Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Security Shield Befall

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.08.2012, 18:00   #1
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



Hallo zusammen,

ich habe mir wohl gestern Abend, durch einen Klick auf einen Suchvorschlag von Google, "My Security Shield" via Drive-by-Installation eingefangen. Zumindest glichen die Symptome den hier (http://www.trojaner-board.de/119340-...d-inaktiv.html) und hier (http://www.trojaner-board.de/89160-m...entfernen.html) beschriebenen.

Ich habe dann auch, nach mehrmaligem Neustart, eine exe-Datei im Verzeichnis "C:\Users\Roman\AppData\Local" gefunden, die just zu dieser Zeit erstellt wurde (die Datei: prdvjrqga.exe). Diese habe ich dann mit einem vorgestellten Unterstrich versehen um ein Aufrufen zu verhindern/erschweren. Daraufhin waren die Pop-ups unterbunden und ich habe Malwarebytes neu installiert und einen vollen Scan durchgeführt.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.30.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19298
Roman :: 6720S-RV [Administrator]

31.08.2012 00:12:31
mbam-log-2012-08-31 (00-12-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 375979
Laufzeit: 3 Stunde(n), 17 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Ich habe jetzt noch, wie empfohlen, OTL runtergeladen und einen Quickscan gemacht. Hier die logs:

Code:
ATTFilter
OTL logfile created on: 31.08.2012 17:12:22 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Roman\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,97% Memory free
4,22 Gb Paging File | 2,95 Gb Available in Paging File | 69,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,28 Gb Total Space | 23,72 Gb Free Space | 23,19% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 0,98 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
 
Computer Name: 6720S-RV | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.31 17:10:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Downloads\OTL.exe
PRC - [2012.08.08 13:06:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 19:57:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:57:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:57:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.01.09 16:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.07.02 00:46:06 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.08.24 14:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.06.08 10:05:38 | 000,274,432 | ---- | M] () -- C:\Windows\System32\flcdlmsg.dll
MOD - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
MOD - [2007.03.29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.03.29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007.02.15 17:37:00 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.31 01:20:03 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.22 20:22:59 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 19:57:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:57:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.06.08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007.03.05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 19:57:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:57:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.08.27 13:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.08.07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.07.27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010.07.27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.07.27 08:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.11 11:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009.08.24 10:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2008.12.05 07:55:40 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.11.21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.10.12 03:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 02:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2007.09.14 17:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.06.08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007.01.29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007.01.29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.06.28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {2B837857-67A1-4C72-9DB1-2D2A378C9A78}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{2B837857-67A1-4C72-9DB1-2D2A378C9A78}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {D60D28A7-939B-4DA6-A7F2-7FD457008A6B}
IE - HKCU\..\SearchScopes\{0579B8E0-5480-4051-A82C-8636BF5C2F2B}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{169537B5-61AE-469C-BB97-83FD10990702}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{2B837857-67A1-4C72-9DB1-2D2A378C9A78}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
IE - HKCU\..\SearchScopes\{4C6E59F8-C3A3-48C7-AA8E-C321635D00E4}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{6247DA3A-9DCB-4910-A6D3-9BB1D862BB58}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{D60D28A7-939B-4DA6-A7F2-7FD457008A6B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.05 14:29:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011.01.06 15:43:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 01:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.06 16:06:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011.01.06 15:43:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 01:20:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.06 16:06:04 | 000,000,000 | ---D | M]
 
[2012.04.18 13:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Extensions
[2012.08.30 17:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions
[2012.04.18 13:59:15 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.04.18 13:59:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.04.18 14:10:35 | 000,001,692 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\alle-preise---guenstigerde.xml
[2012.08.19 20:32:45 | 000,012,703 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\imdb.xml
[2012.04.18 14:06:26 | 000,002,322 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\openthesaurus.xml
[2012.04.18 14:02:19 | 000,002,006 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\urban-dictionary.xml
[2012.04.18 14:02:41 | 000,001,330 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\wikipedia-en.xml
[2012.04.18 14:02:55 | 000,002,446 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\wiktionary-de.xml
[2012.04.18 14:01:58 | 000,001,997 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\wolframalpha.xml
[2012.04.22 21:15:19 | 000,002,057 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\youtube-videosuche.xml
[2012.08.06 16:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.31 01:20:04 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 01:20:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AE68D5B-3AD6-42B3-A1A7-304EE002046D}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3992FE55-F80B-4794-AA86-7FF9206DA54C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62E1A4B8-18E1-400D-85B6-74F40BA9D696}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6863DED-BCB9-4047-820F-43F1C596DE39}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{034c157c-b0f4-11de-9a1b-001f2991aeb0}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe
O33 - MountPoints2\{4ab35dfd-fcaf-11e0-ac37-001f3c5d8866}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab35dfd-fcaf-11e0-ac37-001f3c5d8866}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4ab35e48-fcaf-11e0-ac37-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab35e48-fcaf-11e0-ac37-001e101f2b52}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{67af874b-956d-11de-800b-001f2991aeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{67af874b-956d-11de-800b-001f2991aeb0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{67af876d-956d-11de-800b-001f2991aeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{67af876d-956d-11de-800b-001f2991aeb0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\AutoRun\command - "" = ps.bat
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\explore\Command - "" = ps.bat
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\open\Command - "" = ps.bat
O33 - MountPoints2\{98fda891-21ae-11e1-a3ff-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{98fda891-21ae-11e1-a3ff-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f530994e-ce03-11de-99bc-001f2991aeb0}\Shell\AutoRun\command - "" = G:\avira.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.31 00:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.31 00:10:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.31 00:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.08 23:11:18 | 000,000,000 | ---D | C] -- C:\Users\Roman\Documents\EndNote
[2012.08.08 21:44:27 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\EndNote
[2012.08.08 21:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Risxtd
[2012.08.08 21:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ResearchSoft
[2012.08.08 21:43:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2012.08.08 21:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
[2012.08.08 21:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\EndNote X2
[2012.08.08 21:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2012.08.06 16:27:06 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\vlc
[2012.08.06 16:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.08.06 16:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.06 16:15:16 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.02 14:11:58 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry
[2012.08.02 13:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.31 17:20:14 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.31 17:19:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job
[2012.08.31 17:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 15:53:50 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.31 15:49:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 15:49:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 15:49:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 15:49:14 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.31 10:24:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.31 08:52:15 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job
[2012.08.30 23:36:26 | 000,475,136 | ---- | M] () -- C:\Users\Roman\AppData\Local\_prdvjrqga.exe
[2012.08.15 21:40:54 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRoman.job
[2012.08.15 18:21:03 | 000,053,163 | ---- | M] () -- C:\Users\Roman\Documents\Schuhe_saintcrispins_shoecare.pdf
[2012.08.15 08:36:57 | 000,535,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.11 16:10:08 | 000,695,968 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.11 16:10:08 | 000,651,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.11 16:10:08 | 000,154,444 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.11 16:10:08 | 000,125,532 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.02 14:19:21 | 000,000,218 | ---- | M] () -- C:\Users\Roman\.recently-used.xbel
[2012.08.02 14:19:18 | 000,000,314 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\psppirerc
[2012.08.02 13:51:05 | 000,720,515 | ---- | M] () -- C:\Users\Roman\Desktop\bookmarks-2012-08-02.json
 
