Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: LicenceValiador.exe & Upgradechecker.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.08.2012, 03:39   #1
derhitpula
 
LicenceValiador.exe & Upgradechecker.exe - Standard

LicenceValiador.exe & Upgradechecker.exe



Hallo liebes Forum!
Ich bemerkte vor geringer Zeit (evtl. 1-2 Wochen, evtl. auch länger), dass etwas mit meinem Computer nicht stimmt.
Der Computer ist extrem langsam, gerade wenn ich in's Internet gehe (Firefox).

Internetexplorer startet beim Hochfahren im Hintergrund 2x automatisch, Desktop-Icons ordnen sich von alleine neu an nach dem Hochfahren und auch die Icons für meine Lesezeichen-Bar in Firefox, werden nach jedem Neustart nicht geladen, erst wenn ich auf der entsprechenden Seite war.

Naja, und es gibt wohl anscheinden Probleme mit Java, da immer die Verbindung unterbrochen wird.

Im Forum habe ich für dieses Problem zwar mehrere Threads gesehen, allerdings keinen, der zu Ende geführt wurde...

irgendwas scheint noch zu sein... achso, ich habe gefühlt zuviele svchosts (8 stück) im Taskmanager..

Ich habe bereits einen Komplett-Scan mit Malwarebytes durchgeführt.
Hier das log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.22.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
PSB PuLa :: PSBPULA-HP [Administrator]

Schutz: Aktiviert

23.08.2012 02:07:38
mbam-log-2012-08-23 (02-07-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 469976
Laufzeit: 1 Stunde(n), 55 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Da ich mich bereits ein bisschen hier durch's Forum gelesen habe, weiß ich, bzw. vermute ich, dass diese Datei etwas damit zu tun hat, aber ich denke das werdet ihr besser besser als ich.

Ich hoffe wirklich ihr könnt mir helfen, denn ich bin am verzweifen und habe echt Angst, dass durch so einen Virus noch mehr, ernsthafte, Schäden folgen könnten.

Quick Scan mit OTL auch durchgeführt:

Code:
ATTFilter
OTL logfile created on: 8/23/2012 2:09:27 AM - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\PSB PuLa\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.97 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 24.89% Memory free
3.93 Gb Paging File | 2.07 Gb Available in Paging File | 52.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.03 Gb Total Space | 24.98 Gb Free Space | 8.70% Space Free | Partition Type: NTFS
Drive D: | 10.96 Gb Total Space | 1.34 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive G: | 3.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 7.51 Gb Total Space | 6.19 Gb Free Space | 82.50% Space Free | Partition Type: FAT32
 
Computer Name: PSBPULA-HP | User Name: PSB PuLa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/08/23 01:37:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\PSB PuLa\Desktop\OTL.exe
PRC - [2012/08/19 20:25:10 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\java.exe
PRC - [2012/08/19 20:25:10 | 000,035,304 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PRC - [2012/08/09 17:33:18 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/24 09:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/07/19 00:32:48 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/02 12:21:56 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/03/02 12:21:42 | 000,133,744 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2011/02/16 11:24:18 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2010/06/01 13:37:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe
PRC - [2010/02/02 02:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2010/02/02 02:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
PRC - [2010/01/12 18:25:26 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2009/12/12 02:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/05/09 01:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/28 04:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/08/19 20:25:10 | 000,015,848 | ---- | M] () -- C:\Program Files (x86)\Java\jre7\bin\jp2native.dll
MOD - [2012/07/25 13:15:50 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/07/19 00:32:48 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2009/02/28 04:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/02/20 02:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/10/11 11:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/02/02 02:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV:64bit: - [2010/02/02 02:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge)
SRV:64bit: - [2010/01/22 23:28:48 | 000,462,088 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/19 00:32:48 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/02 12:21:56 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/03/02 12:21:42 | 000,133,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2011/02/16 11:24:18 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 13:38:46 | 000,211,296 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2010/06/01 13:37:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/03/18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/01/12 18:25:26 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/12/12 02:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/12/07 20:36:10 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 14:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/08/30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/08/17 19:56:20 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 11:23:56 | 000,020,592 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2010/12/28 21:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/10/16 05:28:42 | 010,619,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/08/09 19:57:18 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2010/05/28 16:55:10 | 000,354,320 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/05/26 20:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/03/10 00:40:42 | 000,894,336 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6UX264.sys -- (L6UX2)
DRV:64bit: - [2010/02/26 11:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 02:11:36 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock)
DRV:64bit: - [2010/02/02 02:11:34 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RsvLock.sys -- (RsvLock)
DRV:64bit: - [2010/02/02 02:11:32 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot)
DRV:64bit: - [2009/10/21 22:37:52 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2009/09/16 09:37:14 | 000,098,352 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OxSer.sys -- (OxSer)
DRV:64bit: - [2009/09/10 16:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/24 16:52:14 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SbAlg.sys -- (SbAlg)
DRV:64bit: - [2008/07/31 13:13:26 | 000,098,304 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OxPPort.sys -- (OxPPort)
DRV:64bit: - [2007/08/09 05:10:54 | 000,029,696 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewdcsc.sys -- (Huawei)
DRV - [2010/02/02 02:11:46 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/02/02 02:11:28 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/02/02 02:11:24 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010/02/02 02:11:22 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
IE:64bit: - HKLM\..\SearchScopes\{8716B62A-6A40-4D32-9E4E-4F74FD4AF5B4}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
IE - HKLM\..\SearchScopes\{8716B62A-6A40-4D32-9E4E-4F74FD4AF5B4}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{8716B62A-6A40-4D32-9E4E-4F74FD4AF5B4}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{8A6CA0B2-DF46-412E-85AB-B19C675D901C}: "URL" = hxxp://search.pandion.im/#q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:10276
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.plusnetwork.com/?sp=hp"
FF - prefs.js..keyword.URL: "hxxp://www.plusnetwork.com/?sp=faddr&q="
FF - prefs.js..network.proxy.socks: "98.228.85.60"
FF - prefs.js..network.proxy.socks_port: 1320
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PSB PuLa\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PSB PuLa\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/07/28 17:46:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 00:32:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/20 10:01:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{536ad1d6-d9d9-41e5-8945-864506a1f2fc}: C:\Users\PSB PuLa\AppData\Local\Pandion\Application\src\..\search\xpi\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\{536ad1d6-d9d9-41e5-8945-864506a1f2fc}\\setHomepage: 1
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\{536ad1d6-d9d9-41e5-8945-864506a1f2fc}\\homepage: hxxp://search.pandion.im/
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 00:32:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/20 10:01:17 | 000,000,000 | ---D | M]
 
