Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.06.2013, 19:17   #16
markusg
/// Malware-holic
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



Die Sprengung deines PC's habe ich mir für den Schluss aufgehoben :-)
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.06.2013, 21:58   #17
Timm638
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



Hier ist der Log
Zitat:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16614
Timm :: TIMMS-LAPTOP [Administrator]

15.06.2013 19:23:21
mbam-log-2013-06-15 (19-23-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 634460
Laufzeit: 2 Stunde(n), 14 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Infinity Chest Installer.exe (Backdoor.MSIL.P) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles von Timm638.zip (Trojan.Zbot.FV) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Der eine ist von MovedFile von OTL
Das andere wahrscheinlich ein Mod für ein Spiel
__________________


Alt 16.06.2013, 19:54   #18
markusg
/// Malware-holic
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
__________________

Alt 17.06.2013, 11:49   #19
Timm638
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



Achtung, schau dir mal genau an welche unbekannten oder unnötigen für meine HP Laptop wichtig sind!

Zitat:
Zoo-Tierarzt 2 Legacy Games 15.07.2012 1.0.0.0 unnötig
WorldPainter 1.2.0 pepsoft.org 02.02.2013 1.2.0 unnötig
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 14.10.2011 5,57MB 15.4.5722.2 notwendig
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 14.10.2011 5,57MB 15.4.5722.2 notwendig
Windows Live Essentials Microsoft Corporation 14.10.2011 15.4.3538.0513 notwendig
Virtual City 10.08.2012 notwendig
Universe Sandbox 29.03.2013 notwendig
Unity Web Player Unity Technologies ApS 12.12.2012 12,0MB notwendig
Traffic Simulator Configuration Tool 26.10.2012 notwendig
The Movies(TM) Activision 15.07.2012 1,93GB 1.0 notwendig
The Binding of Isaac 23.04.2013 notwendig
Terraria Game Launcher version 3.0 Eikester 26.05.2013 903KB 3.0 notwendig
Terraria Game Launcher GUI version 1.2.2 17.05.2012 2,00MB 1.2.2 notwendig
Terraria 30.04.2012 notwendig
TEdit 3 BinaryConstruct 14.12.2012 840KB 1.0.0.0 Unnötig
TeamSpeak 3 Client TeamSpeak Systems GmbH 30.03.2013 3.0.10 notwendig
Team Fortress 2 Valve 03.02.2013 notwendig
tConfig version 0.30.4a Surfpup 26.05.2013 6,91MB 0.30.4a notwendig
Tasty Planet Back for Seconds Dingo Games 06.08.2012 1.1.0.0 unnötig
Synthesia Synthesia LLC 16.01.2013 8,65MB 8.4 notwendig
Synaptics Pointing Device Driver Synaptics Incorporated 25.12.2011 46,4MB 15.3.11.0 ???,unbekannt, von System?
Stronghold Legends Firefly Studios 15.06.2012 1.20.0000 notwendig
Stronghold Kingdoms Firefly Studios 14.06.2012 191MB Stronghold Kingdoms (Installationsprogramm v1.17) notwendig
Stronghold Crusader Extreme Firefly Studios 01.07.2012 1.20.0000 notwendig
Stronghold 2 Firefly Studios 15.06.2012 1.40.1000 notwendig
Stronghold Firefly Studios 15.06.2012 1.20.0000 notwendig
Stencyl Stencyl, LLC 09.06.2012 1.1.1 notwendig
Steam Valve Corporation 30.04.2012 35,4MB 1.0.0.0 notwendig
SpyroPortalDriver FS 18.01.2013 2,67MB 1.0.0 unnötig
SpyroDriver Ihr Firmenname 18.01.2013 228KB 1.09.0000 unnötig