========== Files Created - No Company Name ==========
 
[2012.08.30 23:36:26 | 000,475,136 | ---- | C] () -- C:\Users\Roman\AppData\Local\_prdvjrqga.exe
[2012.08.15 18:21:03 | 000,053,163 | ---- | C] () -- C:\Users\Roman\Documents\Schuhe_saintcrispins_shoecare.pdf
[2012.08.02 14:19:21 | 000,000,218 | ---- | C] () -- C:\Users\Roman\.recently-used.xbel
[2012.08.02 14:19:18 | 000,000,314 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\psppirerc
[2012.08.02 13:51:04 | 000,720,515 | ---- | C] () -- C:\Users\Roman\Desktop\bookmarks-2012-08-02.json
[2012.03.26 23:22:05 | 000,000,093 | ---- | C] () -- C:\Users\Roman\AppData\Local\fusioncache.dat
[2012.03.26 23:22:00 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2012.03.26 23:22:00 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2012.03.26 23:21:59 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2012.03.26 23:21:59 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2012.03.26 23:21:59 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2011.11.06 22:08:42 | 000,278,386 | ---- | C] () -- C:\Users\Roman\AppData\Local\census.cache
[2011.11.06 22:08:14 | 000,201,735 | ---- | C] () -- C:\Users\Roman\AppData\Local\ars.cache
[2011.11.06 21:57:45 | 000,000,036 | ---- | C] () -- C:\Users\Roman\AppData\Local\housecall.guid.cache
[2011.10.18 21:19:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.06 22:59:20 | 000,078,210 | ---- | C] () -- C:\Windows\hpqins05.dat
[2011.01.06 15:15:07 | 000,214,743 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010.01.18 21:49:03 | 000,024,206 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\UserTile.png
[2009.12.29 14:42:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.18 16:56:53 | 000,000,680 | ---- | C] () -- C:\Users\Roman\AppData\Local\d3d9caps.dat
[2008.08.31 23:15:11 | 000,038,442 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2008.08.31 21:23:24 | 000,038,437 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2008.08.28 20:20:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.27 20:07:43 | 000,211,968 | ---- | C] () -- C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.25 22:13:44 | 000,001,074 | RH-- | C] () -- C:\Users\Roman\XrxWm.ini
[2008.08.25 22:13:44 | 000,000,522 | RH-- | C] () -- C:\Users\Roman\xw45cpdy.dyc
 
========== LOP Check ==========
 
[2012.08.31 16:03:42 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox
[2012.08.20 13:28:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\EndNote
[2011.06.09 09:56:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FileZilla
[2011.10.18 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FreePDF
[2011.09.30 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\gtk-2.0
[2008.08.22 13:30:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett Packard
[2011.02.01 13:46:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICAClient
[2009.02.25 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InterVideo
[2009.03.17 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Leadertech
[2010.12.29 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Local
[2010.04.13 11:17:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\M-HTOEFL
[2008.08.31 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nokia
[2008.08.31 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PC Suite
[2011.10.18 21:19:11 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\pdfforge
[2010.01.18 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PeerNetworking
[2012.03.26 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Pinnacle
[2011.03.28 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\QuickScan
[2008.08.27 07:03:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\SampleView
[2011.03.14 23:25:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2010.03.01 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim
[2009.11.19 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim Demo
[2012.08.31 10:24:11 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.07 01:29:12 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC3E9DAD-3CAE-4881-A6FF-68E7ACDA3A43}.job
 
========== Purity Check ==========
 
 

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 31.08.2012 17:12:22 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Roman\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,97% Memory free
4,22 Gb Paging File | 2,95 Gb Available in Paging File | 69,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,28 Gb Total Space | 23,72 Gb Free Space | 23,19% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 0,98 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
 