[2011/08/10 14:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PSB PuLa\AppData\Roaming\mozilla\Extensions
[2012/08/02 00:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PSB PuLa\AppData\Roaming\mozilla\Firefox\Profiles\vv2inu6z.default\extensions
[2011/10/04 02:32:43 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\PSB PuLa\AppData\Roaming\mozilla\Firefox\Profiles\vv2inu6z.default\extensions\firefox@tvunetworks.com
[2012/05/18 20:16:34 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\PSB PuLa\AppData\Roaming\mozilla\Firefox\Profiles\vv2inu6z.default\extensions\ich@maltegoetz.de
[2011/10/10 18:21:43 | 000,004,140 | ---- | M] () -- C:\Users\PSB PuLa\AppData\Roaming\Mozilla\Firefox\Profiles\vv2inu6z.default\searchplugins\youtube.xml
[2012/01/01 23:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/09 14:34:10 | 000,012,631 | ---- | M] () (No name found) -- C:\USERS\PSB PULA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VV2INU6Z.DEFAULT\EXTENSIONS\YOUTUBEAUTOREPLAY@ARIKV.COM.XPI
[2012/07/19 00:32:48 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/11 02:30:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/11 02:30:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 02:30:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/11 02:30:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/11 02:30:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/11 02:30:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.plusnetwork.com/?sp=hp
CHR - default_search_provider: Messenger Plus Smartbar Search (Enabled)
CHR - default_search_provider: search_url = hxxp://www.plusnetwork.com/?sp=caddr&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.plusnetwork.com/?sp=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\PSB PuLa\AppData\Local\Google\Chrome\Application\21.0.1180.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\PSB PuLa\AppData\Local\Google\Chrome\Application\21.0.1180.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\PSB PuLa\AppData\Local\Google\Chrome\Application\21.0.1180.77\pdf.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\PSB PuLa\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2012/07/30 00:11:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2913D3DD-9363-4C21-B205-C19A584A0674} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Translate - C:\Program Files\Arsenal Company\SOCRAT Internet\HTML\WSocrat.js File not found
O8 - Extra context menu item: &Translate - C:\Program Files\Arsenal Company\SOCRAT Internet\HTML\WSocrat.js File not found
O9 - Extra Button: Internet Translator 1.0 - {17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} - Reg Error: Key error. File not found
O9 - Extra Button: Internet Translator 1.0 Settings - {71F65890-5ED6-11d4-9665-00E02962D81A} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Translate Page - {DFDC8970-FD66-4385-B8C0-835A4AA1DA00} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F403569B-643D-403F-B6AC-A48210B0454E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/23 01:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/23 01:43:45 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/23 01:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/23 01:37:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\PSB PuLa\Desktop\OTL.exe
[2012/08/22 22:55:32 | 000,000,000 | ---D | C] -- C:\Users\PSB PuLa\Desktop\Personalausweis
[2012/08/22 19:03:51 | 000,000,000 | ---D | C] -- C:\Users\PSB PuLa\AppData\Local\Apps
[2012/08/21 04:20:14 | 000,000,000 | ---D | C] -- C:\Users\PSB PuLa\AppData\Roaming\tor
[2012/08/21 02:02:13 | 000,000,000 | ---D | C] -- C:\Users\PSB PuLa\Desktop\Multi Mafia The New Generation V3.7
[2012/08/21 01:54:36 | 000,000,000 | ---D | C] -- C:\Users\PSB PuLa\AppData\Local\K-Script
[2012/08/21 01:48:08 | 000,000,000 | ---D | C] -- C:\Users\PSB PuLa\Desktop\K-Script Multi Bot v4.4
[2012/08/21 01:24:39 | 000,000,000 | ---D | C] -- C:\Users\PSB PuLa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XeroBank
[2012/08/21 01:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XeroBank
[2012/08/21 01:14:52 | 000,000,000 | ---D | C] -- C:\Users\PSB PuLa\Desktop\Api-Mafia1 Bot [Sniper]
[2012/08/20 10:00:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/19 20:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/19 14:38:16 | 000,000,000 | ---D | C] -- C:\Users\PSB PuLa\Documents\tipps-augfust
[2012/08/19 02:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/16 02:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012/08/16 02:03:17 | 000,000,000 | ---D | C] -- C:\Users\PSB PuLa\AppData\Local\Wajam
[2012/08/09 17:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/02 19:42:05 | 000,000,000 | ---D | C] -- C:\Users\PSB PuLa\Documents\Pro Cycling Manager 2012
[2012/08/02 19:42:05 | 000,000,000 | ---D | C] -- C:\Users\PSB PuLa\AppData\Roaming\Pro Cycling Manager 2012
[2012/08/02 19:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyanide
[2012/08/02 19:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyanide
[2012/07/30 20:51:56 | 000,000,000 | ---D | C] -- C:\Users\PSB PuLa\AppData\Local\IsolatedStorage
[2012/07/30 00:17:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/30 00:11:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/29 23:56:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/29 23:56:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/29 23:56:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/29 23:52:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/29 23:47:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/29 23:47:24 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/29 23:46:41 | 004,721,417 | R--- | C] (Swearware) -- C:\Users\PSB PuLa\Desktop\ComboFix.exe
[2012/07/29 23:42:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/29 23:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PLAV
[2012/07/29 23:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PLAV
[2012/07/29 23:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS
[2012/07/29 23:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2012/07/29 22:47:13 | 000,000,000 | ---D | C] -- C:\Users\PSB PuLa\AppData\Roaming\Malwarebytes
[2012/07/29 22:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/29 01:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SXTrader
[2012/07/26 23:08:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/26 21:52:28 | 000,000,000 | ---D | C] -- C:\found.000
[2012/07/26 00:09:55 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/23 02:01:38 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/23 02:01:38 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/23 01:54:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/23 01:43:46 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/08/23 01:37:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\PSB PuLa\Desktop\OTL.exe
[2012/08/23 01:36:01 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3929754596-1530834394-1261489252-1001UA.job
[2012/08/23 00:47:07 | 000,401,759 | ---- | M] () -- C:\Users\PSB PuLa\Desktop\phpgosasd.png
[2012/08/22 19:08:20 | 000,100,761 | ---- | M] () -- C:\Users\PSB PuLa\Desktop\real-diffrent-wrong_odd.png
[2012/08/22 19:00:22 | 000,058,068 | ---- | M] () -- C:\Users\PSB PuLa\Desktop\113.png
[2012/08/22 16:10:02 | 001,612,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/22 16:10:02 | 000,698,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/08/22 16:10:02 | 000,652,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/22 16:10:02 | 000,148,570 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/08/22 16:10:02 | 000,121,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/22 14:50:34 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3929754596-1530834394-1261489252-1001Core.job
[2012/08/21 01:24:39 | 000,000,978 | ---- | M] () -- C:\Users\PSB PuLa\Desktop\xB Browser.lnk
[2012/08/20 22:45:20 | 000,019,561 | ---- | M] () -- C:\Users\PSB PuLa\Documents\overview-08.ods
[2012/08/20 17:13:04 | 000,366,664 | ---- | M] () -- C:\Users\PSB PuLa\Desktop\Antragsformular_Mobilcom_Deitel_Extra.pdf
[2012/08/20 15:54:26 | 000,049,733 | ---- | M] () -- C:\Users\PSB PuLa\Desktop\handyguthaben-faken.pdf
[2012/08/18 22:36:12 | 000,807,398 | ---- | M] () -- C:\Users\PSB PuLa\Desktop\CKW stromrechnung;schweiz.jpg
[2012/08/17 14:09:59 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPSB PuLa.job
[2012/08/15 21:15:15 | 000,060,864 | ---- | M] () -- C:\Users\PSB PuLa\g2mdlhlpx.exe
[2012/08/14 01:23:52 | 000,011,967 | ---- | M] () -- C:\Users\PSB PuLa\Documents\892.odt
[2012/08/14 00:17:22 | 000,116,369 | ---- | M] () -- C:\Users\PSB PuLa\Documents\tzhtrzr.xps
[2012/08/10 15:40:57 | 000,001,054 | ---- | M] () -- C:\Users\PSB PuLa\.swfinfo
[2012/08/02 19:17:40 | 000,002,623 | ---- | M] () -- C:\Users\Public\Desktop\Tour de France 2012 - Der offizielle Radsport-Manager.lnk
[2012/07/30 15:44:21 | 000,016,547 | ---- | M] () -- C:\Users\PSB PuLa\Documents\rgg.odt
[2012/07/30 00:11:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/29 23:46:58 | 004,721,417 | R--- | M] (Swearware) -- C:\Users\PSB PuLa\Desktop\ComboFix.exe
