Bei Windowsstart --> Website nicht gefunden

KoksOor · 27.10.2012, 18:18

Hallo ich habe mir kürzlich einen Virus eingefangen und zwar stürzte mein PC ab. Als ich diesen dann Neustartete kam ein Vollbildfenster indem Stand Website konnte nicht gefunden werden. Also hab ich als erstes meine Kaspersky Rescue Disk drüber laufen lassen. Als diese nichts gefunden hatte hab ich Windows abgesichert gestartet und ein paar Sachen aus meinem Autostart genommen. Seitdem ist das Problem nicht mehr vorhanden aber der Virus vermutlich ja noch irgendwo vorhanden also habe ich einen vollständigen Scan mit meinem Avast antivir free gemacht und dieses hat ein paar Sachen gefunden die ich in den Container habe.(siehe Screenshot) Ich wäre froh wenn mir jemand helfen kann meinen PC zu reinigen weil seitdem Virus trau ich mich nicht mehr in mein Online Banking =(.
Danke schonmal im vorraus =)
Hier noch meine Logfiles

Zitat:

OTL logfile created on: 27.10.2012 17:51:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tim\Desktop\Trojaner Board
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,70% Memory free
8,00 Gb Paging File | 6,14 Gb Available in Paging File | 76,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 17,80 Gb Free Space | 18,23% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 446,62 Gb Free Space | 53,56% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 10,24 Gb Free Space | 1,10% Space Free | Partition Type: NTFS

Computer Name: ANNA | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.27 17:43:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\Trojaner Board\OTL.exe
PRC - [2012.09.03 09:13:08 | 000,188,760 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.09.02 17:06:14 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012.08.31 16:02:02 | 007,553,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.08.31 16:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.31 15:55:18 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.13 16:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.05 22:32:32 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.23 16:55:34 | 000,191,440 | ---- | M] (QIP.ru) -- C:\Users\Tim\AppData\Roaming\QipGuard\QipGuard.exe
PRC - [2012.03.23 16:55:34 | 000,191,440 | ---- | M] (QIP.ru) -- C:\Program Files (x86)\QipGuard\QipGuard.exe
PRC - [2012.01.09 10:56:26 | 000,884,120 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe
PRC - [2011.11.03 20:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.04.04 14:56:00 | 000,556,072 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2011.01.05 11:08:58 | 000,315,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2010.11.22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2010.07.22 19:02:52 | 005,344,776 | ---- | M] (ASRock) -- C:\Program Files (x86)\ASRock Utility\OCTuner\ASROC.exe
PRC - [2010.06.18 12:54:54 | 002,181,744 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

========== Modules (No Company Name) ==========

MOD - [2012.10.08 22:31:07 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012.03.23 16:55:32 | 000,185,808 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\QipGuard\chrome.dll
MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [1998.10.31 11:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool\TBManage.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012.09.13 15:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.08 22:31:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.03 11:45:14 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.03 09:13:08 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.08.31 16:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.05 22:32:32 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.03.23 16:55:34 | 000,191,440 | ---- | M] (QIP.ru) [Auto | Running] -- C:\Program Files (x86)\QipGuard\QipGuard.exe -- (QipGuard)
SRV - [2012.01.09 10:56:26 | 000,884,120 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe -- (WO_LiveService)
SRV - [2011.11.03 20:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.07.01 11:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.03.01 19:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.01.21 17:22:30 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.01.21 17:20:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.11.22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.10.20 12:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.24 22:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe -- (DfSdkS)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.13 02:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.09.19 10:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.06.27 19:44:09 | 000,025,216 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\droidcam.sys -- (DroidCam)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.07.01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.06.08 17:31:30 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.06.08 17:31:30 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.05.10 14:04:08 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.05.10 14:04:07 | 000,287,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.05.10 14:02:41 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.05.10 13:59:59 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.05.10 13:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.05.10 13:59:37 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.05.10 11:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 17:02:22 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2011.02.08 17:55:21 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011.01.15 19:52:47 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.15 19:42:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.08.24 19:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.07.12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.04.27 04:25:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2010.04.27 04:25:14 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2010.04.27 04:25:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2010.04.19 21:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.02.26 15:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010.02.26 15:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.02.26 15:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010.02.26 15:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010.02.26 15:21:22 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.02.26 15:21:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010.01.22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.10.19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.09.11 21:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009.09.11 21:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009.09.11 21:48:58 | 000,036,872 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2009.09.11 21:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.09.11 21:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.13 02:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008.11.04 14:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (Magic Tune)
DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2011.03.08 06:01:06 | 000,012,824 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor64.sys -- (LiveTunerPM)
DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007.03.16 11:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{AE5C0651-C0E2-4161-86E2-F61F7C6910E7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyI8KkmS8&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "QIP Search"
FF - prefs.js..browser.startup.homepage: "hxxp://qip.ru"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledItems: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.485
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.14 16:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.05 03:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.05 03:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.14 16:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.28 09:37:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.16 13:40:47 | 000,000,000 | ---D | M]