SPORE™ Electronic Arts 03.05.2012 1.05.0001 notwendig
Source SDK Base 2007 Valve 13.01.2013 notwendig
Skype™ 6.3 Skype Technologies S.A. 14.05.2013 21,1MB 6.3.105 notwendig
Skype Click to Call Skype Technologies S.A. 30.10.2012 40,7MB 6.3.11079 notwendig
SimCity 4 Deluxe 05.10.2012 notwendig
Sid Meier's Civilization V SDK Firaxis Games 20.07.2012 notwendig
Sid Meier's Civilization V 2K Games, Inc. 13.01.2013 notwendig
SearchAnonymizer 22.03.2013 1.0.1 (de) unbekannt
RPGXP Enterbrain 21.11.2012 4,11MB 1.0.0 unnötig
ROBLOX Player ROBLOX Corporation 16.06.2013 notwendig
RGSS-RTP Standard Enterbrain 21.11.2012 22,4MB 1.0.0 unnötig
ReMouse Standard AutomaticSolution Software 05.10.2012 1,97MB Standard V3.4.1 unbekannt
REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 25.12.2011 1.00.11.0706 unebekannt
Realtek PCIE Card Reader Realtek Semiconductor Corp. 25.12.2011 6.1.7601.83 unbekannt
Realtek Ethernet Controller Driver Realtek 25.12.2011 7.40.126.2011 unbekannt
Raptr 09.05.2012 notwendig
QuickTime Apple Inc. 02.03.2013 73,1MB 7.73.80.64 notwendig
Project64 1.6 Project64 03.10.2012 3,46MB 1.6 notwendig
Pokemon Online 2.0.06 Dreambelievers 28.10.2012 69,2MB unnötig
Pflanzen gegen Zombies PopCap Games 13.04.2013 notwendig
Pen and Paper 4.3 17.05.2013 unnötog
Paint.NET v3.5.10 dotPDN LLC 10.06.2012 10,6MB 3.60.0 notwendig
Osmos Hemisphere Games 27.03.2013 notwendig
OpenAL 27.03.2013 notwendig
Online Games Manager v1.20 Real Networks, Inc. 15.03.2013 1.20.13 unbekannt
Omnitool Version 14 Fabian Dill 23.07.2012 17,1MB 14 notwendig
Notepad++ 11.05.2012 6.1.2 notwendig
Network Addon Mod Version 30 mit Essentials r132 Das NAM Team 26.10.2012 Version 30 mit Essentials r132 notwendig
Need for Speed™ Most Wanted 18.08.2012 notwendig
Mozilla Thunderbird 15.0 (x86 de) Mozilla 07.09.2012 39,5MB 15.0 notwendig
Minecraft Texturepack Editor 01.06.2012 unnötig
Minecraft Note Block Studio version 3.1.3 David Norgren 31.01.2013 9,24MB 3.1.3 notwendig
Minecraft Mojang AB 22.09.2012 1,17MB 12.2 notwendig
Microsoft XNA Game Studio Platform Tools Microsoft Corporation 16.01.2013 14,1MB 1.3.0.0 notwendig
Microsoft XNA Game Studio 4.0 Microsoft Corporation 16.01.2013 4.0.20823.0 notwendig
Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 30.04.2012 8,03MB 4.0.20823.0 notwendig
Microsoft XNA Framework Redistributable 3.1 Microsoft Corporation 16.09.2012 7,48MB 3.1.10527.0 notwendig
Microsoft WSE 3.0 Runtime Microsoft Corp. 01.05.2012 942KB 3.0.5305.0
Microsoft Visual Studio 2010 Shell (Isolated) - DEU Microsoft Corporation 12.08.2012 553MB 10.0.30319 Von hier...
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 Microsoft Corporation 11.08.2012 15,6MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 09.04.2013 12,2MB 10.0.40219
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 09.04.2013 13,8MB 10.0.40219
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 01.05.2012 600KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 25.12.2011 592KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 09.05.2012 238KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 14.06.2012 1,41MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 01.05.2012 788KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 25.12.2011 784KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 14.10.2011 788KB 9.0.30729
