeit der fehlerhaften Anwendung: 0x01cd6861c1777c2c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 ff13dd0c-d456-11e1-a433-78e7d1c2195e
 
Error - 22.07.2012 20:36:31 | Computer Name = Mom-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
 Version: 11.3.300.265, Zeitstempel: 0x4febd5ac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
 Version: 11.3.300.265, Zeitstempel: 0x4febd798  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0016b5c4  ID des fehlerhaften Prozesses: 0x13f0  Startzeit der fehlerhaften Anwendung:
 0x01cd686b2e94d589  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
 72273a8e-d45e-11e1-a433-78e7d1c2195e
 
Error - 23.07.2012 14:48:53 | Computer Name = Mom-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ Hewlett-Packard Events ]
Error - 05.05.2012 08:07:48 | Computer Name = Mom-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
[ System Events ]
Error - 01.08.2012 10:18:01 | Computer Name = Mom-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.08.2012 10:18:01 | Computer Name = Mom-HP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  DfsC  discache  kl2  KLIF  MpFilter  NetBIOS  NetBT  nsiproxy  Psched  rdbss  SCDEmu  spldr  tdx  Vsdatant
Wanarpv6
WfpLwf
 
Error - 01.08.2012 10:28:16 | Computer Name = Mom-HP | Source = DCOM | ID = 10005
Description = 
 
Error - 01.08.2012 10:28:16 | Computer Name = Mom-HP | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.131.1058.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: Default URL     Signaturtyp: %%800     Aktualisierungstyp:
 %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion:
 1.1.8601.0     Fehlercode: 0x8007043c     Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten
 Modus gestartet werden. 
 
Error - 01.08.2012 10:33:32 | Computer Name = Mom-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 01.08.2012 10:50:29 | Computer Name = Mom-HP | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.131.1058.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8601.0     Fehlercode: 0x8024402c     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 01.08.2012 12:01:25 | Computer Name = Mom-HP | Source = Microsoft Antimalware | ID = 5008
Description = Das Modul %%860 wurde aufgrund eines unerwarteten Fehlers beendet.

	Fehlertyp:
 %%830     Ausnahmecode: 0xc0000005     Ressource: clsid:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{1E5E3435-8F73-417E-A57D-293A0A3AFC94}
 
Error - 01.08.2012 12:01:25 | Computer Name = Mom-HP | Source = Microsoft Antimalware | ID = 3002
Description = Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

	Feature:
 %%834     Fehlercode: 0x80070006     Fehlerbeschreibung: Das Handle ist ungültig.      Grund: 
%%837
 
Error - 01.08.2012 12:01:25 | Computer Name = Mom-HP | Source = Microsoft Antimalware | ID = 3002
Description = Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

	Feature:
 %%835     Fehlercode: 0x80070006     Fehlerbeschreibung: Das Handle ist ungültig.      Grund: 
%%837
 
Error - 01.08.2012 12:01:29 | Computer Name = Mom-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Neustart des Diensts.
 
 
< End of report >
         
--- --- ---
und hier das von OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.08.2012 20:26:07 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Mom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 69,03% Memory free
7,50 Gb Paging File | 6,17 Gb Available in Paging File | 82,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 689,42 Gb Total Space | 613,26 Gb Free Space | 88,95% Space Free | Partition Type: NTFS
Drive D: | 9,12 Gb Total Space | 0,92 Gb Free Space | 10,10% Space Free | Partition Type: NTFS
 