[2011.01.10 20:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Extensions
[2012.09.23 03:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\1vgag5xr.default\extensions
[2011.05.23 22:17:37 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\1vgag5xr.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2012.07.16 20:57:35 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\1vgag5xr.default\extensions\ffxtlbr@incredibar.com
[2011.01.15 19:52:37 | 000,002,059 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\1vgag5xr.default\searchplugins\daemon-search.xml
[2012.07.16 20:57:03 | 000,002,203 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\1vgag5xr.default\searchplugins\MyStart Search.xml
[2012.08.26 18:05:26 | 000,002,062 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\1vgag5xr.default\searchplugins\qip-search.xml
[2011.12.30 19:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.04.05 03:01:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt

-- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.05 03:01:03 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2012.09.14 16:22:10 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.01.15 17:43:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.15 17:43:23 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.15 17:43:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.15 17:43:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.15 17:43:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.04.20 23:31:30 | 000,002,294 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 74.208.10.249 gs.apple.com
O1 - Hosts: 127.0.0.1 www.nero.com
O1 - Hosts: 127.0.0.1 www.nero.com/rus/index.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/support.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/store-upgrade-center.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/store-volume-licensing.html
O1 - Hosts: 127.0.0.1 www.nero.com/eng/index.html
O1 - Hosts: 127.0.0.1 www.nero.com/enu/support-nero8.html
O1 - Hosts: 127.0.0.1 my.nero.com
O1 - Hosts: 127.0.0.1 secure.nero.com/us/secure.asp
O1 - Hosts: 22 more lines...
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKCU..\Run: [ASRockIES] File not found
O4 - HKCU..\Run: [ASRockOCTuner] File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX635FWD" File not found
O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\Tim\AppData\Roaming\QipGuard\QipGuard.exe (QIP.ru)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [zASRockInstantBoot] File not found
O4:64bit: - HKLM..\RunOnceEx: [TITLE] Installiere Addons File not found
O4 - Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29FA18EE-467A-44B0-B299-B058FE7FCC05}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36C0209B-FB36-4409-AF32-664D2398D5F8}: DhcpNameServer = 10.129.32.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9AF4E54-C11F-4517-BDC5-C06C97BB7A6A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B58319BC-6948-41A8-811A-37260978BC53}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8DFC98F-B86F-43E0-9560-8684CA73D560}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D17D7B94-A785-41E0-BBA2-3C28385DF007}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.14 10:00:22 | 000,008,192 | ---- | M] (Microsoft) - H:\AutoOff.exe -- [ NTFS ]
O32 - AutoRun File - [2010.02.10 05:55:03 | 009,965,568 | ---- | M] () - H:\autorun.dat -- [ NTFS ]
O32 - AutoRun File - [2011.01.06 15:40:39 | 000,000,000 | ---- | M] () - H:\AUTORUN.FCB -- [ NTFS ]
O32 - AutoRun File - [2011.11.16 19:40:07 | 000,000,100 | ---- | M] () - H:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2010.01.20 12:02:34 | 000,000,065 | ---- | M] () - H:\autorun.unf -- [ NTFS ]
O33 - MountPoints2\{4696dfde-f0e2-11df-92b7-00252261a925}\Shell - "" = AutoRun
O33 - MountPoints2\{4696dfde-f0e2-11df-92b7-00252261a925}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{67c7dea4-20a4-11e0-8500-00252261a925}\Shell - "" = AutoRun
O33 - MountPoints2\{67c7dea4-20a4-11e0-8500-00252261a925}\Shell\AutoRun\command - "" = G:\hmh-dishonored.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.27 17:42:43 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Trojaner Board
[2012.10.22 18:15:51 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.10.22 18:09:10 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.10.22 16:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\gckaplcpqavuotx
[2012.10.13 19:17:33 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\rar31076
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Tim\Documents\*.tmp files -> C:\Users\Tim\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.10.27 17:47:53 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.27 17:47:53 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.27 17:40:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.27 17:39:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012.10.27 17:39:24 | 000,000,020 | ---- | M] () -- C:\Users\Tim\defogger_reenable
[2012.10.27 17:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.27 17:29:35 | 000,918,818 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.27 17:29:35 | 000,713,350 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.27 17:29:35 | 000,155,096 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.27 17:29:35 | 000,044,228 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.27 17:29:35 | 000,020,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.26 06:33:40 | 000,272,351 | ---- | M] () -- C:\Users\Tim\Desktop\20121023160202-0460cc6a.jpg
[2012.10.23 20:08:56 | 000,000,033 | ---- | M] () -- C:\ProgramData\droidcam-settings
[2012.10.23 19:41:25 | 000,000,995 | ---- | M] () -- C:\Users\Tim\Desktop\Dishonored.lnk
[2012.10.22 21:57:16 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.10.22 18:22:36 | 000,000,766 | ---- | M] () -- C:\Users\Tim\Documents\registry.reg
[2012.10.22 16:03:31 | 000,076,352 | ---- | M] () -- C:\ProgramData\hqstmsukmpmbngn
[2012.10.16 15:55:31 | 729,696,256 | ---- | M] () -- C:\Users\Tim\Desktop\ubuntu-10.10-netbook-i386.iso
[2012.10.12 21:11:32 | 001,377,959 | ---- | M] () -- C:\Users\Tim\Documents\Tami brief.pdf
[2012.10.04 16:33:27 | 000,391,149 | ---- | M] () -- C:\Users\Tim\Desktop\Q3.pdf