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 01.05.2012 300KB 8.0.61001
Microsoft SQL Server System CLR Types Microsoft Corporation 11.08.2012 2,54MB 10.50.1447.4
Microsoft SQL Server 2008 R2 Management Objects Microsoft Corporation 11.08.2012 17,2MB 10.50.1447.4
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 14.10.2011 1,69MB 3.1.0000
Microsoft Silverlight Microsoft Corporation 13.03.2013 50,6MB 5.1.20125.0 BIS HIER NOTWENDIG!
Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 01.05.2012 14.0.5139.5005 unnötig
Microsoft Office Klick-und-Los 2010 Microsoft Corporation 01.05.2012 14.0.4763.1000 unnötig
Microsoft Office 2010 Microsoft Corporation 14.10.2011 6,31MB 14.0.4763.1000 unnötig
Microsoft IntelliPoint 8.2 Microsoft Corporation 08.06.2012 8.20.468.0 notwendig
Microsoft Help Viewer 1.0 Language Pack - DEU Microsoft Corporation 11.08.2012 1,95MB 1.0.30319 notwendig
Microsoft Help Viewer 1.0 Microsoft Corporation 11.08.2012 3,97MB 1.0.30319 notwendig
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 16.01.2013 32,3MB 3.2.3.0 notwendig
Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 11.08.2012 83,4MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Extended Microsoft Corporation 25.12.2011 51,9MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.12.2011 38,8MB 4.0.30319 notwendig
Manic Digger 27.10.2012 8,94MB notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 15.06.2013 19,2MB 1.75.0.1300 notwendig
Magic Desktop EasyBits Software AS 25.12.2011 107MB 3.0 unnötig
LogMeIn Hamachi LogMeIn, Inc. 23.05.2013 2.1.0.362 notwendig
Liquid War 5.6.4 12.10.2012 unnötig
LEGO® Star Wars™: Die Komplette Saga LucasArts 09.05.2012 5,26GB 1.00.0000 unnötig
LEGO Digital Designer LEGO A/S 10.05.2012 notwendig
King Arthur's Gold THD 28.07.2012 34,5MB 0.95.428.0 notwendig
Java(TM) 7 Update 4 (64-bit) Oracle 28.05.2012 95,0MB 7.0.40 notwendig
Java(TM) 6 Update 33 Oracle 29.05.2013 97,8MB 6.0.330 notwendig
Inkscape 0.48.3.1 18.05.2012 0.48.3.1 unnötig
Impulse Stardock 05.05.2012 notwendig
IDT Audio IDT 25.12.2011 1.0.6341.0 unbekannt
HP Support Assistant Hewlett-Packard Company 13.02.2013 91,6MB 7.0.39.15 notwendig
HP Software Framework Hewlett-Packard Company 19.02.2013 8,06MB 4.6.10.1 notwendig
HP Setup Manager Hewlett-Packard Company 25.12.2011 8,69MB 1.2.14901.3869 notwendig
HP Setup Hewlett-Packard Company 14.10.2011 50,3MB 9.0.15076.3891 notwendig
HP Security Assistant Hewlett-Packard 14.10.2011 2,66MB 1.0.12 notwendig
HP QuickWeb Hewlett-Packard Company 25.12.2011 3,35MB 3.1.1.10197 notwendig
HP Quick Launch Hewlett-Packard Company 04.06.2013 6,10MB 2.7.2 notwendig
HP Power Manager Hewlett-Packard Company 04.06.2013 3,67MB 1.4.7 notwendig
HP On Screen Display Hewlett-Packard Company 14.10.2011 1,48MB 1.3.5 notwendig
HP Launch Box Hewlett-Packard Company 14.10.2011 3,17MB 1.0.12 notwendig
HP Games WildTangent 14.10.2011 1.0.2.5 notwendig
HP Documentation Hewlett-Packard 14.10.2011 316MB 1.1.0.0 notwendig
Google Earth Google 11.05.2012 107MB 6.2.2.6613 unnötig
Google Chrome Google Inc. 27.05.2012 27.0.1453.110 notwendig
gmax Discreet 16.10.2012 40,3MB 4.4.0.125 unbekannt