Computer Name: 6720S-RV | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8F4F52FF-3093-4358-85AD-724A3C0AB119}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{99D86F92-4F7A-4C25-B3CB-80680E32709E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{C7C03B89-7D9A-48E9-AA16-58FA22653DB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04939669-DE76-4FF0-8A42-96A0950067B5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{13F776AF-69D4-4FD5-AEC4-3BFFA9671BE0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1BF1167E-45D1-4B24-B863-7E28A32AAAC1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{1DE7B619-EABE-41FD-89F8-3BE09C01D241}" = protocol=17 | dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | 
"{22277809-FF2D-4F5E-AD39-A005244DA514}" = protocol=17 | dir=in | app=c:\users\roman\appdata\roaming\dropbox\bin\dropbox.exe | 
"{302E0631-B60B-4476-A4B6-0D78435AC204}" = protocol=17 | dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | 
"{40D7055C-02D7-4631-85EA-1E344D3C74D1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{552E8512-ECD3-4D28-B95B-AA82092039D1}" = protocol=17 | dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | 
"{563B7434-EB06-4CB1-A655-B5411A438DF7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{56C22636-D3BD-4D4F-875F-2A565F979B6B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{5F1AF8F3-177F-46F0-A06B-A188E47D6F05}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{65DCF77F-702C-4A23-8DE7-2078169AD70C}" = protocol=6 | dir=in | app=c:\users\roman\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6B831AFC-C738-4C8A-8281-1113EFC04DA2}" = protocol=6 | dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | 
"{809CA8E9-178C-43DB-BCF2-DCB502315D9F}" = protocol=17 | dir=in | app=c:\users\roman\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{905692D8-9911-4C41-ACDD-A9AA6DAAD16F}" = protocol=6 | dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | 
"{929C1408-DBE7-4115-ADC5-4D24B548656E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{AFF2BFC3-617C-4096-8AC0-EBD5D3FE5627}" = protocol=6 | dir=in | app=c:\users\roman\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{CC15CC6C-1EE9-4220-87A5-AE380122FF9E}" = protocol=6 | dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | 
"{D934DAD7-1D80-4642-A859-7F350059256B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{E5B357DB-2B67-45C7-A613-07668DB42FD4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E8EFA40B-FFB4-4D41-A235-7E078ACB9D6E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{F5BE4B69-E063-4F8F-9EB9-336E2A1BFB6F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{FBE82719-A7A9-4742-BD60-70C54CE08D46}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"TCP Query User{0F4D6C5A-4D5C-41C9-B524-FCDF345C1631}C:\users\roman\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\roman\temp\teamviewer\version4\teamviewer.exe | 
"TCP Query User{0F9784A5-1878-476C-91B0-D9F8893E9103}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{299E857F-4BEC-415E-B752-D16907E47113}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{9599364A-BBC6-4DA8-AC27-2C520F860A5E}C:\program files\mozilla firefox 4.0 beta 11\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 11\plugin-container.exe | 
"TCP Query User{D782EA2E-5A0E-4B3E-88AB-7F5EE0CEED5D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{14FC6D54-6AB6-473C-BA2C-1064B55DDB27}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{3C0E0DE7-B346-4BA3-AE06-54B80D5EB4C4}C:\users\roman\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\roman\temp\teamviewer\version4\teamviewer.exe | 
"UDP Query User{488B2714-A19C-44E2-BC2B-5D5172705A7C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{540A7CFF-585C-4AEE-A640-907F9F2B8324}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{9DEF03F1-3941-43E8-8F9F-D5F774F2D5EB}C:\program files\mozilla firefox 4.0 beta 11\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 11\plugin-container.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{613AA85A-DB0D-4F51-907A-ED95678A617D}" = KPMGs_IFRS_Trainer
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DCD7A9A-8B0B-4184-A5D7-C4BDAA31C750}" = Microsoft Office Live Add-in Patches
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep(TM)
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Nur Web
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"FileZilla Client" = FileZilla Client 3.2.6.1
"GPL Ghostscript 9.04" = GPL Ghostscript
"GRE POWERPREP" = GRE POWERPREP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"KaloMa_is1" = KaloMa 4.93
"Kyocera FS-1100 / FS-1300D Printer Library" = Kyocera FS-1100 / FS-1300D Printer Library
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"PROPLUSR" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"TOEFL Official Guide" = TOEFL Official Guide 2.05.0021
"Vensim Demonstration" = Vensim Demonstration
"Vensim PLE" = Vensim PLE
"VLC media player" = VLC media player 2.0.3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"Dropbox" = Dropbox
"The MIT Beer Game" = The MIT Beer Game
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.08.2012 12:33:21 | Computer Name = 6720s-RV | Source = Perflib | ID = 1008
Description = 
 
Error - 26.08.2012 07:36:03 | Computer Name = 6720s-RV | Source = Perflib | ID = 1010
Description = 
 
Error - 26.08.2012 07:36:06 | Computer Name = 6720s-RV | Source = Perflib | ID = 1008
Description = 
 
Error - 30.08.2012 11:08:39 | Computer Name = 6720s-RV | Source = Perflib | ID = 1010
Description = 
 
Error - 30.08.2012 11:08:50 | Computer Name = 6720s-RV | Source = Perflib | ID = 1008
Description = 
 
Error - 30.08.2012 11:20:13 | Computer Name = 6720s-RV | Source = VSS | ID = 12289
Description = 
 
Error - 30.08.2012 12:01:53 | Computer Name = 6720s-RV | Source = VSS | ID = 12310
Description = 
 
Error - 30.08.2012 12:01:53 | Computer Name = 6720s-RV | Source = VSS | ID = 12298
Description = 
 
Error - 30.08.2012 17:50:52 | Computer Name = 6720s-RV | Source = VSS | ID = 8194
Description = 
 
Error - 30.08.2012 21:22:46 | Computer Name = 6720s-RV | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel
 0x4cd2e07b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x74000400,  Prozess-ID 0xa60, Anwendungsstartzeit
 01cd86fb8c5bb2a7.
 
[ OSession Events ]
Error - 07.04.2011 04:06:32 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.05.2011 05:45:22 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 13:49:06 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 13:51:03 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:07:29 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:07:48 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:08:03 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:08:45 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:17:08 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 13.12.2011 08:38:17 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10.08.2012 05:41:22 | Computer Name = 6720s-RV | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.5 für die Netzwerkkarte mit der Netzwerkadresse
 001F3C5D8866 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 11.08.2012 06:31:40 | Computer Name = 6720s-RV | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.109 für die Netzwerkkarte mit der Netzwerkadresse
 001F3C5D8866 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 11.08.2012 09:44:25 | Computer Name = 6720s-RV | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.37 für die Netzwerkkarte mit der Netzwerkadresse
 001F3C5D8866 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 13.08.2012 04:56:42 | Computer Name = 6720s-RV | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.109 für die Netzwerkkarte mit der Netzwerkadresse
 001F3C5D8866 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 15.08.2012 03:52:04 | Computer Name = 6720s-RV | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 24.08.2012 08:52:02 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description = 
 
Error - 25.08.2012 20:08:41 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description = 
 
Error - 30.08.2012 17:51:12 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description = 
 
Error - 30.08.2012 18:03:59 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description = 
 
Error - 31.08.2012 02:52:44 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         

Was kann ich nun tun? Die umbenannte Datei löschen? Irgendwelche anderen Scans machen? Malwarebytes hat ja nichts mehr gefunden... Ich habe nun die Angst, dass irgendwo ein Rootkit installiert ist, bzw. mein PC befallen ist.