[2012.09.30 15:30:19 | 000,718,350 | ---- | M] () -- C:\Users\Tim\Desktop\2012-09-30 15.29.00.jpg
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Tim\Documents\*.tmp files -> C:\Users\Tim\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.10.27 17:39:24 | 000,000,020 | ---- | C] () -- C:\Users\Tim\defogger_reenable
[2012.10.26 06:33:40 | 000,272,351 | ---- | C] () -- C:\Users\Tim\Desktop\20121023160202-0460cc6a.jpg
[2012.10.23 19:41:25 | 000,000,995 | ---- | C] () -- C:\Users\Tim\Desktop\Dishonored.lnk
[2012.10.22 21:57:16 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.10.22 21:57:16 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.10.22 18:22:36 | 000,000,766 | ---- | C] () -- C:\Users\Tim\Documents\registry.reg
[2012.10.22 16:03:26 | 000,076,352 | ---- | C] () -- C:\ProgramData\hqstmsukmpmbngn
[2012.10.16 15:54:10 | 729,696,256 | ---- | C] () -- C:\Users\Tim\Desktop\ubuntu-10.10-netbook-i386.iso
[2012.10.12 21:09:49 | 001,377,959 | ---- | C] () -- C:\Users\Tim\Documents\Tami brief.pdf
[2012.10.04 16:33:27 | 000,391,149 | ---- | C] () -- C:\Users\Tim\Desktop\Q3.pdf
[2012.09.30 15:30:11 | 000,718,350 | ---- | C] () -- C:\Users\Tim\Desktop\2012-09-30 15.29.00.jpg
[2012.06.27 19:45:15 | 000,000,033 | ---- | C] () -- C:\ProgramData\droidcam-settings
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.09 21:57:20 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012.03.26 21:00:44 | 000,041,151 | ---- | C] () -- C:\Users\Tim\ESt2011_Krzyzanowski_Tim_Aaron.elfo
[2011.12.27 11:35:38 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2011.12.19 20:13:52 | 000,003,584 | ---- | C] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.11 21:08:22 | 000,035,270 | ---- | C] () -- C:\Users\Tim\.TransferManager.db
[2011.11.12 16:09:00 | 000,001,231 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\Roaming - Verknüpfung.lnk
[2011.10.01 19:51:49 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.01 19:51:46 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.01 16:36:28 | 000,028,160 | ---- | C] () -- C:\Users\Tim\syslinux.exe
[2011.10.01 16:36:28 | 000,000,237 | ---- | C] () -- C:\Users\Tim\syslinux.cfg
[2011.10.01 16:36:27 | 000,237,849 | ---- | C] () -- C:\Users\Tim\grub.exe
[2011.08.04 16:07:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.04.21 22:16:45 | 000,000,306 | ---- | C] () -- C:\Windows\game.ini
[2011.04.21 11:21:13 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2011.04.20 23:27:13 | 000,000,000 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\.NANotifyHere
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.02.28 22:47:22 | 000,007,650 | ---- | C] () -- C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
[2011.02.25 17:41:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.01.28 22:21:47 | 000,001,075 | ---- | C] () -- C:\Users\Tim\Dokumente - Verknüpfung.lnk
[2011.01.16 15:24:58 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.01.15 22:14:23 | 000,142,156 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.01.10 20:07:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.11.30 19:44:09 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.11.15 18:32:32 | 000,899,520 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.15 18:27:22 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll
[2010.11.15 18:27:22 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2010.11.15 18:27:22 | 000,052,836 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2010.11.15 18:27:21 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe
[2010.11.15 18:27:21 | 000,004,172 | ---- | C] () -- C:\Windows\unins002.dat
[2010.11.15 18:26:58 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe
[2010.11.15 18:26:58 | 000,007,953 | ---- | C] () -- C:\Windows\unins001.dat
[2010.11.15 18:26:42 | 000,709,724 | ---- | C] () -- C:\Windows\unins000.exe
[2010.11.15 18:26:42 | 000,010,275 | ---- | C] () -- C:\Windows\unins000.dat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011.01.13 02:45:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Armagetron
[2010.12.19 17:42:37 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\DAEMON Tools Lite
[2011.06.24 18:05:04 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Day 1 Studios
[2011.12.30 07:15:26 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\DC++
[2012.10.27 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Dropbox
[2012.03.26 20:39:51 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\elsterformular
[2012.05.12 19:34:55 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Epson
[2012.06.03 02:48:33 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\FileZilla
[2012.01.19 08:12:17 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\HTC
[2011.12.30 22:51:44 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.07.07 14:19:37 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ICQ
[2011.03.21 00:36:09 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Leadertech
[2011.02.01 19:45:41 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\NCH Swift Sound
[2011.01.24 19:09:56 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Nokia
[2011.01.13 22:47:59 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Notepad++
[2012.03.27 17:58:36 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Opera
[2011.11.12 18:38:42 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Origin
[2011.01.10 21:14:09 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PC Suite
[2012.08.26 18:05:26 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\QIP
[2012.08.26 18:05:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\QipGuard
[2011.10.18 19:21:39 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Quake3
[2012.06.12 18:35:21 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Samsung
[2012.07.16 20:37:59 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SendSpace
[2011.01.24 18:02:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TeamViewer
[2012.06.22 19:42:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Temp
[2011.08.07 19:46:22 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TS3Client
[2011.02.25 19:22:27 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Tunngle
[2011.12.29 19:30:59 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Ubisoft