Galactic Civilizations II - Ultimate Edition Kalypso Media 05.05.2012 notwendig
FTL: Faster Than Light 04.04.2013 notwendig
Freemake Audio Converter Version 1.1.0 Ellora Assets Corporation 17.03.2013 42,1MB 1.1.0 notwendig
Freeciv 2.3.2 (GTK+ client) 15.07.2012 unnötig
Free WMA to MP3 Converter 1.16 Jodix Technologies Ltd. 09.06.2012 notwendig
Free Video to Flash Converter version 5.0.17.903 DVDVideoSoft Ltd. 08.09.2012 110MB 5.0.17.903 notwendig
Free Audio CD to MP3 Converter version 1.3.12.1228 DVDVideoSoft Ltd. 14.05.2012 69,1MB 1.3.12.1228 notwendig
Fraps (remove only) 15.09.2012 notwendig
FoxyDeal version 1.0.0 R&E Media GmbH 22.03.2013 1,35MB 1.0.0 unnötig, unbekannt
FileZilla Client 3.5.3 FileZilla Project 26.07.2012 16,5MB 3.5.3 notwendig
Evernote v. 4.2.3 Evernote Corp. 14.10.2011 139MB 4.2.3.22 unnötig
Europa Universalis III 10.05.2012 notwendig
EA Download Manager Electronic Arts, Inc. 01.05.2012 5.0.0.255 notwendig
Dota 2 Valve 06.05.2013 notwendig
Die Sims™ Inselgeschichten Electronic Arts 21.11.2012 notwendig
Die Sims™ 3 Reiseabenteuer Electronic Arts 05.08.2012 2.17.2 notwendig
Die Sims™ 3 Electronic Arts 02.05.2013 1.50.56 notwendig
Die Siedler IV 18.11.2012 notwendig
Desktop Icon für Amazon 22.03.2013 1.0.1 (de) unnötig
Delta toolbar Delta 22.03.2013 1.8.10.0 unnötig
Delta Chrome Toolbar Visual Tools 22.03.2013 unnötig
CyberLink YouCam CyberLink Corp. 25.12.2011 217MB 3.5.0.4528 unnötig
Cisco PEAP Module Cisco Systems, Inc. 25.12.2011 1,23MB 1.1.6 unbekannt
Cisco LEAP Module Cisco Systems, Inc. 25.12.2011 644KB 1.0.19 unbekannt
Cisco EAP-FAST Module Cisco Systems, Inc. 25.12.2011 1,55MB 2.2.14 unbekannt
Cheat Engine 6.2 Dark Byte 06.07.2012 27,5MB unnötig
CCleaner Piriform 23.01.2013 3.27 notwendig
Buildaria 1.8.4 Patrick Weaver 18.05.2012 1.8.4 notwendig
BrowserProtect 04.06.2013 unbekannt
BrickForce 1.9.87 Infernum Productions AG 03.07.2012 1.9.87 notwendig
BitTorrent BitTorrent Inc. 02.08.2012 7.7.0 notwendig
Bing Bar Microsoft Corporation 15.09.2012 464KB 7.1.391.0 unnötig
Avira Free Antivirus Avira 02.05.2013 137MB 13.0.0.3640 notwendig
Audacity 2.0 Audacity Team 20.08.2012 42,8MB notwendig
Apple Software Update Apple Inc. 02.03.2013 2,38MB 2.1.3.127 notwendig
Apple Application Support Apple Inc. 02.03.2013 65,0MB 2.3 notwendig
Anvil Studio 2012 Willow Software 05.02.2013 6,49MB 13.02.01 unnötig
Anno1503zone Minigame v1.05 29.04.2013 unnötig
Anno 1701 - Der Fluch des Drachen Sunflowers 23.11.2012 2.03 notwendig
Anno 1701 Sunflowers 23.11.2012 1.04 notwendig
ANNO 1503 GOLD 11.06.2012 1.05.00 unnötig
AMD System Monitor Advanced Micro Devices, Inc. 25.12.2011 1,48MB 1.0.9 notwendig
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 25.12.2011 22,7MB 3.0.847.0 notwendig
Age of Castles 24.04.2013 notwendig
Adobe Shockwave Player 12.0 Adobe Systems, Inc. 03.06.2013 12.0.2.122 notwendig
Adobe Reader X (10.1.7) MUI Adobe Systems Incorporated 17.05.2013 481MB 10.1.7 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.06.2013 6,00MB 11.7.700.224 notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.06.2013 6,00MB 11.7.700.224 notwendig
Adobe AIR Adobe Systems Incorporated 25.03.2013 3.6.0.6090 notwendig
7-Zip 9.20 26.05.2013 notwendig