Bin für jede Hilfe dankbar!!!


Beste Grüße
Roman

Alt 01.09.2012, 14:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield Befall - Standard

Security Shield Befall



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 01.09.2012, 20:49   #3
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



Vielen lieben Dank für die Antwort!

Im Anhang die Malwarebytes Logs. Habe drei Dateien in Quarantäne. Sollen die gelöscht werden?

Hier noch ein Log von ESET, den ich heute ausgeführt hab.
Code:
ATTFilter
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Toolbar.Widgi Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Roman\AppData\Local\_prdvjrqga.exe	Win32/Adware.SecurityShield.D Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
         
Nochmals danke und auf bald
Roman
__________________
Angehängte Dateien
Dateityp: txt mbam-log-2011-11-07 (19-08-08).txt (1,0 KB, 179x aufgerufen)
Dateityp: txt mbam-log-2011-11-08 (02-21-31).txt (1,0 KB, 140x aufgerufen)
Dateityp: txt mbam-log-2011-11-08 (14-38-36).txt (1,1 KB, 138x aufgerufen)
Dateityp: txt mbam-log-2011-11-12 (03-13-16).txt (1,2 KB, 148x aufgerufen)
Dateityp: txt mbam-log-2011-11-27 (17-11-01).txt (1,0 KB, 134x aufgerufen)
Dateityp: txt mbam-log-2011-12-03 (18-41-26).txt (1,0 KB, 140x aufgerufen)
Dateityp: txt mbam-log-2012-01-09 (21-30-30).txt (2,6 KB, 135x aufgerufen)
Dateityp: txt mbam-log-2012-01-23 (12-36-08).txt (2,2 KB, 155x aufgerufen)
Dateityp: txt mbam-log-2012-02-06 (21-40-11).txt (2,1 KB, 139x aufgerufen)
Dateityp: txt mbam-log-2012-02-07 (13-00-38).txt (2,1 KB, 187x aufgerufen)
Dateityp: txt mbam-log-2012-03-13 (19-26-49).txt (2,1 KB, 142x aufgerufen)
Dateityp: txt mbam-log-2012-03-18 (18-42-47).txt (2,1 KB, 153x aufgerufen)
Dateityp: txt mbam-log-2012-06-03 (16-52-14).txt (2,1 KB, 140x aufgerufen)
Dateityp: txt mbam-log-2012-08-26 (13-56-59).txt (2,1 KB, 140x aufgerufen)
Dateityp: txt mbam-log-2012-08-26 (14-51-47).txt (2,1 KB, 145x aufgerufen)

Alt 02.09.2012, 18:55   #4
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



Habe jetzt darüber hinaus noch mal nen Scan mit Avira gemacht, dass ich immer brav up-to-date gehalten habe. Hatte vor einiger Zeit mal was gefunden und in Quarantäne gesetzt, dann aber nie mehr irgendwas. Waren ein paar False-Positives dabei.

Der wöchentliche Scan am Donnerstag hatte noch nichts gefunden. Der heutige Scan brachte dann das Folgende zu Tage:
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 2. September 2012  15:22

Es wird nach 4204350 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista (TM) Business
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : 6720S-RV