Computer Name: MOM-HP | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (iwdbdotx) -- C:\Windows\SysNative\drivers\iwdbdotx.sys (Microsoft Corporation)
DRV:64bit: - (jtfjmevx) -- C:\Windows\SysNative\drivers\jtfjmevx.sys (Microsoft Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPF_devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D8D2B18B-E963-4E1A-A546-3114C373B051}
IE:64bit: - HKLM\..\SearchScopes\{D8D2B18B-E963-4E1A-A546-3114C373B051}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKLM\..\SearchScopes\{D8D2B18B-E963-4E1A-A546-3114C373B051}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={C21BD49E-8171-45A7-AAC9-151969C23211}&mid=ec08da9c948d47d0a90da9ae9726f0ad-c064feda14e70e09a3b2bf25dc6290e2af9e3200&lang=de&ds=st011&pr=sa&d=2012-05-20 14:26:50&v=11.1.0.12&sap=hp
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=2912_8&babsrc=SP_ss&mntrId=d625ea4c00000000000078e7d1c2195e
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={C21BD49E-8171-45A7-AAC9-151969C23211}&mid=ec08da9c948d47d0a90da9ae9726f0ad-c064feda14e70e09a3b2bf25dc6290e2af9e3200&lang=de&ds=st011&pr=sa&d=2012-05-20 14:26:50&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "hxxp://isearch.avg.com?cid=%7Ba86e67ce-1c97-49d4-b839-bc1f13ddd6c4%7D&mid=ec08da9c948d47d0a90da9ae9726f0ad-c064feda14e70e09a3b2bf25dc6290e2af9e3200&ds=st011&v=11.1.0.7&lang=de&pr=sa&d=2012-05-20%2014%3A26%3A50&sap=hp"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Ba86e67ce-1c97-49d4-b839-bc1f13ddd6c4%7D&mid=ec08da9c948d47d0a90da9ae9726f0ad-c064feda14e70e09a3b2bf25dc6290e2af9e3200&ds=st011&v=11.1.0.7&lang=de&pr=sa&d=2012-05-20%2014%3A26%3A50&sap=ku&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.06.10 16:58:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.06.09 12:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.10 13:08:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.07 18:37:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.04.01 15:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\mozilla\Extensions
[2012.08.01 18:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\mozilla\Firefox\Profiles\5kp5mxwz.default\extensions
[2012.07.07 10:48:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mom\AppData\Roaming\mozilla\Firefox\Profiles\5kp5mxwz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.01 18:53:57 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Mom\AppData\Roaming\mozilla\Firefox\Profiles\5kp5mxwz.default\extensions\inboxcomtoolbar@inbox.com
[2012.05.07 18:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.06.09 12:16:23 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\WOW64\TRUSTCHECKER
[2012.07.13 18:02:13 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\MOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5KP5MXWZ.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2012.05.07 18:37:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.10 13:08:22 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.07.18 13:14:23 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [FullScreen] C:\BLOCK\CFG\flexbuild\FullScreen\launchFS.cmd File not found
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [ISW]  File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mom\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mom\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E993BCC-582C-4B0C-91D6-C2CD5434A8E5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{507ab5a9-814f-11e1-a9ba-78e7d1c2195e}\Shell - "" = AutoRun
O33 - MountPoints2\{507ab5a9-814f-11e1-a9ba-78e7d1c2195e}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.01 20:09:26 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2012.08.01 20:02:44 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Malwarebytes
[2012.08.01 20:02:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.01 20:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.01 15:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2012.08.01 15:20:42 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\BitTorrent
[2012.08.01 15:20:42 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\BitTorrent
[2012.08.01 09:05:55 | 004,229,912 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2012.08.01 09:03:15 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2012.08.01 09:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2012.08.01 00:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\gPotato.eu
[2012.07.31 23:23:41 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2012.07.31 16:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameforge4D
[2012.07.29 21:23:45 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\Lets play
[2012.07.23 00:04:49 | 000,000,000 | ---D | C] -- C:\WOI_DE_SETUP_V256_0505
[2012.07.22 23:51:23 | 000,000,000 | ---D | C] -- C:\PWRD
[2012.07.22 23:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PWD
[2012.07.22 23:42:58 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2012.07.22 21:57:41 | 000,000,000 | ---D | C] -- C:\WOI_SETUP_V256_0504
[2012.07.21 19:01:51 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\TechSmith
[2012.07.21 19:01:45 | 000,000,000 | ---D | C] -- C:\Users\Mom\Documents\Camtasia Studio
[2012.07.21 19:01:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2012.07.21 19:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012.07.21 10:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2012.07.19 18:40:02 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Temp
[2012.07.18 13:30:43 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\OpenOffice.org
[2012.07.18 13:29:55 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.07.18 13:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.07.18 13:27:01 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\OpenOffice.org 3.4 (de) Installation Files
[2012.07.18 13:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.07.18 13:14:17 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Babylon
[2012.07.18 13:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.07.18 13:14:03 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\YourFileDownloader
[2012.07.18 13:13:43 | 004,110,768 | ---- | C] (Weclome to YourFile Downloader!) -- C:\Users\Mom\Desktop\presenter_media_power_point_crack.rar_downloader_224a.exe
[2012.07.16 23:35:06 | 000,000,000 | ---D | C] -- C:\Users\Mom\Neuer Ordner
[2012.07.16 23:21:55 | 006,097,200 | ---- | C] (SweetIM Technologies Ltd.) -- C:\Users\Mom\Documents\setup_48F94B4-CE4D-4F8F-84C8-2C025539E13.exe
[2012.07.16 23:21:11 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\#ISW.FS#
[2012.07.15 15:12:31 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\ts3overlay
[2012.07.08 11:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
[2012.07.08 11:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inbox Toolbar
[2012.07.07 10:48:54 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.07 10:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.07.07 10:48:47 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.07.07 10:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.07.07 10:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.07.07 10:47:53 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\DVDVideoSoft
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.01 20:09:27 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2012.08.01 19:59:38 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.08.01 19:56:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.01 19:54:58 | 000,102,852 | ---- | M] () -- C:\Users\Mom\Desktop\2012-08-01 18.53.02.jpg
[2012.08.01 19:54:48 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 19:54:48 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 19:46:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.01 19:45:56 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.01 15:21:16 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012.07.31 23:14:35 | 000,006,656 | ---- | M] () -- C:\Users\Mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.26 23:03:12 | 000,000,000 | ---- | M] () -- C:\Users\Mom\Documents\ts3_clientui-win32-1334913258-2012-07-26 23_03_12.235315.dmp
[2012.07.26 22:57:03 | 000,000,000 | ---- | M] () -- C:\Users\Mom\Documents\ts3_clientui-win32-1334913258-2012-07-26 22_57_03.762240.dmp
[2012.07.22 12:45:30 | 000,001,162 | ---- | M] () -- C:\Users\Mom\Desktop\Microsoft LifeCam installieren.lnk
[2012.07.20 11:53:03 | 001,619,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.20 11:53:03 | 000,698,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.20 11:53:03 | 000,654,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.20 11:53:03 | 000,148,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.20 11:53:03 | 000,121,898 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.19 13:11:25 | 000,344,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.18 13:29:55 | 000,001,172 | ---- | M] () -- C:\Users\Mom\Desktop\OpenOffice.org 3.4.lnk
[2012.07.18 13:23:57 | 151,893,470 | ---- | M] () -- C:\Users\Mom\Desktop\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_de.exe
[2012.07.18 13:14:37 | 000,000,247 | ---- | M] () -- C:\user.js
[2012.07.18 13:13:44 | 004,110,768 | ---- | M] (Weclome to YourFile Downloader!) -- C:\Users\Mom\Desktop\presenter_media_power_point_crack.rar_downloader_224a.exe
[2012.07.16 23:23:10 | 006,097,200 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Users\Mom\Documents\setup_48F94B4-CE4D-4F8F-84C8-2C025539E13.exe
[2012.07.15 17:48:27 | 000,066,878 | ---- | M] () -- C:\ProgramData\svcdotnet.inc
[2012.07.14 10:58:25 | 000,000,012 | ---- | M] () -- C:\ProgramData\svcdotnet.cfg
[2012.07.07 10:48:49 | 000,001,368 | ---- | M] () -- C:\Users\Mom\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.04 13:09:24 | 000,000,000 | ---- | M] () -- C:\Users\Mom\Documents\ts3_clientui-win32-1334913258-2012-07-04 13_09_24.280490.dmp
 