Alt 17.06.2013, 14:42   #20
markusg
/// Malware-holic
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



deinstaliere:
Zoo
WorldPainter
TEdit
Tasty
Spyro: beide
SearchAnonymizer
RPGXP
RGSS
Pokemon
Online Games
Magic Desktop
Liquid
Java: beide
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Inkscape
Google Earth
Freeciv
Evernote
Desktop Icon
Delta : beide
CyberLink
Cheat Engine
BrowserProtect
Bing
Anvil
Anno1503zone
ANNO 1503
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

Öffne CCleaener, analysieren, starten, pc neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2013, 15:31   #21
Timm638
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



Also ich werde denn Fortschritt hier posten!
Und ich werde es nicht alles hintereinander machen, sondern so in "Stücken" machen und ich werde nun einige Sachen drinlassen!
Bis jetzt hab ich deinstalliert bis zu Liquid,Java 6 32-Bit wird NICHT vom PC oder Browser verwendet, wenn dann nur für Minecraft Classic und Java 64-Bit habe ich erneuert.
Ich werde später weitermachen!

Alt 17.06.2013, 15:33   #22
markusg
/// Malware-holic
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



trotzdem muss java auf dem aktuellem stand bzw deinstaliert werden, solange nicht alles mit updates versorgt und wir fertig sind, nur auf den von mir genannten seiten surfen, also hier im forum und auf den für die aktualisierung nötigen, um eine neu infektion zu vermeiden. zwischenposts weg lassen, einfach schnellstmöglich durcharbeiten dann melden
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2013, 16:31   #23
Timm638
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



Ok, fertig

Programme die ich nicht deinstalliert habe sind Anno 1503 und Cheat Engine

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 17/06/2013 um 16:18:52 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Timm - TIMMS-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Timm\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Bugla\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Timm\AppData\Local\APN
Ordner Gelöscht : C:\Users\Timm\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Timm\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Timm\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Timm\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Timm\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\SysWOW64\BrowserProtect

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\9558f8ab435ba15
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\foxydeal_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\foxydeal_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\32299b1241ce153602d531040bd52cd4
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6821187bc24c9cc3a2fdd21f705822f3
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\9558f8ab435ba15
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aiennapmieppnpfhhogglccgepbdajan
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119828&babsrc=HP_ss&mntrId=BCAC20107A25638E --> hxxp://www.google.com

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.3186] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119828&babsrc=HP_ss&mntrId[...]

*************************

AdwCleaner[S1].txt - [15260 octets] - [17/06/2013 16:18:52]

########## EOF - C:\AdwCleaner[S1].txt - [15321 octets] ##########
         
--- --- ---

Alt 18.06.2013, 16:18   #24
markusg
/// Malware-holic
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



Hi,
HitmanPro - Download - Filepony
Hitmanpro laden, doppelklicken, scan klicken.
Nichts löschen, weiter klicken.
Log speichern und posten, bzw als XML exportieren, packen und anhängen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.06.2013, 19:46   #25
Timm638
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



Ok, hab durchsuchen lassen, 1 Trojaner wurde Gefunden, im Cheat Engine Folder und sonst angeblich einige MAlware, die eigentlich meine Installer für einige Terraria Mods!
Sonst sind einige Pokemon Essential, ein Kit für Pokemon Games machen, .dll's verdächtig!
Hab nur Tracking Cookies löschen lassen, sonst alles ignoriert!

Zitat:
Code:
ATTFilter
HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : TIMMS-LAPTOP
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Timms-Laptop\Timm
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-06-18 19:33:59
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 2s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 58
   Traces  . . . . . . . : 3061

   Objects scanned . . . : 2.022.945
   Files scanned . . . . : 95.805
   Remnants scanned  . . : 829.641 files / 1.097.499 keys

Malware _____________________________________________________________________

   C:\Users\Timm\Desktop\Ordner\Cheategine\Cheat Engine 6.2\xmplayer.exe
      Size . . . . . . . : 188.928 bytes
      Age  . . . . . . . : 347.0 days (2012-07-06 18:51:06)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 4A7D1838CAB46EB5632A3E3EEDC5F5C4BE5535F1DB6B2E2C0CE1831F7302AC8D
    > Ikarus . . . . . . : Trojan.Win32.Spy!IK
      Fuzzy  . . . . . . : 106.0

   C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Life and Mana Crystal Installer.exe
      Size . . . . . . . : 10.240 bytes
      Age  . . . . . . . : 101.0 days (2013-03-09 18:41:28)
      Entropy  . . . . . : 3.8
      SHA-256  . . . . . : 28A148B11FD5BC0A35BF6311768E00A1CBDDABDD59AF14A5A4B28262CE1E3BCF
      Description  . . . :  
      Version  . . . . . : 0.0.0.0
      Copyright  . . . . :  
    > Ikarus . . . . . . : Win32.SuspectCrc!IK
      Fuzzy  . . . . . . : 106.0

   C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons Installer.exe
      Size . . . . . . . : 110.592 bytes
      Age  . . . . . . . : 23.1 days (2013-05-26 16:35:07)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 00362933ED3134878970F7191210BD11934A125865001FEF7B39C5687AE31FB0
      Description  . . . :  
      Version  . . . . . : 0.0.0.0
      Copyright  . . . . :  
    > Ikarus . . . . . . : Win32.SuspectCrc!IK
      Fuzzy  . . . . . . : 114.0
      Forensic Cluster
         -12.2s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons\Config.ini
         -12.2s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons\Config.ini
         -5.4s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons\Omnirs Weapons.dll
         -5.4s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons\Omnirs Weapons.dll
         -1.8s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons.obj
         -1.8s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons.obj
          0.0s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons Installer.exe
          0.0s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons Installer.exe