Versionsinformationen:
BUILD.DAT      : 12.0.0.1167    40870 Bytes  18.07.2012 19:07:00
AVSCAN.EXE     : 12.3.0.33     468472 Bytes  08.08.2012 11:06:45
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 17:57:02
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 17:57:03
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 17:57:03
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 17:56:27
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 19:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 10:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 11:57:53
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 15:14:33
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 20:32:21
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 18:32:03
VBASE006.VDF   : 7.11.34.117     2048 Bytes  29.06.2012 18:32:03
VBASE007.VDF   : 7.11.34.118     2048 Bytes  29.06.2012 18:32:03
VBASE008.VDF   : 7.11.34.119     2048 Bytes  29.06.2012 18:32:03
VBASE009.VDF   : 7.11.34.120     2048 Bytes  29.06.2012 18:32:03
VBASE010.VDF   : 7.11.34.121     2048 Bytes  29.06.2012 18:32:03
VBASE011.VDF   : 7.11.34.122     2048 Bytes  29.06.2012 18:32:03
VBASE012.VDF   : 7.11.34.123     2048 Bytes  29.06.2012 18:32:03
VBASE013.VDF   : 7.11.34.124     2048 Bytes  29.06.2012 18:32:03
VBASE014.VDF   : 7.11.38.18   2554880 Bytes  30.07.2012 21:13:17
VBASE015.VDF   : 7.11.38.70    556032 Bytes  31.07.2012 21:13:18
VBASE016.VDF   : 7.11.38.143   171008 Bytes  02.08.2012 13:54:38
VBASE017.VDF   : 7.11.38.221   178176 Bytes  06.08.2012 18:56:02
VBASE018.VDF   : 7.11.39.37    168448 Bytes  08.08.2012 11:06:29
VBASE019.VDF   : 7.11.39.89    131072 Bytes  09.08.2012 11:05:45
VBASE020.VDF   : 7.11.39.145   142336 Bytes  11.08.2012 09:02:06
VBASE021.VDF   : 7.11.39.207   165888 Bytes  14.08.2012 05:05:32
VBASE022.VDF   : 7.11.40.9     156160 Bytes  16.08.2012 11:39:03
VBASE023.VDF   : 7.11.40.49    133120 Bytes  17.08.2012 11:39:03
VBASE024.VDF   : 7.11.40.95    156160 Bytes  20.08.2012 14:26:35
VBASE025.VDF   : 7.11.40.155   181760 Bytes  22.08.2012 14:26:40
VBASE026.VDF   : 7.11.40.205   203264 Bytes  23.08.2012 15:43:53
VBASE027.VDF   : 7.11.41.29    188416 Bytes  27.08.2012 15:05:46
VBASE028.VDF   : 7.11.41.87    250368 Bytes  30.08.2012 15:05:48
VBASE029.VDF   : 7.11.41.88      2048 Bytes  30.08.2012 15:05:48
VBASE030.VDF   : 7.11.41.89      2048 Bytes  30.08.2012 15:05:48
VBASE031.VDF   : 7.11.41.132   201216 Bytes  01.09.2012 17:26:41
Engineversion  : 8.2.10.150
AEVDF.DLL      : 8.1.2.10      102772 Bytes  11.07.2012 07:36:03
AESCRIPT.DLL   : 8.1.4.46      455034 Bytes  24.08.2012 15:46:05
AESCN.DLL      : 8.1.8.2       131444 Bytes  27.01.2012 10:26:26
AESBX.DLL      : 8.2.5.12      606578 Bytes  15.06.2012 19:16:02
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 22:16:06
AEPACK.DLL     : 8.3.0.32      811382 Bytes  24.08.2012 15:45:57
AEOFFICE.DLL   : 8.1.2.42      201083 Bytes  19.07.2012 17:34:51
AEHEUR.DLL     : 8.1.4.94     5230967 Bytes  30.08.2012 15:06:38
AEHELP.DLL     : 8.1.23.2      258422 Bytes  01.07.2012 18:32:05
AEGEN.DLL      : 8.1.5.36      434549 Bytes  24.08.2012 15:44:15
AEEXP.DLL      : 8.1.0.84       90485 Bytes  30.08.2012 15:06:45
AEEMU.DLL      : 8.1.3.2       393587 Bytes  11.07.2012 07:36:02
AECORE.DLL     : 8.1.27.4      201078 Bytes  08.08.2012 11:06:31
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 22:46:01
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 17:57:02
AVPREF.DLL     : 12.3.0.15      51920 Bytes  08.05.2012 17:57:02
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 17:57:03
AVARKT.DLL     : 12.3.0.15     211408 Bytes  08.05.2012 17:57:02
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 17:57:02
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 17:57:03
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  08.08.2012 11:06:45
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 17:57:03
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  08.08.2012 11:06:28
RCTEXT.DLL     : 12.3.0.31     100088 Bytes  08.08.2012 11:06:29

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, F:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Sonntag, 2. September 2012  15:22

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'E:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'F:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'efsui.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'hphc_service.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'WiFiMsg.EXE' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPWAMain.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'QLBCTRL.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'pthosttr.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'scheduler.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqwmiex.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCSHelper.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '146' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlbrowser.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCService.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'BcmSqlStartupSvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'AEADISRV.EXE' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '154' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files\gs\gs9.04\uninstgs.exe
  [WARNUNG]   Unerwartetes Dateiende erreicht
Die Registry wurde durchsucht ( '4026' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Program Files\gs\gs9.04\uninstgs.exe
  [WARNUNG]   Unerwartetes Dateiende erreicht
C:\SwSetup\Roxio\EMC_HP_92\Data1.cab
  [WARNUNG]   Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\SwSetup\Roxio\EMC_HP_92\Data11.cab
  [WARNUNG]   Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J8C0L1HB\Kaloma493[1].zip
  [WARNUNG]   Unerwartetes Dateiende erreicht
C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P9VCML6G\Kaloma493[1].zip
  [WARNUNG]   Unerwartetes Dateiende erreicht
C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UC540P02\Kaloma493[1].zip
  [WARNUNG]   Unerwartetes Dateiende erreicht
C:\Users\Roman\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\37de78e9-7c847dee
  [0] Archivtyp: ZIP
  --> a/mrqb.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.ER
  --> a/jdtzmoehgq.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Rettilic.Gen
  --> a/dkpgqujcwdrsf.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.EP
  --> a/bmvupoetkfzgstk.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ivinest.Gen
  --> a/aqixyd.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-4681.A
  --> jnmxoty
      [FUND]      Ist das Trojanische Pferd TR/Fakealert.faw
Beginne mit der Suche in 'E:\' <OS_TOOLS>
Beginne mit der Suche in 'F:\' <HP_RECOVERY>

Beginne mit der Desinfektion:
C:\Users\Roman\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\37de78e9-7c847dee
  [FUND]      Ist das Trojanische Pferd TR/Fakealert.faw
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56b42803.qua' verschoben!


Ende des Suchlaufs: Sonntag, 2. September 2012  18:15
Benötigte Zeit:  1:59:31 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  34386 Verzeichnisse wurden überprüft
 686448 Dateien wurden geprüft
      6 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 686442 Dateien ohne Befall
   5882 Archive wurden durchsucht
      7 Warnungen
      1 Hinweise
 776872 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
Selbst mir als Laie ist nun klar: Hier ist wohl eine größere Infektion am Laufen. Stellt sich mir nun die Fragen...

(1) Wie schlimm ist es wirklich? Wie "bösartig" sind die Schadprogramme und der Befall insgesamt?
(2) Wie mit der Bereinigung vorgehen? Steps für Datensicherung und ggf. Neuaufspielen von Windows etc. Soll der PC dabei normal ausgeführt werden, oder erst mal nur per Linux-CD gebootet werden?
(3) Und wie der Rechner in Zukunft zu sichern wäre? Also welche Anti-Virus-Programme, ggf. welche Kombination dieser, in Zukunft genutzt werden sollten? Habe wie gesagt bisher auf Avira Free AV und Malwarebytes gesetzt, was jetzt ja keinen ausreichenden Schutz vor der Attacke gebracht hat. Was würden Sie empfehlen? Evtl. ne Sandbox? Hätte das in meinem Fall den Befall verhindern können?