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 374 bytes -> C:\Users\Tim\Desktop\2012-09-30 15.29.00.jpg:com.dropbox.attributes

< End of report >

kira · 27.10.2012, 22:27

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Hilfeleistung - geplante Vorgehensweise:

Problemsuche
Problembeseitigung/Systembereinigung
Verwendete Programme deinstallieren/entfernen
Thema abschließen: Tipps zur Computersicherheit

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
kann ich nicht zuordnen, um was handelt es sich dabei ?:

Code:

ATTFilter

C:\ProgramData\hqstmsukmpmbngn

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

KoksOor · 03.11.2012, 18:00

1.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tim :: ANNA [Administrator]

01.11.2012 18:37:05
mbam-log-2012-11-01 (18-37-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 703502
Laufzeit: 1 Stunde(n), 47 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Tim\Desktop\Key\Key-Generator\keygen.exe (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\InstallShield\_isdel.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\_isdel.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Games\DiRT 3\paul.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Games\DiRT 3\SKIDROW.dll (Trojan.Downloader.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

2. Keine Ahnung aber die Datei existiert seit dem 22.10 seitdem ich auch den Virus hatte also hab ich sie mal gescannt hat nix ergeben aber ich hab sie trotzdem einmal gelöscht

3.

Code:

ATTFilter

7-Zip 4.65 (x64 edition)	Igor Pavlov	15.11.2010	3,98MB	4.65.00.0
Acrobat.com	Adobe Systems Incorporated	21.01.2011		1.1.377
Adobe AIR	Adobe Systems Incorporated	23.06.2012		3.2.0.2070
Adobe Anchor Service x64 CS4		15.11.2010		
Adobe CMaps x64 CS4		15.11.2010		
Adobe Creative Suite 4 Master Collection	Adobe Systems Incorporated	21.01.2011	7,86GB	4.0
Adobe CSI CS4 x64		15.11.2010		
Adobe Drive CS4 x64		15.11.2010		
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	08.10.2012	6,00MB	11.4.402.287
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	08.10.2012	6,00MB	11.4.402.287
Adobe Fonts All x64		15.11.2010		
Adobe InDesign CS4 Icon Handler x64		15.11.2010		
Adobe Linguistics CS4 x64		15.11.2010		
Adobe Media Player	Adobe Systems Incorporated	21.01.2011		1.1
Adobe PDF Library Files x64 CS4		15.11.2010		
Adobe Photoshop CS4 (64 Bit)		15.11.2010		
Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	16.08.2012	169MB	10.1.4
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	15.11.2010		11.5.7.609
Adobe Type Support x64 CS4		15.11.2010		
Adobe WinSoft Linguistics Plugin x64		15.11.2010		
Allgemeine Runtime Files (x86)	Sereby Corporation	15.11.2010		1.0.2.0
Apple Application Support	Apple Inc.	30.07.2012	61,0MB	2.1.9
Apple Mobile Device Support	Apple Inc.	30.07.2012	24,5MB	5.2.0.6
Apple Software Update	Apple Inc.	23.03.2012	2,38MB	2.1.3.127
Ashampoo WinOptimizer 8 v.8.14	Ashampoo GmbH & Co. KG	10.02.2012	72,5MB	8.1.4
ASRock IES v2.0.91		15.11.2010	9,79MB	
ASRock InstantBoot v1.24		15.11.2010		
ASRock OC Tuner v2.4.4		15.11.2010		
Assassins Creed Revelations		24.11.2011		1.0.0
ATI Catalyst Install Manager	ATI Technologies, Inc.	15.11.2010	22,1MB	3.0.762.0
avast! Free Antivirus	AVAST Software	08.06.2011		6.0.1125.0
Benutzerhandbuch EPSON BX635FWD Series		09.05.2012		
Call of Duty: Black Ops	Treyarch	04.12.2010		
Call of Duty: Black Ops - Multiplayer	Treyarch	11.05.2011		