[2012/07/29 16:46:47 | 000,027,356 | ---- | M] () -- C:\Users\PSB PuLa\Desktop\bookmarks-2012-07-29.json
[2012/07/28 15:18:39 | 000,018,500 | ---- | M] () -- C:\Users\PSB PuLa\Documents\monatsübersicht_juli-07-us-sport.ods
[2012/07/28 15:11:31 | 000,017,343 | ---- | M] () -- C:\Users\PSB PuLa\Documents\monatsübersicht_juli-07.ods
[2012/07/26 23:08:40 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012/07/26 03:36:15 | 000,008,356 | ---- | M] () -- C:\Users\PSB PuLa\.TransferManager.db
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/08/23 01:43:46 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/08/23 00:47:07 | 000,401,759 | ---- | C] () -- C:\Users\PSB PuLa\Desktop\phpgosasd.png
[2012/08/22 19:08:20 | 000,100,761 | ---- | C] () -- C:\Users\PSB PuLa\Desktop\real-diffrent-wrong_odd.png
[2012/08/22 19:06:06 | 000,058,068 | ---- | C] () -- C:\Users\PSB PuLa\Desktop\113.png
[2012/08/21 01:24:39 | 000,000,978 | ---- | C] () -- C:\Users\PSB PuLa\Desktop\xB Browser.lnk
[2012/08/20 17:13:04 | 000,366,664 | ---- | C] () -- C:\Users\PSB PuLa\Desktop\Antragsformular_Mobilcom_Deitel_Extra.pdf
[2012/08/20 15:54:23 | 000,049,733 | ---- | C] () -- C:\Users\PSB PuLa\Desktop\handyguthaben-faken.pdf
[2012/08/18 22:36:05 | 000,807,398 | ---- | C] () -- C:\Users\PSB PuLa\Desktop\CKW stromrechnung;schweiz.jpg
[2012/08/16 02:04:22 | 000,001,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012/08/16 02:04:22 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012/08/16 02:04:22 | 000,001,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012/08/15 21:15:14 | 000,060,864 | ---- | C] () -- C:\Users\PSB PuLa\g2mdlhlpx.exe
[2012/08/14 01:23:50 | 000,011,967 | ---- | C] () -- C:\Users\PSB PuLa\Documents\892.odt
[2012/08/14 00:17:19 | 000,116,369 | ---- | C] () -- C:\Users\PSB PuLa\Documents\tzhtrzr.xps
[2012/08/10 00:43:06 | 000,001,054 | ---- | C] () -- C:\Users\PSB PuLa\.swfinfo
[2012/08/04 15:42:59 | 000,019,561 | ---- | C] () -- C:\Users\PSB PuLa\Documents\overview-08.ods
[2012/08/02 19:17:40 | 000,002,623 | ---- | C] () -- C:\Users\Public\Desktop\Tour de France 2012 - Der offizielle Radsport-Manager.lnk
[2012/07/30 15:44:19 | 000,016,547 | ---- | C] () -- C:\Users\PSB PuLa\Documents\rgg.odt
[2012/07/29 23:56:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/29 23:56:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/29 23:56:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/29 23:56:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/29 23:56:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/29 16:46:46 | 000,027,356 | ---- | C] () -- C:\Users\PSB PuLa\Desktop\bookmarks-2012-07-29.json
[2012/07/26 21:47:24 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
[2012/07/14 20:25:07 | 005,759,053 | ---- | C] () -- C:\Users\PSB PuLa\06_silbermond_-_fdsmh_(fuer_dich_schlaegt_mein_herz)_(instrumental_version).mp3
[2012/07/02 10:32:53 | 000,008,356 | ---- | C] () -- C:\Users\PSB PuLa\.TransferManager.db
[2012/05/03 19:06:22 | 000,007,608 | ---- | C] () -- C:\Users\PSB PuLa\AppData\Local\Resmon.ResmonCfg
[2012/03/05 14:16:11 | 000,564,405 | ---- | C] () -- C:\Users\PSB PuLa\betturbo.pdf
[2012/03/01 18:08:29 | 000,493,118 | ---- | C] () -- C:\Users\PSB PuLa\Sport-Trader_info-S1_de.pdf
[2012/02/25 00:42:29 | 000,463,469 | ---- | C] () -- C:\Users\PSB PuLa\Tes20.pdf
[2012/01/10 21:46:48 | 000,002,048 | -HS- | C] () -- C:\Users\PSB PuLa\AppData\Local\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\@
[2012/01/03 19:39:41 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/18 03:32:04 | 001,756,297 | ---- | C] () -- C:\Users\PSB PuLa\Traffic-Formel-PDF.pdf
[2011/11/04 20:49:00 | 000,003,584 | ---- | C] () -- C:\Users\PSB PuLa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/18 16:42:12 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/08/18 16:42:10 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/08/18 16:40:58 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/18 16:38:40 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/08/18 02:38:03 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2011/08/12 16:07:41 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2011/08/10 14:17:25 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/08/10 14:17:17 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011/08/10 14:17:17 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011/07/28 17:36:59 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/07/28 17:36:59 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/07/28 17:36:59 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/07/28 17:36:58 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/07/28 17:36:58 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/03/04 06:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 22:29:00 | 001,593,186 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012/05/29 12:42:21 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\2K Sports
[2012/02/15 17:49:07 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Amazon
[2011/10/01 06:36:31 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Antares
[2012/02/09 14:59:29 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Bet Angel
[2011/08/17 20:49:18 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\DAEMON Tools Lite
[2011/08/10 12:29:22 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\DigitalPersona
[2011/08/12 16:11:15 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\DisplayTune
[2012/08/19 15:25:02 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Dropbox
[2012/07/21 01:31:46 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Heev
[2012/03/03 12:42:10 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\HOFA
[2011/12/11 01:06:16 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Hoyle
[2011/12/11 01:06:16 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Hoyle FaceCreator
[2012/08/13 17:23:50 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\ICQ
[2011/10/31 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\ImgBurn
[2011/10/13 23:43:35 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Kalypso Media
[2011/08/18 02:45:34 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Line 6
[2012/07/21 00:36:44 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Locagu
[2011/09/29 22:34:14 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\MotioninJoy
[2011/08/17 15:37:24 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\OpenOffice.org
[2012/07/13 22:03:47 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Opera
[2011/12/02 16:58:01 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Pandion
[2012/08/02 19:42:23 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Pro Cycling Manager 2012
[2012/07/13 21:20:20 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\RBotPlus
[2011/12/23 16:56:57 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\rouletteassault
[2012/04/13 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\roulettesniper
[2011/11/08 19:00:21 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\ScreeNet iSaver
[2012/01/08 15:21:05 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Software Defender
[2011/11/04 20:58:48 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Solveig Multimedia
[2011/10/05 00:37:51 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Sony
[2011/08/17 21:44:48 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Steinberg
[2012/05/03 00:26:13 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\StreamTorrent
[2012/08/23 01:52:50 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\TeamViewer
[2012/03/22 13:24:21 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\TiltShift.E66C440A17F1D70FFD66FDB4568328647297CFDC.1
[2012/07/08 13:24:32 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\TuneUp Software
[2012/01/21 18:52:49 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\VoipBuster
[2011/10/01 06:48:53 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\VST3 Presets
[2011/09/15 09:27:10 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\WinBatch
[2012/07/13 06:32:56 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Windows Desktop Search
[2011/08/10 15:45:40 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Windows Live Writer
[2012/07/13 08:08:57 | 000,000,000 | ---D | M] -- C:\Users\PSB PuLa\AppData\Roaming\Windows Search
[2012/08/20 13:53:54 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 8/23/2012 2:09:27 AM - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\PSB PuLa\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.97 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 24.89% Memory free
3.93 Gb Paging File | 2.07 Gb Available in Paging File | 52.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.03 Gb Total Space | 24.98 Gb Free Space | 8.70% Space Free | Partition Type: NTFS
Drive D: | 10.96 Gb Total Space | 1.34 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive G: | 3.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 7.51 Gb Total Space | 6.19 Gb Free Space | 82.50% Space Free | Partition Type: FAT32
 