========== Files Created - No Company Name ==========
 
[2012.08.01 19:54:56 | 000,102,852 | ---- | C] () -- C:\Users\Mom\Desktop\2012-08-01 18.53.02.jpg
[2012.08.01 16:08:40 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.08.01 15:21:16 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012.08.01 09:03:15 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2012.07.31 22:13:45 | 000,000,977 | ---- | C] () -- C:\Users\Mom\Desktop\PowerISO.lnk
[2012.07.31 22:13:44 | 000,001,172 | ---- | C] () -- C:\Users\Mom\Desktop\OpenOffice.org 3.4.lnk
[2012.07.31 22:13:44 | 000,001,132 | ---- | C] () -- C:\Users\Mom\Desktop\TeamSpeak 3 Client.lnk
[2012.07.26 23:03:12 | 000,000,000 | ---- | C] () -- C:\Users\Mom\Documents\ts3_clientui-win32-1334913258-2012-07-26 23_03_12.235315.dmp
[2012.07.26 22:57:03 | 000,000,000 | ---- | C] () -- C:\Users\Mom\Documents\ts3_clientui-win32-1334913258-2012-07-26 22_57_03.762240.dmp
[2012.07.21 19:02:52 | 000,006,656 | ---- | C] () -- C:\Users\Mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.18 13:19:18 | 151,893,470 | ---- | C] () -- C:\Users\Mom\Desktop\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_de.exe
[2012.07.18 13:14:36 | 000,000,247 | ---- | C] () -- C:\user.js
[2012.07.07 10:48:49 | 000,001,368 | ---- | C] () -- C:\Users\Mom\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.04 13:09:24 | 000,000,000 | ---- | C] () -- C:\Users\Mom\Documents\ts3_clientui-win32-1334913258-2012-07-04 13_09_24.280490.dmp
[2012.06.13 14:40:03 | 000,066,878 | ---- | C] () -- C:\ProgramData\svcdotnet.inc
[2012.06.13 14:39:58 | 000,000,012 | ---- | C] () -- C:\ProgramData\svcdotnet.cfg
[2012.06.08 16:29:05 | 000,033,874 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.04.16 19:00:31 | 000,095,176 | R--- | C] () -- C:\Users\Mom\14061630_Kontoauszug_20120416.pdf
[2012.04.01 15:38:14 | 001,596,090 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.08.23 21:23:07 | 000,009,847 | ---- | C] () -- C:\Windows\SysWow64\msw-npore.dll
[2010.09.01 19:16:47 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\msm-cpord.dll
 
========== LOP Check ==========
 
[2012.07.16 23:21:34 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\#ISW.FS#
[2012.07.18 13:14:17 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Babylon
[2012.08.01 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\BitTorrent
[2012.06.10 16:42:25 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\CheckPoint
[2012.07.07 11:08:43 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\DVDVideoSoft
[2012.07.07 10:48:54 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.14 04:16:46 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Easy Macro Recorder
[2012.04.02 13:18:27 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\LolClient
[2012.05.24 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\LolClient2
[2012.07.18 13:30:43 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\OpenOffice.org
[2012.05.20 14:34:47 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\PowerISO
[2012.04.29 15:11:35 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Samsung
[2012.05.24 20:24:37 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\TeamViewer
[2012.04.07 14:40:08 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Teeworlds
[2012.07.19 19:09:47 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Temp
[2012.05.09 17:38:31 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\TS3Client
[2012.07.15 15:17:02 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\ts3overlay
[2012.07.18 13:14:03 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\YourFileDownloader
[2012.06.30 10:15:48 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.06.08 10:07:19 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.04.01 15:15:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.05.10 19:50:12 | 000,000,000 | ---D | M] -- C:\2ffc44958d65d012c47ccbd53351fc78
[2012.04.02 19:29:37 | 000,000,000 | ---D | M] -- C:\496dd92be0f89d073590
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.04.01 15:10:31 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.06.07 18:59:06 | 000,000,000 | ---D | M] -- C:\Download
[2012.04.10 00:07:52 | 000,000,000 | ---D | M] -- C:\gamigo
[2012.08.01 18:44:13 | 000,000,000 | ---D | M] -- C:\gPotato.eu
[2012.06.30 10:12:54 | 000,000,000 | -H-D | M] -- C:\hp
[2012.04.01 15:52:21 | 000,000,000 | ---D | M] -- C:\LoL
[2012.07.31 23:23:41 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2012.06.12 19:40:07 | 000,000,000 | ---D | M] -- C:\Nexon
[2012.07.23 02:09:21 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.08.01 00:56:04 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.08.01 20:02:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.08.01 20:02:25 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.04.01 15:10:31 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.07.22 23:51:23 | 000,000,000 | ---D | M] -- C:\PWRD
[2012.04.01 17:13:39 | 000,000,000 | ---D | M] -- C:\Riot Games
[2010.06.04 15:38:20 | 000,000,000 | ---D | M] -- C:\SWSETUP
[2012.08.01 20:27:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.06.04 15:27:39 | 000,000,000 | RHSD | M] -- C:\system.sav
[2012.04.29 15:13:26 | 000,000,000 | ---D | M] -- C:\Temp
[2012.04.01 15:15:23 | 000,000,000 | R--D | M] -- C:\Users
[2012.08.01 18:43:59 | 000,000,000 | ---D | M] -- C:\Windows
[2012.07.23 02:08:38 | 000,000,000 | ---D | M] -- C:\WOI_DE_SETUP_V256_0505
[2012.07.22 23:42:41 | 000,000,000 | ---D | M] -- C:\WOI_SETUP_V256_0504
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.06.05 01:03:42 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.06.05 01:05:03 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.06.05 01:03:42 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010.06.05 01:02:03 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.06.05 01:05:03 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.06.05 01:02:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.06.05 01:05:03 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.06.05 01:02:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.06.05 01:05:03 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010.06.05 01:03:42 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.06.05 01:02:03 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2008.04.29 17:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe
[2010.06.05 01:03:42 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.06.05 01:05:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.06.05 01:05:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2008.07.01 15:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.04.16 19:00:29 | 000,095,176 | R--- | M] () -- C:\Users\Mom\14061630_Kontoauszug_20120416.pdf
[2012.08.01 20:27:10 | 001,572,864 | -HS- | M] () -- C:\Users\Mom\NTUSER.DAT
[2012.08.01 20:27:10 | 000,262,144 | -HS- | M] () -- C:\Users\Mom\ntuser.dat.LOG1
[2012.04.01 15:15:23 | 000,000,000 | -HS- | M] () -- C:\Users\Mom\ntuser.dat.LOG2
[2012.04.01 15:15:23 | 000,065,536 | -HS- | M] () -- C:\Users\Mom\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.04.01 15:15:23 | 000,524,288 | -HS- | M] () -- C:\Users\Mom\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.04.01 15:15:23 | 000,524,288 | -HS- | M] () -- C:\Users\Mom\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.04.01 15:15:23 | 000,000,020 | -HS- | M] () -- C:\Users\Mom\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---