Call of Duty: Modern Warfare 3 - Dedicated Server	Infinity Ward - Sledgehammer Games	12.12.2011		
Call of Duty: Modern Warfare 3 - Multiplayer	Infinity Ward - Sledgehammer Games	10.11.2011		
CCleaner	Piriform	24.10.2012		3.24
Counter-Strike: Global Offensive		23.08.2012		
Counter-Strike: Source	Valve	01.01.2011		
DAEMON Tools Lite	DT Soft Ltd	15.01.2011		4.40.1.0127
DC++ 0.782	Jacek Sieka	26.12.2011		0.782
Debugging Tools for Windows (x64)	Microsoft Corporation	15.11.2010	39,8MB	6.12.2.633
Dell Driver Download Manager	Dell Inc	29.11.2011		3.0.0.0
DirectX 9.0c Extra Files (x86, x64)	Sereby Corporation	15.11.2010	209MB	1.10.02.0
DirectX for Managed Code	Sereby Corporation	15.11.2010		1.0.0.0
DiRT 3	Codemasters	25.05.2011		1.0.0000.130
DiRT2	Codemasters	09.12.2010		1.00.0000
Dishonored		23.10.2012		
DivX-Setup	DivX, LLC	05.04.2011		2.4.1.4
Download Navigator	SEIKO EPSON CORPORATION	09.05.2012	717KB	1.1.0
Dropbox	Dropbox, Inc.	29.06.2012		1.4.7
Dual-Core Optimizer	AMD	11.05.2011	86,0KB	1.1.4.0169
ElsterFormular	Landesfinanzdirektion Thüringen	26.03.2012	160MB	13.1.1.8531
EPSON BX635FWD Series Printer Uninstall	SEIKO EPSON Corporation	09.05.2012		
Epson Connect Printer Setup	SEIKO EPSON CORPORATION	09.05.2012	8,27MB	1.0.2
Epson Easy Photo Print 2	SEIKO EPSON CORPORATION	09.05.2012		2.3.0.0
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)	SEIKO EPSON CORPORATION2	09.05.2012		1.00.0000
Epson Event Manager	SEIKO EPSON CORPORATION	09.05.2012	40,5MB	2.50.0001
Epson FAX Utility	SEIKO EPSON CORPORATION	09.05.2012		1.20.00
Epson PC-FAX Driver		09.05.2012		
EPSON Scan	Seiko Epson Corporation	09.05.2012		
EpsonNet Print	SEIKO EPSON CORPORATION	09.05.2012		2.4j
ESN Sonar	ESN Social Software AB	10.02.2012		0.70.0
Evernote v. 4.5.7	Evernote Corp.	24.06.2012	126MB	4.5.7.7146
EXPERTool 7.10	Gainward Co., Ltd	15.11.2010	11,1MB	
FileZilla Client 3.2.7.1		09.08.2011		3.2.7.1
FlatOut2	Ihr Firmenname	23.04.2011	2,87GB	1.00.0000
Futuremark SystemInfo	Futuremark Corporation	17.03.2011		4.0.0.0
Grand Theft Auto IV	Rockstar Games	12.05.2012		1.00.0000
Grand Theft Auto: Episodes From Liberty City	Rockstar Games	28.02.2011		1.1.0.0
HTC BMP USB Driver	HTC	30.12.2011	284KB	1.0.5375
HTC Driver Installer	HTC Corporation	23.06.2012	2,16MB	3.0.0.021
HTC Sync	HTC Corporation	23.06.2012	46,9MB	3.2.20
ICQ7.2	ICQ	01.12.2010		7.2
Incredibar Toolbar  on IE		16.07.2012		
iTunes	Apple Inc.	30.07.2012	182MB	10.6.3.25
Java(TM) 6 Update 20	Sun Microsystems, Inc.	15.11.2010	97,2MB	6.0.200
Java(TM) 6 Update 20 (64-bit)	Sun Microsystems, Inc.	15.11.2010	90,5MB	6.0.200
JDownloader	AppWork UG (haftungsbeschränkt)	14.01.2011		
LightScribe System Software	LightScribe	20.04.2011	22,5MB	1.18.6.1
Logitech Gaming Software 5.08	Logitech	22.06.2011	39,2MB	5.08.146
Logitech Gaming Software 8.20	Logitech Inc.	11.05.2012	76,6MB	8.20.74
Logitech SetPoint 6.20	Logitech	20.03.2011	39,0MB	6.20.64
LOGO!Soft Comfort V7.0 (Demo)	Siemens AG	10.05.2012		7.0.0.0
Malwarebytes Anti-Malware Version 1.65.1.1000	Malwarebytes Corporation	01.11.2012	19,4MB	1.65.1.1000
Max Payne 3	Rockstar Games	25.08.2012		1.0.0.0
Microsoft .NET Framework 1.1	Microsoft	18.01.2011	34,8MB	1.1.4322
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	12.06.2012	38,8MB	4.0.30320
Microsoft .NET Framework 4 Extended	Microsoft Corporation	12.06.2012	51,9MB	4.0.30320
Microsoft Diagnostics and Recovery Toolset 6.5	Microsoft Corporation	15.11.2010	7,10MB	6.05.0000
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	15.05.2011	31,3MB	3.5.88.0