Computer Name: PSBPULA-HP | User Name: PSB PuLa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{168C62C5-5641-4FAB-B029-2C42DB7CF4C9}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{29B2BB28-7C3F-495E-A6CF-F055BCC80208}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4EB15373-A472-48F9-B8B0-34A9E5A61030}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2012 - der offizielle radsport-manager\autorun\exe\autorun.exe | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5A2B20D9-9913-42D0-9BF3-17FC214CF562}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{67AD9FC2-63FB-47B5-B58C-7998BF2E5C22}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2012 - der offizielle radsport-manager\autorun\exe\autorun.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB0C5038-795F-4155-BEA2-CDAC1F9758BD}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B6880086-AC67-4B56-AA1F-2D743FE26B48}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2012 - der offizielle radsport-manager\pcm.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DBEF0FC9-0C44-4E18-9D14-1E5BEC863D35}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2012 - der offizielle radsport-manager\pcm.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{1C35466F-5F3E-48F2-A07C-DF240E2FAAA8}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{6B8F1925-1B28-4879-B0FD-5144554F08CA}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"TCP Query User{955054CB-E752-4040-ABBD-F2AC9A34817B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{D5E76C2F-54D0-4026-86BF-55C8A5A648BB}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"TCP Query User{DA4DB751-ACA6-4FF3-AF1C-7ECB2242D396}C:\program files (x86)\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"UDP Query User{286D1BDE-4B2B-499D-A3DC-A74C238903F4}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{CDAA2615-D003-4FD5-919D-B29975DA11CE}C:\program files (x86)\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"UDP Query User{CE69D3E6-B4EF-444A-B00C-E3235CB5A290}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"UDP Query User{D0F02596-7AE1-427C-B826-6CB2F6734B53}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"UDP Query User{ED23E796-CA8B-4313-B325-706FB48DF2C5}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0004
"{34E6F14D-68F9-486D-87BA-6AA8431F3F44}" = Drive Encryption for HP ProtectTools
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7F801000-A1D5-11E0-9092-0013D3D69929}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1DC4DF6-7493-45B2-B8AA-0A8805866CB9}" = HP ProtectTools Security Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D34C07CA-DCF0-4A5C-A4DD-55522B17F4F2}" = WBFS Manager 4.0
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{17B371B7-740F-4C83-BDFE-0C3A2C585103}" = HP Display Assistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter
"{2CE5AFE8-A15B-4251-84B7-03BA4EC0E16B}" = HP DA Firmware Updater
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A6EFC161-EAD8-4239-A93F-06F519BBB9FF}_is1" = smskaufen SENDERpro 2.1
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}" = HP Connect Solutions
"{C15D9E3E-8AE4-4973-AF72-0F75A63AB8E0}" = Now Playing: A Winamp Plugin
"{C4C91E02-D4E2-481E-BCBA-7D90CC8D43E1}" = LiveZilla
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D5B1535A-FDFC-4B40-B2E2-21DA83D9CB57}" = Adobe Audition CS5.5
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F9D28ACF-D568-4D4C-9601-2ECEE27479A3}" = Adobe Flash Player 10 Plugin
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite MFC-J415W
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Antares Autotune Evo VST RTAS_is1" = Antares Autotune Evo VST RTAS v6.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"Drive Encryption" = Drive Encryption for HP ProtectTools
"HP Keyboard_is1" = HP Desktop Keyboard
"HP Remote Solution" = HP Remote Solution
"ImgBurn" = ImgBurn
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Line 6 Uninstaller" = Line 6 Uninstaller
"LiveZilla" = LiveZilla
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Messenger Plus!" = Messenger Plus! 5
"Mobile Broadband Modem" = Mobile Broadband Modem
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.01.1532" = Opera 12.01
"Pro Cycling Manager 2012_is1" = Tour de France 2012 - Der offizielle Radsport-Manager Version 1
"PS3 Media Server" = PS3 Media Server
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.2
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinUAE" = WinUAE 2.3.3
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087490" = Jewel Quest Solitaire
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089460" = Mystery P.I. - The London Caper
"WT089484" = Namco All-Stars PAC-MAN
"WT089492" = Crazy Chicken Kart 2
"WT089493" = Fishdom
"WT089497" = Big Rig Europe
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.3.0.978
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/28/2012 7:06:22 PM | Computer Name = PSBPuLa-HP | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 7/29/2012 2:13:43 PM | Computer Name = PSBPuLa-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/29/2012 4:55:56 PM | Computer Name = PSBPuLa-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/29/2012 5:10:57 PM | Computer Name = PSBPuLa-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/29/2012 5:48:38 PM | Computer Name = PSBPuLa-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7533c9f1  ID des fehlerhaften
 Prozesses: 0xe80  Startzeit der fehlerhaften Anwendung: 0x01cd6dd3e9560abc  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 27437fc8-d9c7-11e1-bb63-3cd92b5bc080
 