Alt 01.08.2012, 19:57   #5
markusg
/// Malware-holic
 
gvu trojaner win7 - Standard

gvu trojaner win7



bitte so scannen wie beschrieben also abges.modus mit netzwerk

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.08.2012, 20:20   #6
nicola1997
 
gvu trojaner win7 - Standard

gvu trojaner win7



OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.08.2012 21:06:38 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Mom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 76,77% Memory free
7,50 Gb Paging File | 6,65 Gb Available in Paging File | 88,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 689,42 Gb Total Space | 614,07 Gb Free Space | 89,07% Space Free | Partition Type: NTFS
Drive D: | 9,12 Gb Total Space | 0,92 Gb Free Space | 10,10% Space Free | Partition Type: NTFS
 
Computer Name: MOM-HP | User Name: Mom | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPF_devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D8D2B18B-E963-4E1A-A546-3114C373B051}
IE:64bit: - HKLM\..\SearchScopes\{D8D2B18B-E963-4E1A-A546-3114C373B051}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKLM\..\SearchScopes\{D8D2B18B-E963-4E1A-A546-3114C373B051}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={C21BD49E-8171-45A7-AAC9-151969C23211}&mid=ec08da9c948d47d0a90da9ae9726f0ad-c064feda14e70e09a3b2bf25dc6290e2af9e3200&lang=de&ds=st011&pr=sa&d=2012-05-20 14:26:50&v=11.1.0.12&sap=hp
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=2912_8&babsrc=SP_ss&mntrId=d625ea4c00000000000078e7d1c2195e
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={C21BD49E-8171-45A7-AAC9-151969C23211}&mid=ec08da9c948d47d0a90da9ae9726f0ad-c064feda14e70e09a3b2bf25dc6290e2af9e3200&lang=de&ds=st011&pr=sa&d=2012-05-20 14:26:50&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "hxxp://isearch.avg.com?cid=%7Ba86e67ce-1c97-49d4-b839-bc1f13ddd6c4%7D&mid=ec08da9c948d47d0a90da9ae9726f0ad-c064feda14e70e09a3b2bf25dc6290e2af9e3200&ds=st011&v=11.1.0.7&lang=de&pr=sa&d=2012-05-20%2014%3A26%3A50&sap=hp"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Ba86e67ce-1c97-49d4-b839-bc1f13ddd6c4%7D&mid=ec08da9c948d47d0a90da9ae9726f0ad-c064feda14e70e09a3b2bf25dc6290e2af9e3200&ds=st011&v=11.1.0.7&lang=de&pr=sa&d=2012-05-20%2014%3A26%3A50&sap=ku&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.06.10 16:58:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.06.09 12:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.10 13:08:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.07 18:37:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.04.01 15:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\mozilla\Extensions
[2012.08.01 18:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\mozilla\Firefox\Profiles\5kp5mxwz.default\extensions
[2012.07.07 10:48:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mom\AppData\Roaming\mozilla\Firefox\Profiles\5kp5mxwz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.01 18:53:57 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Mom\AppData\Roaming\mozilla\Firefox\Profiles\5kp5mxwz.default\extensions\inboxcomtoolbar@inbox.com
[2012.05.07 18:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.06.09 12:16:23 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\WOW64\TRUSTCHECKER
[2012.07.13 18:02:13 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\MOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5KP5MXWZ.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2012.05.07 18:37:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.10 13:08:22 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.07.18 13:14:23 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [FullScreen] C:\BLOCK\CFG\flexbuild\FullScreen\launchFS.cmd File not found
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mom\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mom\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E993BCC-582C-4B0C-91D6-C2CD5434A8E5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{507ab5a9-814f-11e1-a9ba-78e7d1c2195e}\Shell - "" = AutoRun
O33 - MountPoints2\{507ab5a9-814f-11e1-a9ba-78e7d1c2195e}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.01 20:09:26 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2012.08.01 20:02:44 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Malwarebytes
[2012.08.01 20:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.01 15:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2012.08.01 15:20:42 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\BitTorrent
[2012.08.01 15:20:42 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\BitTorrent
[2012.08.01 09:05:55 | 004,229,912 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2012.08.01 09:03:15 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2012.08.01 09:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2012.08.01 00:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\gPotato.eu
[2012.07.31 23:23:41 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2012.07.31 16:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameforge4D
[2012.07.29 21:23:45 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\Lets play
[2012.07.23 00:04:49 | 000,000,000 | ---D | C] -- C:\WOI_DE_SETUP_V256_0505
[2012.07.22 23:51:23 | 000,000,000 | ---D | C] -- C:\PWRD
[2012.07.22 23:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PWD
[2012.07.22 23:42:58 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2012.07.22 21:57:41 | 000,000,000 | ---D | C] -- C:\WOI_SETUP_V256_0504
[2012.07.21 19:01:51 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\TechSmith
[2012.07.21 19:01:45 | 000,000,000 | ---D | C] -- C:\Users\Mom\Documents\Camtasia Studio
[2012.07.21 19:01:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2012.07.21 19:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012.07.21 10:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2012.07.19 18:40:02 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Temp
[2012.07.18 13:30:43 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\OpenOffice.org
[2012.07.18 13:29:55 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.07.18 13:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.07.18 13:27:01 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\OpenOffice.org 3.4 (de) Installation Files