   C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Timms Warning Mod Installer.exe
      Size . . . . . . . : 8.704 bytes
      Age  . . . . . . . : 115.9 days (2013-02-22 21:13:05)
      Entropy  . . . . . : 4.9
      SHA-256  . . . . . : 1BE84E542718D8DD025F7B3B8FA8DED9BB5148E1CBF589EFA20C0592F89AC38B
      Description  . . . :  
      Version  . . . . . : 0.0.0.0
      Copyright  . . . . :  
    > Ikarus . . . . . . : Win32.SuspectCrc!IK
      Fuzzy  . . . . . . : 106.0

   C:\Users\Timm\Documents\My Games\Terraria\ModPacks\YYY HaMLR Installer.exe
      Size . . . . . . . : 32.768 bytes
      Age  . . . . . . . : 270.9 days (2012-09-20 20:51:02)
      Entropy  . . . . . : 7.0
      SHA-256  . . . . . : B19A35682C6FEA66965A52457D8C5C269FF446DE3323BADA57C372A65208371B
      Description  . . . :  
      Version  . . . . . : 0.0.0.0
      Copyright  . . . . :  
    > Ikarus . . . . . . : Win32.SuspectCrc!IK
      Fuzzy  . . . . . . : 106.0


Suspicious files ____________________________________________________________

   C:\Users\Timm\Desktop\Sonstiges\RPGMAKER\Pokémon Essentials v10 2012-10-22\gif.dll
      Size . . . . . . . : 32.768 bytes
      Age  . . . . . . . : 209.2 days (2012-11-21 14:43:15)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : C388F705424AC6EFE60F9BBA0D6F83F0D9A7F4D8E37513BB51587D3721F25221
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Timm\Desktop\Sonstiges\RPGMAKER\Pokémon Essentials v10 2012-10-22\rubyscreen.dll
      Size . . . . . . . : 28.160 bytes
      Age  . . . . . . . : 209.2 days (2012-11-21 14:43:15)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 777055E7400B49941CC083F86343C8BB5C8C067021B32435809E87E4BEBE3807
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Timm\Documents\RPGXP\Pokémon Essentials v8 2012-07-10\gif.dll
      Size . . . . . . . : 32.768 bytes
      Age  . . . . . . . : 326.1 days (2012-07-27 17:43:29)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : C388F705424AC6EFE60F9BBA0D6F83F0D9A7F4D8E37513BB51587D3721F25221
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Timm\Documents\RPGXP\Pokémon Essentials v8 2012-07-10\rubyscreen.dll
      Size . . . . . . . : 28.160 bytes
      Age  . . . . . . . : 326.1 days (2012-07-27 17:43:29)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 777055E7400B49941CC083F86343C8BB5C8C067021B32435809E87E4BEBE3807
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\bprotector_extensions.sqlite (Claro)
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\bprotector_prefs.js (Claro)
   HKU\S-1-5-21-2434292891-1991117707-1313040686-1002\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)

Cookies _____________________________________________________________________

   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:2o7.net
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:ad.360yield.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:ad.ad-srv.net
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:ad.adition.net
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:ad.adnet.de
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:ad.adserver01.de
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:ad.dyntracker.de
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:ad.movad.net
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:ad.zanox.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:adbrite.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:ads.idfnet.net
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:ads.p161.net
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:adtech.de
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:advertising.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:apmebf.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:at.atwola.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:atdmt.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:autoscout24.112.2o7.net
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:casalemedia.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:collective-media.net
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:counter.hitslink.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:doubleclick.net
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:eas.apm.emediate.eu
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:interclick.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:invitemedia.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:media6degrees.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:mediaplex.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:questionmarket.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:revsci.net
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:ru4.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:serving-sys.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:smartadserver.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:specificclick.net
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:stat.4u.pl
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:track.adform.net
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:tradedoubler.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:tribalfusion.com
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:www.etracker.de
   C:\Users\Bugla\AppData\Roaming\Mozilla\Firefox\Profiles\yi5yw7u6.default\cookies.sqlite:www.googleadservices.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.12mnkys.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adnet.de
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adserver01.de
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.de
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.movad.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.escinteractive.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.glispa.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.idfnet.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.jinkads.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.oomz.de
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yooco.de
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtech.de
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.directcorp.de
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.nintendo-online.de
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:adservr.de
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:aka-cdn-ns.adtech.de
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:autoscout24.112.2o7.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:bid.g.doubleclick.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:bua.bid.invitemedia.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:deutschepostag.112.2o7.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:eaeacom.112.2o7.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas4.emediate.eu
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.dealtime.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:superrtl.122.2o7.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.effiliation.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:webetico2.solution.weborama.fr
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\06P29V8E.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\2SYTZNMN.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\2UIIF9B4.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\4245CIK8.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\4TV6MSHI.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\63OOG9TD.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\6H0CCV1V.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\6NGXHU0D.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\70M2E7RQ.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\7PFZ1EJJ.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\A86MLYF3.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\E449VCIY.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\ED7QI91I.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\EYMPBOVD.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\F3VNI8W2.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\FEYB847U.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\HVOOKZT2.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\I8J6JBYE.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\JFYX3COO.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\LROJ4UIW.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\M86ELRBL.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\MBFGO9IP.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\MXW4XI95.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\NBY5MSK9.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\NHQV2BFI.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\RGN9MXUB.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\RM6P2TUH.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\RU71UMCF.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\SN10GJ2D.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\V7TM86QT.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\W2O2QFRG.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\XD7G55ZG.txt
   C:\Users\Timm\AppData\Roaming\Microsoft\Windows\Cookies\ZT5JPNML.txt
         