Error - 7/29/2012 5:54:12 PM | Computer Name = PSBPuLa-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/29/2012 6:11:48 PM | Computer Name = PSBPuLa-HP | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden.  Fehlercode: 0x3fa
 
Error - 7/29/2012 6:13:31 PM | Computer Name = PSBPuLa-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/29/2012 6:22:20 PM | Computer Name = PSBPuLa-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/29/2012 7:14:52 PM | Computer Name = PSBPuLa-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 7/30/2012 11:50:45 PM | Computer Name = PSBPuLa-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ Hewlett-Packard Events ]
Error - 5/28/2012 7:21:38 PM | Computer Name = PSBPuLa-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 5/28/2012 7:39:03 PM | Computer Name = PSBPuLa-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 5/28/2012 8:16:44 PM | Computer Name = PSBPuLa-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 5/28/2012 9:10:59 PM | Computer Name = PSBPuLa-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 5/28/2012 9:16:06 PM | Computer Name = PSBPuLa-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 5/28/2012 9:19:39 PM | Computer Name = PSBPuLa-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 5/28/2012 9:20:06 PM | Computer Name = PSBPuLa-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 5/28/2012 10:25:29 PM | Computer Name = PSBPuLa-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 6/30/2012 9:17:44 AM | Computer Name = PSBPuLa-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 6/30/2012 10:37:24 AM | Computer Name = PSBPuLa-HP | Source = HPSF.exe | ID = 4000
Description = 
 
[ System Events ]
Error - 8/22/2012 7:20:38 PM | Computer Name = PSBPuLa-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 8/22/2012 7:20:38 PM | Computer Name = PSBPuLa-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 8/22/2012 7:20:38 PM | Computer Name = PSBPuLa-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 8/22/2012 7:20:38 PM | Computer Name = PSBPuLa-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sitzungs-Manager für Desktopfenster-Manager" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 8/22/2012 7:20:38 PM | Computer Name = PSBPuLa-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Automatische WLAN-Konfiguration" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 8/22/2012 7:20:38 PM | Computer Name = PSBPuLa-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Enumeratordienst für tragbare Geräte" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 8/22/2012 7:20:38 PM | Computer Name = PSBPuLa-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework"
 wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 8/22/2012 7:26:51 PM | Computer Name = PSBPuLa-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 8/22/2012 7:55:12 PM | Computer Name = PSBPuLa-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 8/22/2012 7:59:26 PM | Computer Name = PSBPuLa-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
 
< End of report >
         
Es sei gesagt, dass ich vor 2-3 Wochen mir den Bundestrojaner einfangen hatte, diesen hatte ich aber (dacht ich) soweit beseitigen können, dass ich wieder auf mein System zugreifen kann.

Alt 23.08.2012, 15:46   #2
t'john
/// Helfer-Team
 
LicenceValiador.exe & Upgradechecker.exe - Standard

LicenceValiador.exe & Upgradechecker.exe





Warum wurde Combofix ausgefuehrt?

Wo ist das Log?