[2012.07.18 13:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.07.18 13:14:17 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Babylon
[2012.07.18 13:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.07.18 13:14:03 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\YourFileDownloader
[2012.07.18 13:13:43 | 004,110,768 | ---- | C] (Weclome to YourFile Downloader!) -- C:\Users\Mom\Desktop\presenter_media_power_point_crack.rar_downloader_224a.exe
[2012.07.16 23:35:06 | 000,000,000 | ---D | C] -- C:\Users\Mom\Neuer Ordner
[2012.07.16 23:21:55 | 006,097,200 | ---- | C] (SweetIM Technologies Ltd.) -- C:\Users\Mom\Documents\setup_48F94B4-CE4D-4F8F-84C8-2C025539E13.exe
[2012.07.16 23:21:11 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\#ISW.FS#
[2012.07.15 15:12:31 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\ts3overlay
[2012.07.08 11:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
[2012.07.08 11:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inbox Toolbar
[2012.07.07 10:48:54 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.07 10:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.07.07 10:48:47 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.07.07 10:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.07.07 10:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.07.07 10:47:53 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\DVDVideoSoft
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.01 21:03:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.01 21:03:39 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.01 20:57:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.01 20:09:27 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2012.08.01 19:59:38 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.08.01 19:54:58 | 000,102,852 | ---- | M] () -- C:\Users\Mom\Desktop\2012-08-01 18.53.02.jpg
[2012.08.01 19:54:48 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 19:54:48 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 15:21:16 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012.07.31 23:14:35 | 000,006,656 | ---- | M] () -- C:\Users\Mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.26 23:03:12 | 000,000,000 | ---- | M] () -- C:\Users\Mom\Documents\ts3_clientui-win32-1334913258-2012-07-26 23_03_12.235315.dmp
[2012.07.26 22:57:03 | 000,000,000 | ---- | M] () -- C:\Users\Mom\Documents\ts3_clientui-win32-1334913258-2012-07-26 22_57_03.762240.dmp
[2012.07.22 12:45:30 | 000,001,162 | ---- | M] () -- C:\Users\Mom\Desktop\Microsoft LifeCam installieren.lnk
[2012.07.20 11:53:03 | 001,619,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.20 11:53:03 | 000,698,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.20 11:53:03 | 000,654,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.20 11:53:03 | 000,148,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.20 11:53:03 | 000,121,898 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.19 13:11:25 | 000,344,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.18 13:29:55 | 000,001,172 | ---- | M] () -- C:\Users\Mom\Desktop\OpenOffice.org 3.4.lnk
[2012.07.18 13:23:57 | 151,893,470 | ---- | M] () -- C:\Users\Mom\Desktop\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_de.exe
[2012.07.18 13:14:37 | 000,000,247 | ---- | M] () -- C:\user.js
[2012.07.18 13:13:44 | 004,110,768 | ---- | M] (Weclome to YourFile Downloader!) -- C:\Users\Mom\Desktop\presenter_media_power_point_crack.rar_downloader_224a.exe
[2012.07.16 23:23:10 | 006,097,200 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Users\Mom\Documents\setup_48F94B4-CE4D-4F8F-84C8-2C025539E13.exe
[2012.07.15 17:48:27 | 000,066,878 | ---- | M] () -- C:\ProgramData\svcdotnet.inc
[2012.07.14 10:58:25 | 000,000,012 | ---- | M] () -- C:\ProgramData\svcdotnet.cfg
[2012.07.07 10:48:49 | 000,001,368 | ---- | M] () -- C:\Users\Mom\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.04 13:09:24 | 000,000,000 | ---- | M] () -- C:\Users\Mom\Documents\ts3_clientui-win32-1334913258-2012-07-04 13_09_24.280490.dmp
 
========== Files Created - No Company Name ==========
 
[2012.08.01 19:54:56 | 000,102,852 | ---- | C] () -- C:\Users\Mom\Desktop\2012-08-01 18.53.02.jpg
[2012.08.01 16:08:40 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.08.01 15:21:16 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012.08.01 09:03:15 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2012.07.31 22:13:45 | 000,000,977 | ---- | C] () -- C:\Users\Mom\Desktop\PowerISO.lnk
[2012.07.31 22:13:44 | 000,001,172 | ---- | C] () -- C:\Users\Mom\Desktop\OpenOffice.org 3.4.lnk
[2012.07.31 22:13:44 | 000,001,132 | ---- | C] () -- C:\Users\Mom\Desktop\TeamSpeak 3 Client.lnk
[2012.07.26 23:03:12 | 000,000,000 | ---- | C] () -- C:\Users\Mom\Documents\ts3_clientui-win32-1334913258-2012-07-26 23_03_12.235315.dmp
[2012.07.26 22:57:03 | 000,000,000 | ---- | C] () -- C:\Users\Mom\Documents\ts3_clientui-win32-1334913258-2012-07-26 22_57_03.762240.dmp
[2012.07.21 19:02:52 | 000,006,656 | ---- | C] () -- C:\Users\Mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.18 13:19:18 | 151,893,470 | ---- | C] () -- C:\Users\Mom\Desktop\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_de.exe
[2012.07.18 13:14:36 | 000,000,247 | ---- | C] () -- C:\user.js
[2012.07.07 10:48:49 | 000,001,368 | ---- | C] () -- C:\Users\Mom\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.04 13:09:24 | 000,000,000 | ---- | C] () -- C:\Users\Mom\Documents\ts3_clientui-win32-1334913258-2012-07-04 13_09_24.280490.dmp
[2012.06.13 14:40:03 | 000,066,878 | ---- | C] () -- C:\ProgramData\svcdotnet.inc
[2012.06.13 14:39:58 | 000,000,012 | ---- | C] () -- C:\ProgramData\svcdotnet.cfg
[2012.06.08 16:29:05 | 000,033,874 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.04.16 19:00:31 | 000,095,176 | R--- | C] () -- C:\Users\Mom\14061630_Kontoauszug_20120416.pdf
[2012.04.01 15:38:14 | 001,596,090 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.08.23 21:23:07 | 000,009,847 | ---- | C] () -- C:\Windows\SysWow64\msw-npore.dll
[2010.09.01 19:16:47 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\msm-cpord.dll
 