Microsoft Games for Windows Marketplace	Microsoft Corporation	15.05.2011	6,03MB	3.5.50.0
Microsoft Office Enterprise 2007	Microsoft Corporation	25.02.2012		12.0.6612.1000
Microsoft Office File Validation Add-In	Microsoft Corporation	26.06.2012	7,95MB	14.0.5130.5003
Microsoft Office Live Add-in 1.5	Microsoft Corporation	24.06.2012	508KB	2.0.4024.1
Microsoft Silverlight	Microsoft Corporation	18.05.2012	50,6MB	5.1.10411.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	300KB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	15.11.2010	620KB	8.0.61000
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	01.06.2011	790KB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	01.06.2011	598KB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	27.12.2011	910KB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	20.03.2011	251KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	15.11.2010	788KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	16.06.2011	788KB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	07.04.2012	1,69MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	04.04.2011	234KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	16.11.2010	240KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	15.11.2010	596KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	10.09.2011	13,7MB	10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319	Microsoft Corporation	10.09.2011	11,0MB	10.0.30319
Microsoft Visual J# 2.0 Redistributable Package	Microsoft Corporation	15.11.2010		
Mozilla Firefox (3.6.25)	Mozilla	15.01.2012		3.6.25 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	11.01.2011	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	11.01.2011	1,33MB	4.20.9876.0
MSXML 4.0 SP3 Parser	Microsoft Corporation	30.12.2011	1,47MB	4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	11.07.2012	1,53MB	4.30.2114.0
MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	01.01.2012	1,53MB	4.30.2107.0
NEC Electronics USB 3.0 Host Controller Driver	NEC Electronics Corporation	15.11.2010	993KB	1.0.19.0
Nero 10 ClipartPack	Nero AG	20.04.2011	26,5MB	10.2.10000.11.0
Nero 10 Menu TemplatePack 1	Nero AG	20.04.2011	59,7MB	10.2.10000.0.0
Nero 10 Menu TemplatePack 2	Nero AG	20.04.2011	182MB	10.2.10000.0.0
Nero 10 Menu TemplatePack 3	Nero AG	20.04.2011	241MB	10.2.10100.1.0
Nero 10 Movie ThemePack 1	Nero AG	20.04.2011	51,2MB	10.2.10000.11.0
Nero 10 Movie ThemePack 2	Nero AG	20.04.2011	313MB	10.2.10100.1.0
Nero 10 Movie ThemePack 3	Nero AG	20.04.2011	167MB	10.2.10100.1.0
Nero 10 Movie ThemePack 4	Nero AG	20.04.2011	100MB	10.2.10100.1.0
Nero 10 PiP EffectPack 1	Nero AG	20.04.2011	73,9MB	10.2.10000.0.0
Nero 10 Sample ImagePack	Nero AG	20.04.2011	5,85MB	10.2.10000.11.0
Nero 10 Sample Videos	Nero AG	20.04.2011	42,0MB	10.2.10000.11.0
Nero 10 Video TransitionPack 1	Nero AG	20.04.2011	32,6MB	10.2.10000.0.0
Nero BackItUp 10	Nero AG	20.04.2011	109MB	5.6.11000.11.100
Nero Burning ROM 10	Nero AG	20.04.2011	167MB	10.2.11000.12.100
Nero BurnRights 10	Nero AG	20.04.2011	6,14MB	4.2.10300.0.102
Nero CoverDesigner 10	Nero AG	20.04.2011	77,4MB	5.2.10700.7.100
Nero DiscSpeed 10	Nero AG	20.04.2011	7,21MB	6.2.10300.1.100
Nero Express 10	Nero AG	20.04.2011	164MB	10.2.11100.12.100
Nero InfoTool 10	Nero AG	20.04.2011	8,06MB	7.2.10300.5.100
Nero MediaHub 10	Nero AG	20.04.2011	179MB	1.2.12300.27.100
Nero Multimedia Suite 10 Platinum HD	Nero AG	20.04.2011	2,61GB	10.5.10900