Alt 18.06.2013, 20:56   #26
markusg
/// Malware-holic
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



Diese kategorie noch löschen lassen:
Potential Unwanted Programs _________________________________________________
dann neustarten, neues otl log bitte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.06.2013, 14:58   #27
Timm638
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



Viel Spaß :P

Code:
ATTFilter
OTL logfile created on: 19.06.2013 14:42:51 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timm\Desktop\Logs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,48 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 61,68% Memory free
6,95 Gb Paging File | 5,37 Gb Available in Paging File | 77,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441,12 Gb Total Space | 282,18 Gb Free Space | 63,97% Space Free | Partition Type: NTFS
Drive D: | 20,48 Gb Total Space | 2,19 Gb Free Space | 10,69% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,23% Space Free | Partition Type: FAT32
 
Computer Name: TIMMS-LAPTOP | User Name: Timm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.14 18:18:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timm\Desktop\Logs\OTL.exe
PRC - [2013.05.15 12:08:46 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.02 11:21:35 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.22 19:54:16 | 000,046,144 | ---- | M] (Raptr, Inc) -- C:\PROGRA~2\Raptr\raptr_im.exe
PRC - [2013.03.22 19:54:14 | 000,064,576 | ---- | M] (Raptr, Inc) -- C:\PROGRA~2\Raptr\raptr.exe
PRC - [2013.03.21 14:26:44 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.21 14:25:17 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.28 12:40:08 | 000,101,376 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.06 11:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012.03.05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011.10.08 04:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.10 14:28:10 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.10.27 09:53:18 | 002,717,595 | ---- | M] () -- C:\PROGRA~2\Raptr\heliotrope._purple.pyd
MOD - [2012.06.22 23:59:52 | 000,313,856 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtWebKit.pyd
MOD - [2012.06.22 23:55:58 | 000,494,592 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtNetwork.pyd
MOD - [2012.06.22 23:53:22 | 005,812,736 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtGui.pyd
MOD - [2012.06.22 23:39:06 | 001,662,464 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtCore.pyd
MOD - [2012.06.22 23:24:28 | 000,067,584 | ---- | M] () -- C:\PROGRA~2\Raptr\sip.pyd
MOD - [2012.02.06 22:28:48 | 000,011,264 | ---- | M] () -- C:\PROGRA~2\Raptr\Crypto.Util._counter.pyd
MOD - [2012.02.06 22:28:42 | 000,031,744 | ---- | M] () -- C:\PROGRA~2\Raptr\Crypto.Cipher.AES.pyd
MOD - [2012.02.06 22:28:34 | 000,010,752 | ---- | M] () -- C:\PROGRA~2\Raptr\Crypto.Random.OSRNG.winrandom.pyd
MOD - [2011.09.09 01:47:40 | 001,183,699 | ---- | M] () -- C:\PROGRA~2\Raptr\liboscar.dll
MOD - [2011.09.09 01:47:36 | 001,640,221 | ---- | M] () -- C:\PROGRA~2\Raptr\libjabber.dll
MOD - [2011.09.09 01:47:32 | 001,052,194 | ---- | M] () -- C:\PROGRA~2\Raptr\libymsg.dll
MOD - [2011.09.09 01:47:22 | 000,495,680 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libaim.dll
MOD - [2011.09.09 01:47:22 | 000,483,306 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libicq.dll
MOD - [2011.09.09 01:47:16 | 000,655,356 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libirc.dll
MOD - [2011.09.09 01:47:16 | 000,603,326 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\ssl-nss.dll
MOD - [2011.09.09 01:47:14 | 000,497,782 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libyahoojp.dll
MOD - [2011.09.09 01:47:14 | 000,474,199 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\ssl.dll
MOD - [2011.09.09 01:47:10 | 001,306,387 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libmsn.dll
MOD - [2011.09.09 01:47:04 | 000,565,461 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libxmpp.dll