========== LOP Check ==========
 
[2012.07.16 23:21:34 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\#ISW.FS#
[2012.07.18 13:14:17 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Babylon
[2012.08.01 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\BitTorrent
[2012.06.10 16:42:25 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\CheckPoint
[2012.07.07 11:08:43 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\DVDVideoSoft
[2012.07.07 10:48:54 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.14 04:16:46 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Easy Macro Recorder
[2012.04.02 13:18:27 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\LolClient
[2012.05.24 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\LolClient2
[2012.07.18 13:30:43 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\OpenOffice.org
[2012.05.20 14:34:47 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\PowerISO
[2012.04.29 15:11:35 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Samsung
[2012.05.24 20:24:37 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\TeamViewer
[2012.04.07 14:40:08 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Teeworlds
[2012.07.19 19:09:47 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Temp
[2012.05.09 17:38:31 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\TS3Client
[2012.07.15 15:17:02 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\ts3overlay
[2012.07.18 13:14:03 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\YourFileDownloader
[2012.06.30 10:15:48 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.06.08 10:07:19 | 000,032,764 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.04.01 15:15:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.05.10 19:50:12 | 000,000,000 | ---D | M] -- C:\2ffc44958d65d012c47ccbd53351fc78
[2012.04.02 19:29:37 | 000,000,000 | ---D | M] -- C:\496dd92be0f89d073590
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.04.01 15:10:31 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.06.07 18:59:06 | 000,000,000 | ---D | M] -- C:\Download
[2012.04.10 00:07:52 | 000,000,000 | ---D | M] -- C:\gamigo
[2012.08.01 18:44:13 | 000,000,000 | ---D | M] -- C:\gPotato.eu
[2012.06.30 10:12:54 | 000,000,000 | -H-D | M] -- C:\hp
[2012.04.01 15:52:21 | 000,000,000 | ---D | M] -- C:\LoL
[2012.07.31 23:23:41 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2012.06.12 19:40:07 | 000,000,000 | ---D | M] -- C:\Nexon
[2012.07.23 02:09:21 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.08.01 00:56:04 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.08.01 21:01:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.08.01 20:02:25 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.04.01 15:10:31 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.07.22 23:51:23 | 000,000,000 | ---D | M] -- C:\PWRD
[2012.04.01 17:13:39 | 000,000,000 | ---D | M] -- C:\Riot Games
[2010.06.04 15:38:20 | 000,000,000 | ---D | M] -- C:\SWSETUP
[2012.08.01 20:27:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.06.04 15:27:39 | 000,000,000 | RHSD | M] -- C:\system.sav
[2012.04.29 15:13:26 | 000,000,000 | ---D | M] -- C:\Temp
[2012.04.01 15:15:23 | 000,000,000 | R--D | M] -- C:\Users
[2012.08.01 18:43:59 | 000,000,000 | ---D | M] -- C:\Windows
[2012.07.23 02:08:38 | 000,000,000 | ---D | M] -- C:\WOI_DE_SETUP_V256_0505
[2012.07.22 23:42:41 | 000,000,000 | ---D | M] -- C:\WOI_SETUP_V256_0504
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.06.05 01:03:42 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.06.05 01:05:03 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.06.05 01:03:42 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010.06.05 01:02:03 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.06.05 01:05:03 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.06.05 01:02:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.06.05 01:05:03 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.06.05 01:02:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.06.05 01:05:03 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010.06.05 01:03:42 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.06.05 01:02:03 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2008.04.29 17:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe
[2010.06.05 01:03:42 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.06.05 01:05:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.06.05 01:05:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2008.07.01 15:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
[2011.03.11 07:33:59 | 001,137,664 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\mfc42.dll
[2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll
[2009.07.14 03:15:50 | 000,406,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvcp60.dll
 
< %USERPROFILE%\*.* >
[2012.04.16 19:00:29 | 000,095,176 | R--- | M] () -- C:\Users\Mom\14061630_Kontoauszug_20120416.pdf
[2012.08.01 21:01:17 | 001,572,864 | -HS- | M] () -- C:\Users\Mom\NTUSER.DAT
[2012.08.01 21:01:17 | 000,262,144 | -HS- | M] () -- C:\Users\Mom\ntuser.dat.LOG1
[2012.04.01 15:15:23 | 000,000,000 | -HS- | M] () -- C:\Users\Mom\ntuser.dat.LOG2
[2012.04.01 15:15:23 | 000,065,536 | -HS- | M] () -- C:\Users\Mom\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.04.01 15:15:23 | 000,524,288 | -HS- | M] () -- C:\Users\Mom\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.04.01 15:15:23 | 000,524,288 | -HS- | M] () -- C:\Users\Mom\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.04.01 15:15:23 | 000,000,020 | -HS- | M] () -- C:\Users\Mom\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---

die extras.txt war aus irgend einem grund nicht dabei 0.o


Edit: Ich starte nochmal neu

Auch beim 3ten versuch war extras.txt nicht dabei

Ist es normal das wenn man im abgesicherten modus auf als administrator ausführen klickt das man es nicht bestätigen muss in so einem extra fenster?
oder ist das ein bug und ich führe das Program normal aus?