Nero Recode 10	Nero AG	20.04.2011	92,2MB	4.8.10400.3.100
Nero RescueAgent 10	Nero AG	20.04.2011	6,53MB	3.2.10600.7.100
Nero SoundTrax 10	Nero AG	20.04.2011	95,0MB	4.8.10200.1.100
Nero StartSmart 10	Nero AG	20.04.2011	142MB	10.2.11100.10.100
Nero Update	Nero AG	20.04.2011	1,43MB	1.0.0018
Nero Vision 10	Nero AG	20.04.2011	223MB	7.2.14700.9.100
Nero WaveEditor 10	Nero AG	20.04.2011	76,4MB	5.8.10400.2.100
Netzwerkhandbuch EPSON BX635FWD Series		09.05.2012		
Nokia Connectivity Cable Driver	Nokia	10.01.2011	3,69MB	7.1.31.0
Notepad++		13.01.2011		5.8.6
NVIDIA 3D Vision Controller-Treiber 280.19	NVIDIA Corporation	01.10.2011		280.19
NVIDIA 3D Vision Treiber 280.26	NVIDIA Corporation	01.10.2011		280.26
NVIDIA Grafiktreiber 280.26	NVIDIA Corporation	01.10.2011		280.26
NVIDIA HD-Audiotreiber 1.2.23.3	NVIDIA Corporation	01.10.2011		1.2.23.3
NVIDIA PhysX-Systemsoftware 9.10.0514	NVIDIA Corporation	14.04.2011		9.10.0514
NVIDIA Update 1.4.28	NVIDIA Corporation	01.10.2011		1.4.28
OpenVPN 2.2.1		12.11.2011		2.2.1
Opera 12.02	Opera Software ASA	02.09.2012		12.02.1578
Origin	Electronic Arts, Inc.	12.11.2011		8.3.7.3619
PC Connectivity Solution	Nokia	10.01.2011	19,7MB	10.42.0.0
PDF24 Creator 2.9.1	PDF24.org	04.02.2011	33,8MB	
Photoshop Camera Raw_x64		15.11.2010		
PokerStars.net	PokerStars.net	10.02.2012		
Postal.3 version 1.0		02.09.2012		1.0
PunkBuster Services	Even Balance, Inc.	01.10.2011		0.991
QIP 2012 4.0.7221		26.08.2012		4.0.7221
QIP Infium 9040 Jeak-Edition	jeak.de	15.11.2010	21,2MB	2.0.9040
QIP Internet Guardian		26.08.2012	683KB	
QuickTime	Apple Inc.	28.04.2012	73,2MB	7.71.80.42
Realtek Ethernet Controller Driver For Windows 7	Realtek	15.11.2010		7.17.304.2010
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	15.11.2010		6.0.1.6167
ROCCAT Kone[+] Mouse Driver	Roccat GmbH	21.04.2011	13,0MB	
RocketDock 1.3.5	Punk Software	01.08.2011		
Rockstar Games Social Club	Rockstar Games	25.08.2012		1.0.9.5
Samsung Kies	Samsung Electronics Co., Ltd.	12.06.2012	209MB	2.3.2.12054_18
Samsung Mobile phone USB driver Drive Software		05.06.2011		
Samsung PC Studio 3 USB Driver Installer	Samsung Electronics Co., Ltd.	07.06.2011		3.2.0.70701
SAMSUNG USB Driver for Mobile Phones	SAMSUNG Electronics Co., Ltd.	12.06.2012	42,9MB	1.5.5.0
Skype™ 5.10	Skype Technologies S.A.	15.08.2012	19,4MB	5.10.116
Sleeping Dogs		06.09.2012		
Steam	Valve Corporation	04.12.2010	34,3MB	1.0.0.0
Steamless Left4Dead2 Pack	Steamless	10.01.2011		1.0
Team Fortress 2	Valve	02.07.2011		
TeamSpeak 2 RC2	Dominating Bytes Design	22.04.2011		2.0.32.60
TeamSpeak 3 Client	TeamSpeak Systems GmbH	22.04.2011		
TeamViewer 6	TeamViewer GmbH	13.11.2011		6.0.11656
TeamViewer 7	TeamViewer	22.10.2012		7.0.14563
The Elder Scrolls V: Skyrim	RAF	15.04.2012		1.1.21.0
The Sims 3 Ultimate Bundle	Electronic Arts	18.08.2011		1.0
Tunngle beta	Tunngle.net GmbH	25.02.2011		
Ubisoft Game Launcher	UBISOFT	21.08.2011		1.0.0.0
UxStyle Core Beta	The Within Network, LLC	15.11.2010	38,0KB	0.2.1.1
VLC media player 2.0.0	VideoLAN	21.02.2012		2.0.0
Web Assistant 2.0.0.485	IncrediBar	14.09.2012	2,04MB	2.0.0.485
Web Optimizer		27.09.2012		2.0.0.2
Windows Live ID Sign-in Assistant	Microsoft Corporation	15.05.2011	10,0MB	6.500.3165.0
Windows Media Player Firefox Plugin	Microsoft Corp	01.02.2011	296KB	1.0.0.8
Windows XP Mode	Microsoft Corporation	15.11.2010	1,13GB	1.3.7600.16422
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)	Nokia	10.01.2011		08/22/2008 7.0.0.0
WinRAR		15.11.2010		
XFastUsb		08.02.2011