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:10276 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://www.plusnetwork.com/?sp=hp" 
FF - prefs.js..keyword.URL: "http://www.plusnetwork.com/?sp=faddr&q=" 
FF - prefs.js..network.proxy.socks: "98.228.85.60" 
FF - prefs.js..network.proxy.socks_port: 1320 
FF - prefs.js..network.proxy.socks_version: 4 
FF - prefs.js..network.proxy.type: 0 
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - {2913D3DD-9363-4C21-B205-C19A584A0674} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 
O8:64bit: - Extra context menu item: &Translate - C:\Program Files\Arsenal Company\SOCRAT Internet\HTML\WSocrat.js File not found 
O8 - Extra context menu item: &Translate - C:\Program Files\Arsenal Company\SOCRAT Internet\HTML\WSocrat.js File not found 
O9 - Extra Button: Internet Translator 1.0 - {17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} - Reg Error: Key error. File not found 
O9 - Extra Button: Internet Translator 1.0 Settings - {71F65890-5ED6-11d4-9665-00E02962D81A} - Reg Error: Key error. File not found 
O9 - Extra Button: Translate Page - {DFDC8970-FD66-4385-B8C0-835A4AA1DA00} - Reg Error: Key error. File not found 
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) 
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.6.2) 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O32 - HKLM CDRom: AutoRun - 1 

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9 
[2012/07/26 23:08:40 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad 
[2012/01/10 21:46:48 | 000,002,048 | -HS- | C] () -- C:\Users\PSB PuLa\AppData\Local\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\@ 
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 23.08.2012, 16:21   #3
derhitpula
 
LicenceValiador.exe & Upgradechecker.exe - Standard

LicenceValiador.exe & Upgradechecker.exe



Combofix wurde ausgeführt als ich Bundestrojaner entfernt hatte..

Zitat:
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from browser.search.defaulturl
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.plusnetwork.com/?sp=hp" removed from browser.startup.homepage
Prefs.js: "hxxp://www.plusnetwork.com/?sp=faddr&q=" removed from keyword.URL
Prefs.js: "98.228.85.60" removed from network.proxy.socks
Prefs.js: 1320 removed from network.proxy.socks_port
Prefs.js: 4 removed from network.proxy.socks_version
Prefs.js: 0 removed from network.proxy.type
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2913D3DD-9363-4C21-B205-C19A584A0674} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2913D3DD-9363-4C21-B205-C19A584A0674}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Translate\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Translate\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{17FA5CD6-5737-45c2-B194-74C8A4A7F7E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17FA5CD6-5737-45c2-B194-74C8A4A7F7E7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{71F65890-5ED6-11d4-9665-00E02962D81A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71F65890-5ED6-11d4-9665-00E02962D81A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFDC8970-FD66-4385-B8C0-835A4AA1DA00}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFDC8970-FD66-4385-B8C0-835A4AA1DA00}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\line6.net\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\Windows\Downloaded Program Files\swflash64.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
C:\ProgramData\z7_0ytr.pad moved successfully.
C:\Users\PSB PuLa\AppData\Local\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\@ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\PSB PuLa\Desktop\cmd.bat deleted successfully.
C:\Users\PSB PuLa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PSB PuLa
->Temp folder emptied: 72912580 bytes
->Temporary Internet Files folder emptied: 546512580 bytes
->Java cache emptied: 76783942 bytes
->FireFox cache emptied: 283653076 bytes
->Google Chrome cache emptied: 34037788 bytes
->Opera cache emptied: 49290030 bytes
->Flash cache emptied: 60977 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 343322 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,014.00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08232012_170828

Files\Folders moved on Reboot...
C:\Users\PSB PuLa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
__________________

Alt 23.08.2012, 16:31   #4
t'john
/// Helfer-Team
 
LicenceValiador.exe & Upgradechecker.exe - Standard

LicenceValiador.exe & Upgradechecker.exe



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 23.08.2012, 18:15   #5
derhitpula
 
LicenceValiador.exe & Upgradechecker.exe - Standard

LicenceValiador.exe & Upgradechecker.exe



Ja, läuft auf jeden Fall besser und stabiler als vorher. Danke!
Malwarebytes
Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.08.23.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
PSB PuLa :: PSBPULA-HP [Administrator]

Schutz: Aktiviert

23.08.2012 17:42:24
mbam-log-2012-08-23 (17-42-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 434601
Laufzeit: 1 Stunde(n), 30 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
AdwCleaner
Zitat:
# AdwCleaner v1.801 - Logfile created 08/23/2012 at 19:15:16
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : PSB PuLa - PSBPULA-HP
# Boot Mode : Normal
# Running from : C:\Users\PSB PuLa\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Ask.com.tmp
[x64] Key Found : HKCU\Software\Ask.com.tmp

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\PSB PuLa\AppData\Roaming\Mozilla\Firefox\Profiles\vv2inu6z.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\PSB PuLa\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.1.1532.0

File : C:\Users\PSB PuLa\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5267 octets] - [23/08/2012 04:45:42]
AdwCleaner[S1].txt - [4868 octets] - [23/08/2012 04:46:01]
AdwCleaner[R2].txt - [1334 octets] - [23/08/2012 17:34:02]
AdwCleaner[R3].txt - [1267 octets] - [23/08/2012 19:15:16]

########## EOF - C:\AdwCleaner[R3].txt - [1395 octets] ##########


Alt 23.08.2012, 18:50   #6
t'john
/// Helfer-Team
 
LicenceValiador.exe & Upgradechecker.exe - Standard

LicenceValiador.exe & Upgradechecker.exe



Wo ist AdwCleaner[S1].txt ?


Combofix NIEMALS selbst ausfuehren!

Wo ist das Logfile?
c:\
__________________
--> LicenceValiador.exe & Upgradechecker.exe

Alt 23.08.2012, 19:18   #7
derhitpula
 
LicenceValiador.exe & Upgradechecker.exe - Standard

LicenceValiador.exe & Upgradechecker.exe



AdwCleaner[S1].txt
Zitat:
# AdwCleaner v1.801 - Logfile created 08/23/2012 at 04:46:01
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : PSB PuLa - PSBPULA-HP
# Boot Mode : Normal
# Running from : C:\Users\PSB PuLa\Downloads\adwCleaner1801.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\PSB PuLa\AppData\Local\Wajam
Folder Deleted : C:\Users\PSB PuLa\AppData\Roaming\Mozilla\Firefox\Profiles\vv2inu6z.default\ConduitCommon

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[x64] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\PSB PuLa\AppData\Roaming\Mozilla\Firefox\Profiles\vv2inu6z.default\prefs.js

C:\Users\PSB PuLa\AppData\Roaming\Mozilla\Firefox\Profiles\vv2inu6z.default\user.js ... Deleted !