Besten Dank!!!

Geändert von Seprom (02.09.2012 um 19:01 Uhr)

Alt 03.09.2012, 20:30   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield Befall - Standard

Security Shield Befall



Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Im als Administrator geöffneten Browser diesen Link aufrufen => ESET Online Scanner
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.09.2012, 18:06   #6
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



Hier der ESET log, wie aufgetragen:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8c8eebf4012bdd44be3e43aca27d303c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-05 03:01:28
# local_time=2012-09-05 05:01:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 24886246 24886246 0 0
# compatibility_mode=5892 16776573 100 100 68325 184376935 0 0
# compatibility_mode=8192 67108863 100 0 156 156 0 0
# scanned=224125
# found=0
# cleaned=0
# scan_time=13054
         
Was nun?

Vielen Dank im Voraus!!!


lg Roman

Alt 06.09.2012, 13:24   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield Befall - Standard

Security Shield Befall



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.09.2012, 16:09   #8
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



Hier das log vom AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.001 - Datei am 09/11/2012 um 16:06:22 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzer : Roman - 6720S-RV
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Roman\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Roman\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Roman\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19298

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1101 octets] - [11/09/2012 16:06:22]

########## EOF - C:\AdwCleaner[R1].txt - [1161 octets] ##########
         

Was als nächstes?

Alt 11.09.2012, 22:15   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield Befall - Standard

Security Shield Befall



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.09.2012, 21:37   #10
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



Hier die nächste Log-Datei:

Code:
ATTFilter
# AdwCleaner v2.001 - Datei am 09/13/2012 um 21:23:59 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzer : Roman - 6720S-RV
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Roman\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Roman\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Roman\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19298

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1230 octets] - [11/09/2012 16:06:22]
AdwCleaner[S1].txt - [1606 octets] - [13/09/2012 21:23:59]

########## EOF - C:\AdwCleaner[S1].txt - [1666 octets] ##########
         

What's next?

Alt 14.09.2012, 14:55   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield Befall - Standard

Security Shield Befall



Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.09.2012, 21:18   #12
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



Hallo!

zu 1.) normale Modus geht und ging die ganze Zeit uneingeschränkt. War nur ein wenig langsam. Vor allem im Internet, also unter Browsernutzung (Firefox).
zu 2.) Sieht alles normal aus. Vermisse jetzt auf Anhieb keine Ordner. Alle Ordner sind gefüllt, bis auf Windows PowerShell 1.0. Allerdings kann ich dir nicht sagen, ob der jemals gefüllt war, da ich den meines Wissens noch nie geöffnet habe.

Wir sind noch nicht fertig, wie du sagtest. Mit was geht's weiter?

Beste Grüße

Alt 20.09.2012, 12:21   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield Befall - Standard

Security Shield Befall



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.09.2012, 13:41   #14
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



FEHLER... wurde zweimal eingestellt, weil ich anfangs auf Direktantwort geklickt habe... Daher das hier ignorieren und weiter unten weiter lesen...

Geändert von Seprom (21.09.2012 um 13:49 Uhr)

Alt 21.09.2012, 13:42   #15
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



Hier das Log:

Code:
ATTFilter
OTL logfile created on: 21.09.2012 13:10:52 - Run 2
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Users\Roman\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,75% Memory free
4,22 Gb Paging File | 2,71 Gb Available in Paging File | 64,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,28 Gb Total Space | 24,09 Gb Free Space | 23,55% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 0,98 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
 
Computer Name: 6720S-RV | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.21 13:09:30 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Downloads\OTL.exe
PRC - [2012.09.11 17:28:42 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.08 13:06:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 19:57:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:57:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:57:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2009.11.11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.01.09 16:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.11 17:28:42 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2009.07.02 00:46:06 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.08.24 14:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.06.08 10:05:38 | 000,274,432 | ---- | M] () -- C:\Windows\System32\flcdlmsg.dll
MOD - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
MOD - [2007.03.29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.03.29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007.02.15 17:37:00 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.21 12:13:45 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.11 17:28:42 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 19:57:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:57:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.06.08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 19:57:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:57:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.08.27 13:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.08.07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.07.27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010.07.27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.07.27 08:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.11 11:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010.02.25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009.08.24 10:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2009.04.29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008.12.05 07:55:40 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.11.21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.10.12 03:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 02:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2007.09.14 17:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.06.08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007.01.29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007.01.29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2B837857-67A1-4C72-9DB1-2D2A378C9A78}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{0579B8E0-5480-4051-A82C-8636BF5C2F2B}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{169537B5-61AE-469C-BB97-83FD10990702}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{2B837857-67A1-4C72-9DB1-2D2A378C9A78}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{4C6E59F8-C3A3-48C7-AA8E-C321635D00E4}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{6247DA3A-9DCB-4910-A6D3-9BB1D862BB58}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{D60D28A7-939B-4DA6-A7F2-7FD457008A6B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.05 14:29:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011.01.06 15:43:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 17:28:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.11 17:28:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011.01.06 15:43:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 17:28:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.11 17:28:36 | 000,000,000 | ---D | M]
 