Alt 01.08.2012, 22:05   #7
markusg
/// Malware-holic
 
gvu trojaner win7 - Standard

gvu trojaner win7



hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.08.2012, 13:08   #8
nicola1997
 
gvu trojaner win7 - Standard

gvu trojaner win7



Hi habe alles gemacht wie es da stand aber combofix laed bei
Zielverzeichnis: C:\32788R22FWJFW nicht weiter.

Soll ich combofix beenden?

Ok hat sich erledigt hier ist der logCombofix Logfile:
Code:
ATTFilter
ComboFix 12-07-31.03 - Mom 02.08.2012  17:10:15.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3839.2783 [GMT 2:00]
ausgeführt von:: c:\users\Mom\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\keylog.txt
c:\users\Mom\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-02 bis 2012-08-02  ))))))))))))))))))))))))))))))
.
.
2012-08-02 15:17 . 2012-08-02 15:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-01 18:47 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0145584-0E1E-49AF-AA1B-3698592AFAB3}\mpengine.dll
2012-08-01 18:02 . 2012-08-01 18:02	--------	d-----w-	c:\users\Mom\AppData\Roaming\Malwarebytes
2012-08-01 18:02 . 2012-08-01 18:02	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-01 13:21 . 2012-08-01 20:00	--------	d-----w-	c:\program files (x86)\BitTorrent
2012-08-01 13:20 . 2012-08-02 15:07	--------	d-----w-	c:\users\Mom\AppData\Roaming\BitTorrent
2012-08-01 13:20 . 2012-08-01 13:20	--------	d-----w-	c:\users\Mom\AppData\Local\BitTorrent
2012-08-01 07:05 . 2011-11-28 21:38	4229912	----a-w-	c:\windows\SysWow64\GameMon.des
2012-08-01 07:03 . 2005-01-03 15:43	4682	----a-w-	c:\windows\SysWow64\npptNT2.sys
2012-08-01 07:03 . 2003-07-20 00:17	5174	----a-w-	c:\windows\SysWow64\nppt9x.vxd
2012-08-01 07:02 . 2012-08-01 07:02	--------	d-----w-	c:\program files\Common Files\INCA Shared
2012-07-31 22:56 . 2012-08-01 14:50	--------	d-----w-	c:\program files\gPotato.eu
2012-07-31 21:23 . 2012-07-31 21:23	--------	d-----w-	C:\Neuer Ordner
2012-07-31 14:28 . 2012-07-31 14:28	--------	d-----w-	c:\program files (x86)\Gameforge4D
2012-07-31 10:50 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-22 22:04 . 2012-07-23 00:08	--------	d-----w-	C:\WOI_DE_SETUP_V256_0505
2012-07-22 21:51 . 2012-07-22 21:51	--------	d-----w-	C:\PWRD
2012-07-22 21:51 . 2012-07-22 21:51	--------	d-----w-	c:\programdata\PWD
2012-07-22 21:42 . 2012-07-23 00:09	--------	d-----w-	C:\Perfect World Entertainment
2012-07-22 19:57 . 2012-07-22 21:42	--------	d-----w-	C:\WOI_SETUP_V256_0504
2012-07-21 17:01 . 2012-07-21 17:01	--------	d-----w-	c:\users\Mom\AppData\Local\TechSmith
2012-07-21 17:01 . 2012-07-21 17:01	--------	d-----w-	c:\windows\SysWow64\QuickTime
2012-07-21 17:01 . 2012-08-01 16:43	--------	d-----w-	c:\programdata\TechSmith
2012-07-21 08:47 . 2012-07-21 08:47	--------	d-----w-	c:\program files\Microsoft LifeCam
2012-07-18 11:30 . 2012-07-18 11:30	--------	d-----w-	c:\users\Mom\AppData\Roaming\OpenOffice.org
2012-07-18 11:29 . 2012-07-18 11:29	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2012-07-18 11:14 . 2012-07-18 11:14	247	----a-w-	C:\user.js
2012-07-18 11:14 . 2012-08-01 20:00	--------	d-----w-	c:\program files (x86)\BabylonToolbar
2012-07-18 11:14 . 2012-07-18 11:14	--------	d-----w-	c:\users\Mom\AppData\Roaming\Babylon
2012-07-18 11:14 . 2012-07-18 11:14	--------	d-----w-	c:\programdata\Babylon
2012-07-18 11:14 . 2012-07-18 11:14	--------	d-----w-	c:\users\Mom\AppData\Roaming\YourFileDownloader
2012-07-16 21:35 . 2012-07-16 21:35	--------	d-----w-	c:\users\Mom\Neuer Ordner
2012-07-16 21:21 . 2012-07-16 21:21	--------	d-----w-	c:\users\Mom\AppData\Roaming\#ISW.FS#
2012-07-15 13:12 . 2012-07-15 13:17	--------	d-----w-	c:\users\Mom\AppData\Roaming\ts3overlay
2012-07-11 14:11 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 08:01 . 2012-06-06 06:05	1499136	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 08:01 . 2012-06-06 05:05	1019904	----a-w-	c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 08:01 . 2012-06-06 06:05	466944	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 08:01 . 2012-06-06 06:05	258048	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 08:01 . 2012-06-06 05:03	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-07-11 08:01 . 2012-06-06 06:05	495616	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 08:01 . 2012-06-06 06:05	61440	----a-w-	c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 08:01 . 2012-06-06 05:05	57344	----a-w-	c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 08:01 . 2012-06-06 05:05	352256	----a-w-	c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 08:01 . 2012-06-06 06:02	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-07-11 08:01 . 2012-06-06 05:05	143360	----a-w-	c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 08:01 . 2012-06-06 05:05	372736	----a-w-	c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 08:01 . 2012-06-06 05:05	212992	----a-w-	c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-08 09:42 . 2012-07-08 09:44	--------	d-----w-	c:\program files (x86)\Inbox Toolbar
2012-07-07 08:48 . 2012-06-22 14:32	405144	----a-w-	c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-07-07 08:48 . 2012-07-07 08:48	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2012-07-07 08:48 . 2012-07-07 08:48	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2012-07-07 08:47 . 2012-07-07 09:08	--------	d-----w-	c:\users\Mom\AppData\Roaming\DVDVideoSoft
2012-07-03 20:42 . 2012-04-25 14:16	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9861D93E-A8E3-4FB2-89DD-93F90DF9C355}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 11:57 . 2012-04-01 14:51	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-29 11:57 . 2012-04-01 14:51	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 14:09 . 2012-06-21 10:41	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-21 10:36 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-06-21 10:36 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-06-10 16:37 . 2012-06-07 16:58	235	----a-w-	c:\windows\SysWow64\nxEuUninstall.bat
2012-06-10 16:37 . 2012-06-07 16:58	446464	----a-w-	c:\windows\NEXON_EU_DownloaderUpdater.exe
2012-06-08 14:29 . 2012-06-08 14:29	94208	----a-w-	c:\windows\DIIUnin.exe
2012-06-08 14:29 . 2012-06-08 14:29	2829	----a-w-	c:\windows\DIIUnin.pif
2012-06-02 22:19 . 2012-06-21 15:22	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:23	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:23	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:23	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:22	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:23	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:22	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 15:20	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 15:20	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-05-20 07:49 . 2012-05-20 07:49	71680	----a-w-	c:\windows\system32\frapsv64.dll
2012-05-20 07:49 . 2012-05-20 07:49	65536	----a-w-	c:\windows\SysWow64\frapsvid.dll
2012-05-15 04:01 . 2012-06-12 21:16	1188864	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-12 21:16	64512	----a-w-	c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-12 21:16	981504	----a-w-	c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 09:28	1307928	----a-w-	c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 11:08	2074208	----a-w-	c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-25 21432]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-06-07 438272]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-08-01 1976176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-05-03 73360]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-25 3521464]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-07 129976]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-24 36208]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-04-08 243744]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2012-01-09 11864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-01 202752]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-04-30 33672]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-04-30 827520]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2007-02-07 34048]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-01 6366720]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-01 186880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 11:57]
.
2012-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://isearch.avg.com/?cid={C21BD49E-8171-45A7-AAC9-151969C23211}&mid=ec08da9c948d47d0a90da9ae9726f0ad-c064feda14e70e09a3b2bf25dc6290e2af9e3200&lang=de&ds=st011&pr=sa&d=2012-05-20 14:26&v=11.1.0.12&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Mom\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\5kp5mxwz.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Ba86e67ce-1c97-49d4-b839-bc1f13ddd6c4%7D&mid=ec08da9c948d47d0a90da9ae9726f0ad-c064feda14e70e09a3b2bf25dc6290e2af9e3200&ds=st011&v=11.1.0.7&lang=de&pr=sa&d=2012-05-20%2014%3A26%3A50&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Ba86e67ce-1c97-49d4-b839-bc1f13ddd6c4%7D&mid=ec08da9c948d47d0a90da9ae9726f0ad-c064feda14e70e09a3b2bf25dc6290e2af9e3200&ds=st011&v=11.1.0.7&lang=de&pr=sa&d=2012-05-20%2014%3A26%3A50&sap=ku&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=2912_8
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - d625ea4c00000000000078e7d1c2195e
FF - user.js: extensions.BabylonToolbar_i.hardId - d625ea4c00000000000078e7d1c2195e
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15539
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:14
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe
Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-FullScreen - c:\block\CFG\flexbuild\FullScreen\launchFS.cmd
HKLM-Run-ISW - (no file)
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-02  17:28:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-02 15:28
.
Vor Suchlauf: 21 Verzeichnis(se), 656.345.038.848 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 660.218.335.232 Bytes frei
.
- - End Of File - - 26FFEB11B69D882821F440AE10473C47
         