Deleted : user_pref("browser.startup.homepage", "hxxp://www.plusnetwork.com/?sp=hp");
Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]
Deleted : user_pref("keyword.URL", "hxxp://www.plusnetwork.com/?sp=faddr&q=");

-\\ Google Chrome v21.0.1180.83

File : C:\Users\PSB PuLa\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "homepage": "hxxp://www.plusnetwork.com/?sp=hp",
Deleted : "urls_to_restore_on_startup": [ "hxxp://www.plusnetwork.com/?sp=hp" ]
Deleted : "icon_url": "hxxp://www.plusnetwork.com/img/favicon.ico",
Deleted : "keyword": "www.plusnetwork.com",
Deleted : "name": "Messenger Plus Smartbar Search",
Deleted : "search_url": "hxxp://www.plusnetwork.com/?sp=caddr&q={searchTerms}",
Deleted : "homepage": "hxxp://www.plusnetwork.com/?sp=hp",
Deleted : "name": "Winamp Application Detector",
Deleted : "name": "Winamp Application Detector"
Deleted : "urls_to_restore_on_startup": [ "hxxp://www.plusnetwork.com/?sp=hp" ]

-\\ Opera v12.1.1532.0

File : C:\Users\PSB PuLa\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5267 octets] - [23/08/2012 04:45:42]
AdwCleaner[S1].txt - [4753 octets] - [23/08/2012 04:46:01]

########## EOF - C:\AdwCleaner[S1].txt - [4881 octets] ##########

Alt 23.08.2012, 19:32   #8
t'john
/// Helfer-Team
 
LicenceValiador.exe & Upgradechecker.exe - Standard

LicenceValiador.exe & Upgradechecker.exe



Combofix Log?
__________________
Mfg, t'john
Das TB unterstützen

Alt 23.08.2012, 19:38   #9
derhitpula
 
LicenceValiador.exe & Upgradechecker.exe - Standard

LicenceValiador.exe & Upgradechecker.exe



Ist doch soweit, alles ok? Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-29.02 - PSB PuLa 29.07.2012  23:58:50.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2013.923 [GMT 2:00]
ausgeführt von:: c:\users\PSB PuLa\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PSB PuLa\AppData\Roaming\ddfffefdf.txt
c:\users\PSB PuLa\AppData\Roaming\Help\coredb\storage
c:\users\PSB PuLa\g2mdlhlpx.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\@
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\L\00000004.@
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\n
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\U\00000004.@
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\U\00000008.@
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\U\000000cb.@
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\U\80000000.@
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\U\80000032.@
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\U\80000064.@
c:\windows\SysWow64\svdhalp.exe.ini0
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert 
Kopie von - c:\32788r22fwjfw\HarddiskVolumeShadowCopy5_!Windows!System32!services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-28 bis 2012-07-29  ))))))))))))))))))))))))))))))
.
.
2012-07-29 21:47 . 2012-07-29 21:47	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-07-29 21:42 . 2012-07-29 21:42	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-07-29 21:27 . 2012-07-29 21:27	--------	d-----w-	c:\programdata\PLAV
2012-07-29 21:27 . 2012-07-29 21:58	--------	d-----w-	c:\program files (x86)\Common Files\PLAV
2012-07-29 21:27 . 2012-07-29 21:27	--------	d-----w-	c:\programdata\ParetoLogic Anti-Virus PLUS
2012-07-29 21:27 . 2012-07-29 22:11	--------	d-----w-	c:\program files (x86)\ParetoLogic
2012-07-29 20:47 . 2012-07-29 20:47	--------	d-----w-	c:\users\PSB PuLa\AppData\Roaming\Malwarebytes
2012-07-29 20:46 . 2012-07-29 20:46	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-29 20:46 . 2012-07-29 20:47	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 20:46 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-28 23:03 . 2012-07-28 23:03	--------	d-----w-	c:\program files (x86)\SXTrader
2012-07-26 19:52 . 2012-07-26 19:52	--------	d-----w-	C:\found.000
2012-07-25 22:09 . 2012-07-25 22:34	--------	d--h--w-	c:\windows\AxInstSV
2012-07-25 11:15 . 2012-07-25 11:15	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-20 22:35 . 2012-07-20 23:31	--------	d-----w-	c:\users\PSB PuLa\AppData\Roaming\Heev
2012-07-20 22:35 . 2012-07-20 22:36	--------	d-----w-	c:\users\PSB PuLa\AppData\Roaming\Locagu
2012-07-20 10:23 . 2012-07-20 10:23	--------	d-----w-	c:\users\PSB PuLa\temp
2012-07-19 00:21 . 2012-07-21 01:23	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-07-18 21:53 . 2012-07-18 21:53	--------	d-----w-	c:\programdata\abpespsmeaynkye
2012-07-14 21:41 . 2003-02-02 18:06	153088	----a-w-	c:\windows\SysWow64\UNRAR3.dll
2012-07-14 21:41 . 2002-03-05 23:00	75264	----a-w-	c:\windows\SysWow64\unacev2.dll
2012-07-14 21:41 . 2012-07-14 21:41	--------	d-----w-	c:\program files (x86)\Trojan Remover
2012-07-14 21:41 . 2012-07-14 21:41	--------	d-----w-	c:\users\PSB PuLa\AppData\Roaming\Simply Super Software
2012-07-14 21:41 . 2012-07-14 21:41	--------	d-----w-	c:\programdata\Simply Super Software
2012-07-14 13:03 . 2012-07-14 13:03	--------	d-----w-	c:\program files\SXTrader
2012-07-12 10:40 . 2012-07-13 20:03	--------	d-----w-	c:\users\PSB PuLa\AppData\Roaming\Google Inc
2012-07-12 02:24 . 2012-07-13 01:20	--------	d-----w-	c:\users\PSB PuLa\AppData\Roaming\Apple
2012-07-12 01:52 . 2012-07-13 00:00	--------	d-----w-	c:\users\PSB PuLa\AppData\Roaming\Microsoft Corporation
2012-07-11 13:57 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 13:15 . 2012-07-13 04:32	--------	d-----w-	c:\users\PSB PuLa\AppData\Roaming\Windows Desktop Search
2012-07-10 16:43 . 2012-07-13 06:08	--------	d-----w-	c:\users\PSB PuLa\AppData\Roaming\Windows Search
2012-07-10 08:07 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-07-10 08:07 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-07-10 08:04 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-07-10 08:03 . 2012-07-26 13:13	--------	d-----w-	c:\users\PSB PuLa\AppData\Roaming\vlc
2012-07-09 09:57 . 2012-07-13 05:20	--------	d-----w-	c:\users\PSB PuLa\AppData\Roaming\Dropbox
2012-07-08 11:24 . 2012-07-08 11:24	--------	d-----w-	c:\users\PSB PuLa\AppData\Roaming\TuneUp Software
2012-07-08 11:23 . 2012-07-08 11:25	--------	d-----w-	c:\programdata\TuneUp Software
2012-07-08 11:23 . 2012-07-08 11:23	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-08 11:23 . 2012-07-08 11:23	--------	d--h--w-	c:\programdata\Common Files
2012-07-02 14:59 . 2012-07-02 14:59	--------	d-----w-	c:\program files (x86)\Citrix
2012-07-02 11:13 . 2012-07-02 11:13	--------	d-----w-	c:\users\PSB PuLa\AppData\Roaming\Avira
2012-07-02 11:06 . 2012-05-02 13:24	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-07-02 11:06 . 2012-04-27 08:20	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-07-02 11:06 . 2012-04-24 22:32	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-07-02 11:06 . 2012-07-02 11:06	--------	d-----w-	c:\programdata\Avira
2012-07-02 11:06 . 2012-07-02 11:06	--------	d-----w-	c:\program files (x86)\Avira
2012-06-30 13:43 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-30 13:43 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-30 13:43 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-30 13:41 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-06-30 13:41 . 2012-05-04 11:06	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-06-30 13:41 . 2012-05-04 10:03	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-06-30 13:41 . 2012-05-04 10:03	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-06-30 13:41 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-30 13:40 . 2012-04-07 12:31	3216384	----a-w-	c:\windows\system32\msi.dll
2012-06-30 13:40 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2012-06-30 13:40 . 2012-04-24 05:37	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-30 13:40 . 2012-04-24 05:37	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-30 13:40 . 2012-04-24 05:37	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-06-30 13:40 . 2012-04-24 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-30 13:40 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-30 13:40 . 2012-04-24 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-30 13:10 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-30 13:10 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-30 13:10 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-30 13:10 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-30 13:10 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-30 13:10 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-30 13:10 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-30 13:09 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-30 13:09 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-30 13:07 . 2012-06-30 13:07	--------	d-----w-	c:\users\PSB PuLa\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 13:52 . 2011-08-10 12:51	59701280	----a-w-	c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-07-14 1240848]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36	75320	----a-w-	c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2007-08-09 29696]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 114560]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-26 158976]
R3 L6UX2;Service - Line 6 UX2;c:\windows\system32\Drivers\L6UX264.sys [2010-03-09 894336]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-29 117520]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2010-05-26 1121632]
R3 OxPPort;OxPPort;c:\windows\system32\drivers\OxPPort.sys [2008-07-31 98304]
R3 OxSer;OxSer;c:\windows\system32\drivers\OxSer.sys [2009-09-16 98352]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-13 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-17 270912]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-02-16 113264]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Hama\Common\RaRegistry64.exe [2010-06-01 211296]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3929754596-1530834394-1261489252-1001Core.job
- c:\users\PSB PuLa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 11:00]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3929754596-1530834394-1261489252-1001UA.job
- c:\users\PSB PuLa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 11:00]
.
2012-07-13 c:\windows\Tasks\HPCeeScheduleForPSB PuLa.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.plusnetwork.com/?sp=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = socks=127.0.0.1:10276
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE: &Translate - c:\program files\Arsenal Company\SOCRAT Internet\HTML\WSocrat.js
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
IE: {{17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} - {7E1F0737-53A5-4EDC-8734-DD94B50AAF83} -
IE: {{DFDC8970-FD66-4385-B8C0-835A4AA1DA00} - {A3400175-12F9-4220-83BF-A7210CA4003E} -
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\PSB PuLa\AppData\Roaming\Mozilla\Firefox\Profiles\vv2inu6z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com/?sp=hp
FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=faddr&q=
FF - prefs.js: network.proxy.socks - 98.228.85.60
FF - prefs.js: network.proxy.socks_port - 1320
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-ParetoLogic Anti-Virus PLUS - c:\program files (x86)\ParetoLogic\PLAV\Pareto_AV.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-{8F0116C6-375C-4557-BF03-CFCBE56E3147} - c:\program files (x86)\ParetoLogic\PLAV\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Hama\Common\RaRegistry.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-30  00:17:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-29 22:17
.
Vor Suchlauf: 17 Verzeichnis(se), 43.022.737.408 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 43.626.074.112 Bytes frei
.
- - End Of File - - B3CF1ACE6FF344D6AB0F57766180E85C
         