[2012.04.18 13:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Extensions
[2012.08.30 17:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions
[2012.04.18 13:59:15 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.04.18 13:59:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.08.30 17:06:25 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\extensions\extension@ciuvo.com.xpi
[2012.07.26 12:26:28 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.18 14:10:35 | 000,001,692 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\alle-preise---guenstigerde.xml
[2012.08.19 20:32:45 | 000,012,703 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\imdb.xml
[2012.04.18 14:06:26 | 000,002,322 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\openthesaurus.xml
[2012.04.18 14:02:19 | 000,002,006 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\urban-dictionary.xml
[2012.04.18 14:02:41 | 000,001,330 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\wikipedia-en.xml
[2012.04.18 14:02:55 | 000,002,446 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\wiktionary-de.xml
[2012.04.18 14:01:58 | 000,001,997 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\wolframalpha.xml
[2012.04.22 21:15:19 | 000,002,057 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\youtube-videosuche.xml
[2012.09.11 17:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.11 17:28:42 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 01:20:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AE68D5B-3AD6-42B3-A1A7-304EE002046D}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3992FE55-F80B-4794-AA86-7FF9206DA54C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62E1A4B8-18E1-400D-85B6-74F40BA9D696}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6863DED-BCB9-4047-820F-43F1C596DE39}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{034c157c-b0f4-11de-9a1b-001f2991aeb0}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe
O33 - MountPoints2\{4ab35dfd-fcaf-11e0-ac37-001f3c5d8866}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab35dfd-fcaf-11e0-ac37-001f3c5d8866}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4ab35e48-fcaf-11e0-ac37-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab35e48-fcaf-11e0-ac37-001e101f2b52}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{67af874b-956d-11de-800b-001f2991aeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{67af874b-956d-11de-800b-001f2991aeb0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{67af876d-956d-11de-800b-001f2991aeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{67af876d-956d-11de-800b-001f2991aeb0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\AutoRun\command - "" = ps.bat
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\explore\Command - "" = ps.bat
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\open\Command - "" = ps.bat
O33 - MountPoints2\{98fda891-21ae-11e1-a3ff-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{98fda891-21ae-11e1-a3ff-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f530994e-ce03-11de-99bc-001f2991aeb0}\Shell\AutoRun\command - "" = G:\avira.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk - C:\Programme\InterVideo\DVD Check\DVDCheck.exe - (InterVideo Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\Hp\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= -  File not found
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PMCLoader - hkey= - key= - C:\Programme\Pinnacle\TVCenter Pro\PMCLoader.exe (Pinnacle Systems GmbH)
MsConfig - StartUpReg: PMCRemote - hkey= - key= - C:\Programme\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
MsConfig - StartUpReg: RemoTerm.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WatchDog - hkey= - key= - C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.19 21:32:10 | 000,000,000 | ---D | C] -- C:\Windows\QLB
[2012.09.11 17:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.05 14:45:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\MPK
[2012.09.03 15:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.03 15:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.08.31 17:29:33 | 000,000,000 | ---D | C] -- C:\Users\Roman\Desktop\Trojaner Board
[2012.08.31 00:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.31 00:10:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.31 00:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.21 13:13:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.21 12:39:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.21 12:25:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job
[2012.09.21 12:20:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.21 12:12:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.21 12:12:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.21 12:12:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.21 12:11:43 | 2136,297,472 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.21 12:07:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.21 12:00:45 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.09.21 12:00:45 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.09.21 12:00:33 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.09.19 20:26:07 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.06 19:48:32 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.09.06 14:11:41 | 000,651,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.06 14:11:41 | 000,125,532 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.06 14:11:40 | 000,695,968 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.06 14:11:40 | 000,154,444 | ---- | M] () -- C:\Windows\System32\perfc007.dat
 
========== Files Created - No Company Name ==========
 
[2012.09.21 12:00:33 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.08.02 14:19:21 | 000,000,218 | ---- | C] () -- C:\Users\Roman\.recently-used.xbel
[2012.08.02 14:19:18 | 000,000,314 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\psppirerc
[2012.03.26 23:22:05 | 000,000,093 | ---- | C] () -- C:\Users\Roman\AppData\Local\fusioncache.dat
[2012.03.26 23:22:00 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2012.03.26 23:22:00 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2012.03.26 23:21:59 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2012.03.26 23:21:59 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2012.03.26 23:21:59 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2011.11.06 22:08:42 | 000,278,386 | ---- | C] () -- C:\Users\Roman\AppData\Local\census.cache
[2011.11.06 22:08:14 | 000,201,735 | ---- | C] () -- C:\Users\Roman\AppData\Local\ars.cache
[2011.11.06 21:57:45 | 000,000,036 | ---- | C] () -- C:\Users\Roman\AppData\Local\housecall.guid.cache
[2011.10.18 21:19:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.06 22:59:20 | 000,078,210 | ---- | C] () -- C:\Windows\hpqins05.dat
[2011.01.06 15:15:07 | 000,214,743 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010.01.18 21:49:03 | 000,024,206 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\UserTile.png
[2009.12.29 14:42:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.18 16:56:53 | 000,000,680 | ---- | C] () -- C:\Users\Roman\AppData\Local\d3d9caps.dat
[2008.08.31 23:15:11 | 000,038,442 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2008.08.31 21:23:24 | 000,038,437 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2008.08.28 20:20:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.27 20:07:43 | 000,211,968 | ---- | C] () -- C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.25 22:13:44 | 000,001,074 | RH-- | C] () -- C:\Users\Roman\XrxWm.ini
[2008.08.25 22:13:44 | 000,000,522 | RH-- | C] () -- C:\Users\Roman\xw45cpdy.dyc
 