--- --- ---

Antwort

Themen zu gvu trojaner win7
board, eingefangen, gefangen, gema trojaner, gen, heute, inter, interne, internet, kabel, lan, nichts, phone, poste, posten, screen, smartphone, sobald, troja, trojaner, trojaner board, uploaden, vordergrund, win, win7, öffnet



Ähnliche Themen: gvu trojaner win7


  1. Div. Bluescreens bei Win7 und Win7-Installation nach durchgeb. Netzteil
    Alles rund um Windows - 24.11.2013 (8)
  2. GUV Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (27)
  3. GVU-Trojaner auf Win7 x64
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (5)
  4. GVU Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (1)
  5. GVU-Trojaner auf Win7
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (13)
  6. GVU Trojaner in Win7
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (3)
  7. BKA Trojaner 1.13 Win7
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (10)
  8. GVU Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (11)
  9. GVU Win7 Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (4)
  10. GVU Trojaner auf Win7 Pro x64
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (12)
  11. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  12. GVU Trojaner auf Win7 :-(
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (10)
  13. GVU Trojaner - Win7
    Log-Analyse und Auswertung - 06.08.2012 (12)
  14. GVU-Trojaner, Win7 64-Bit
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (1)
  15. BKA Trojaner 3.02 und 1.03 auf Win7
    Log-Analyse und Auswertung - 30.03.2012 (1)
  16. BKA Trojaner win7 pro 64 Bit
    Log-Analyse und Auswertung - 14.11.2011 (30)
  17. Ist Win7 Starter genau so sicher wie das normale Win7?
    Alles rund um Windows - 28.07.2011 (2)

Zum Thema gvu trojaner win7 - Hallo liebes Trojaner board team. Ich habe mir heute einen trojaner eingefangen der àhnlichkeiten mit dem gema trojaner hatIch kann leider nicht mit meinen pc ins internet den sobald ich - gvu trojaner win7...
Archiv
Du betrachtest: gvu trojaner win7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.