--- --- ---

Alt 24.08.2012, 01:52   #10
t'john
/// Helfer-Team
 
LicenceValiador.exe & Upgradechecker.exe - Standard

LicenceValiador.exe & Upgradechecker.exe



betreibst du Homebanking mit dem Rechner?
__________________
Mfg, t'john
Das TB unterstützen

Alt 24.08.2012, 11:18   #11
derhitpula
 
LicenceValiador.exe & Upgradechecker.exe - Standard

LicenceValiador.exe & Upgradechecker.exe



Zitat:
Zitat von t'john Beitrag anzeigen
betreibst du Homebanking mit dem Rechner?
Ja, aber selten.

Alt 24.08.2012, 15:16   #12
t'john
/// Helfer-Team
 
LicenceValiador.exe & Upgradechecker.exe - Standard

LicenceValiador.exe & Upgradechecker.exe



Dann solltest du die Kiste af jeden Fall neuaufsetzen.



Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

1. Datenrettung:





2. Formatieren, Windows neu instalieren:





3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu LicenceValiador.exe & Upgradechecker.exe
antivir, autorun, avg, avira, bho, computer, cubase, defender, diner dash, error, firefox, flash player, format, helper, index, internet, kaspersky, langsam, logfile, mozilla, msiinstaller, msvcrt, nodrives, realtek, richtlinie, rundll, security, services.exe, smartbar, software, svchost.exe, udp, virus, wildtangent games




Zum Thema LicenceValiador.exe & Upgradechecker.exe - Hallo liebes Forum! Ich bemerkte vor geringer Zeit (evtl. 1-2 Wochen, evtl. auch länger), dass etwas mit meinem Computer nicht stimmt. Der Computer ist extrem langsam, gerade wenn ich in's - LicenceValiador.exe & Upgradechecker.exe...
Archiv
Du betrachtest: LicenceValiador.exe & Upgradechecker.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.