Ich hoff mal ihr könnt mir helfen =) danke schonmal =)

kira · 03.11.2012, 22:10

Das Installieren von "nicht legal erworbene Software" ist eine ziemlich sichere Methode, ein Rechner zu infizieren:

Zitat:

C:\Users\Tim\Desktop\Key\Key-Generator\keygen.exe (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Games\DiRT 3\paul.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Einen durch Keygen [Key Generator/Keymaker] verseuchten PC und eventuell gespeicherte externe Daten auf SB Sticks, ext.Platte etc,, sollte formatiert und neu aufgesetzt werden, weil ja durch gecrackte oder mit Viren verseuchte Software wie auch immer, ein Angreifer erfolgreich in dein System eingedrungen ist:-> *Technische Kompromittierung*
Denn die angebotenen Programme und Dateien enthalten jede erdenkliche Art von Malware/Schadprogramm wie z.B. Backdoors, Rootkits etc, die dann den PC unter Kontrolle nehmen und die Administratorrolle übernehmen können
Weil dieses `selbstzerrstörerischem Verhalten `illegal` ist bzw verstößt gegen das Gesetz, Weil dieses `selbstzerrstörerischem Verhalten `illegal` ist bzw verstößt gegen das Gesetz, Hilfe unsererseits ist gar nicht möglich. Aus diesem Grund sehen wir uns gezwungen den Thread zu schließen:-> Ich möchte dich darauf hinweisen, dass wir bei Verwendung von Keygens & Cracks keine Beihilfe leisten wollen! :-> Forumregel:- Cracks, Keygens und andere illegale Software
Also Du kannst Dir viel Ärger und unnötige Zeitverschwendung ersparen, indem du dein System und auch die externe potenziell verseuchte Platte, USB-Stick etc formatiers und Windows (ohne Cracks & Keygens) neu installierst! Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...

Zitat:

Sinn & Zweck der Sache - Viren Trojaner Würmer:
Ein Wurm, der fast als "guter Wurm" bezeichnet werden kann, zieht durch
das Netz und verbeitet sich über die File-Sharing Netzwerke BearShare, KaZaA
eMule & Co
Der Wurm besitzt unzählige verschiedene Namen bekannter Cracks oder
Keygeneratoren zur illegalen Benutzung von kommerzieller Software. Wer gezielt
nach solchen Dateien sucht, könnte also durchaus auch auf eine Wurmkopie
treffen.

Bei Windowsstart --> Website nicht gefunden

Log-Analyse und Auswertung: Bei Windowsstart --> Website nicht gefunden