========== ZeroAccess Check ==========
 
[2007.03.29 15:41:28 | 000,000,165 | ---- | M] () -- C:\Users\All Users\Macrovision\FLEXnet Connect\6\ui\images\u.gif
[2012.07.19 15:05:54 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Roman\AppData\Roaming\Dropbox\shellext\l
[2012.05.15 11:19:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\LocalLow\Microsoft\Silverlight\is\oroshhpr.f2v\a40h5abu.nl5\1\l
[2012.09.06 19:31:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox\l
[2012.06.12 12:38:26 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox\installer\l
[2012.09.21 13:09:22 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox\shellext\l
[2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2012.09.21 12:41:48 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox
[2012.09.11 17:53:24 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\EndNote
[2011.06.09 09:56:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FileZilla
[2011.10.18 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FreePDF
[2011.09.30 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\gtk-2.0
[2008.08.22 13:30:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett Packard
[2011.02.01 13:46:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICAClient
[2009.02.25 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InterVideo
[2009.03.17 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Leadertech
[2010.12.29 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Local
[2010.04.13 11:17:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\M-HTOEFL
[2008.08.31 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nokia
[2008.08.31 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PC Suite
[2010.01.18 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PeerNetworking
[2012.03.26 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Pinnacle
[2011.03.28 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\QuickScan
[2008.08.27 07:03:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\SampleView
[2011.03.14 23:25:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2010.03.01 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim
[2009.11.19 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim Demo
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.10 14:42:50 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Adobe
[2011.11.22 13:34:51 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Avira
[2010.03.22 13:53:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\DivX
[2012.09.21 12:41:48 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox
[2010.11.05 17:49:32 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\dvdcss
[2012.09.11 17:53:24 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\EndNote
[2011.06.09 09:56:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FileZilla
[2011.10.18 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FreePDF
[2008.12.10 11:11:51 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\GTek
[2011.09.30 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\gtk-2.0
[2008.08.22 13:30:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett Packard
[2008.12.10 12:33:46 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett-Packard
[2009.12.13 22:59:30 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\HP
[2011.03.29 20:18:31 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\HpUpdate
[2011.02.01 13:46:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICAClient
[2008.08.22 13:37:48 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Identities
[2008.08.22 13:27:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InstallShield
[2012.03.26 23:19:54 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InstallShield Installation Information
[2009.02.25 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InterVideo
[2009.03.17 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Leadertech
[2010.12.29 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Local
[2010.04.13 11:17:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\M-HTOEFL
[2008.08.22 13:37:28 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Macromedia
[2009.08.31 09:14:09 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Macrovision
[2011.11.07 19:58:45 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Malwarebytes
[2011.01.26 00:53:16 | 000,000,000 | --SD | M] -- C:\Users\Roman\AppData\Roaming\Microsoft
[2012.09.19 20:27:13 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Mozilla
[2008.08.31 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nokia
[2008.08.31 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PC Suite
[2010.01.18 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PeerNetworking
[2012.03.26 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Pinnacle
[2011.03.28 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\QuickScan
[2012.03.11 18:25:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Roxio
[2008.08.27 07:03:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\SampleView
[2012.09.21 13:07:33 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Skype
[2010.11.28 17:11:45 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\skypePM
[2011.03.14 23:25:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2010.03.01 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim
[2009.11.19 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim Demo
[2012.08.15 16:40:19 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2007.02.15 14:32:38 | 000,114,176 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Roman\AppData\Roaming\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\setup.exe
[2011.11.16 17:41:18 | 000,045,126 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_00A2B159EC25728DD0F170.exe
[2011.11.16 17:41:18 | 000,045,126 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_0F16B68AE7780754B68FFC.exe
[2011.11.16 17:41:18 | 000,045,126 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_6FEFF9B68218417F98F549.exe
[2011.01.26 00:53:16 | 000,038,480 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\ARPICON.80486C74_ABED_4227_AF5C_9B1791CFA89C.exe
[2011.01.26 00:53:16 | 000,038,480 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
[2011.01.26 00:53:16 | 000,038,480 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\Icon80951CEC.exe.C76E2E86_AE54_4AF5_997C_63EBB83C7651.exe
[2011.01.26 00:53:16 | 000,026,192 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\Iconlights.ico.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.12.14 02:32:14 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007.12.14 02:32:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007.12.14 02:32:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.08.22 16:49:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.08.22 16:49:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.08.22 16:49:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\SwSetup\Drivers\32\HDD\iastor.sys
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.12.14 10:42:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.12.14 10:42:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.09.21 12:00:33 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2012.09.21 12:00:33 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2008.01.19 09:34:21 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
<           >
[2006.11.02 15:01:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:23 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008.08.22 17:16:07 | 000,000,418 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC3E9DAD-3CAE-4881-A6FF-68E7ACDA3A43}.job
[2009.11.30 22:19:22 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.11.30 22:19:23 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.07.15 22:06:29 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job
[2010.07.15 22:06:30 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job
[2012.04.12 15:45:56 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >
         

Gut? Schlecht? Was kann man daraus lesen? Was nun?

Antwort

Themen zu Security Shield Befall
32 bit, 7-zip, antivir, aufrufe, autorun, avg, avira, bho, desktop, error, firefox, flash player, format, ftp, google, google earth, install.exe, launch, logfile, löschen?, microsoft office 2003, mozilla, office 2007, officejet, registry, rootkit, rundll, scan, security, server, software, svchost.exe, udp, vista



Ähnliche Themen: Security Shield Befall


  1. Security Shield
    Log-Analyse und Auswertung - 07.11.2012 (23)
  2. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (11)
  3. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (15)
  4. My Security Shield
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (34)
  5. My Security Shield
    Log-Analyse und Auswertung - 12.07.2012 (14)
  6. Security Shield auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 08.07.2012 (7)
  7. Security Shield
    Log-Analyse und Auswertung - 04.07.2012 (1)
  8. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 01.07.2012 (1)
  9. Security Shield -Was nun?-
    Log-Analyse und Auswertung - 29.06.2012 (1)
  10. my security shield
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  11. Security Shield
    Log-Analyse und Auswertung - 28.06.2012 (5)
  12. security shield
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (1)
  13. Nach Security Shield - Scan sind Kopien meiner Dateien da verursacht von Sec.Shield - Was tun ?
    Log-Analyse und Auswertung - 13.04.2012 (57)
  14. Security Shield ?
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (17)
  15. Security shield
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (15)
  16. Production Security Services- Problem nach Security Shield Attacke
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (14)
  17. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 27.05.2011 (1)

Zum Thema Security Shield Befall - Hallo zusammen, ich habe mir wohl gestern Abend, durch einen Klick auf einen Suchvorschlag von Google, "My Security Shield" via Drive-by-Installation eingefangen. Zumindest glichen die Symptome den hier ( http://www.trojaner-board.de/119340-...d-inaktiv.html - Security Shield Befall...
Archiv
Du betrachtest: Security Shield Befall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.