MOD - [2011.09.09 01:46:56 | 000,506,276 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libyahoo.dll
MOD - [2011.05.10 21:01:42 | 000,030,208 | ---- | M] () -- C:\PROGRA~2\Raptr\simplejson._speedups.pyd
MOD - [2011.02.15 20:17:28 | 001,213,633 | ---- | M] () -- C:\PROGRA~2\Raptr\libxml2-2.dll
MOD - [2011.02.15 20:17:28 | 000,417,501 | ---- | M] () -- C:\PROGRA~2\Raptr\sqlite3.dll
MOD - [2010.11.23 01:06:22 | 000,055,808 | ---- | M] () -- C:\PROGRA~2\Raptr\zlib1.dll
MOD - [2010.11.23 00:57:34 | 000,167,936 | ---- | M] () -- C:\PROGRA~2\Raptr\win32gui.pyd
MOD - [2010.11.23 00:57:34 | 000,111,104 | ---- | M] () -- C:\PROGRA~2\Raptr\win32file.pyd
MOD - [2010.11.23 00:57:34 | 000,096,256 | ---- | M] () -- C:\PROGRA~2\Raptr\win32api.pyd
MOD - [2010.11.23 00:57:34 | 000,036,352 | ---- | M] () -- C:\PROGRA~2\Raptr\win32process.pyd
MOD - [2010.11.23 00:57:18 | 000,141,312 | ---- | M] () -- C:\PROGRA~2\Raptr\gobject._gobject.pyd
MOD - [2010.11.23 00:56:56 | 000,110,592 | ---- | M] () -- C:\PROGRA~2\Raptr\pywintypes26.dll
MOD - [2010.11.23 00:56:26 | 000,324,608 | ---- | M] () -- C:\PROGRA~2\Raptr\PIL._imaging.pyd
MOD - [2010.11.23 00:56:02 | 000,805,376 | ---- | M] () -- C:\PROGRA~2\Raptr\_ssl.pyd
MOD - [2010.11.23 00:56:02 | 000,583,680 | ---- | M] () -- C:\PROGRA~2\Raptr\unicodedata.pyd
MOD - [2010.11.23 00:56:02 | 000,356,864 | ---- | M] () -- C:\PROGRA~2\Raptr\_hashlib.pyd
MOD - [2010.11.23 00:56:02 | 000,127,488 | ---- | M] () -- C:\PROGRA~2\Raptr\pyexpat.pyd
MOD - [2010.11.23 00:56:02 | 000,124,928 | ---- | M] () -- C:\PROGRA~2\Raptr\_elementtree.pyd
MOD - [2010.11.23 00:56:02 | 000,087,040 | ---- | M] () -- C:\PROGRA~2\Raptr\_ctypes.pyd
MOD - [2010.11.23 00:56:02 | 000,044,544 | ---- | M] () -- C:\PROGRA~2\Raptr\_sqlite3.pyd
MOD - [2010.11.23 00:56:02 | 000,043,008 | ---- | M] () -- C:\PROGRA~2\Raptr\_socket.pyd
MOD - [2010.11.23 00:56:02 | 000,009,216 | ---- | M] () -- C:\PROGRA~2\Raptr\winsound.pyd
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.09.29 04:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.09.28 07:19:38 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013.06.17 16:15:56 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.21 14:26:44 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.21 14:25:17 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.28 12:40:08 | 000,101,376 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.09.06 11:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.29 03:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.05.27 21:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.10.11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.21 14:27:12 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.21 14:27:12 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.21 14:27:12 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.11.23 16:15:31 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.11.23 16:15:31 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.15 07:37:02 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.10.15 07:37:02 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.29 04:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.09.29 03:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.08.18 14:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011.08.01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.07.19 02:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011.06.17 13:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011.06.17 13:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.06.10 04:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.31 02:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011.05.27 21:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.03.31 00:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.01.27 07:35:26 | 000,425,064 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.07.28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{C87395B5-70D9-4E25-AB1F-FF23936613EF}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{C87395B5-70D9-4E25-AB1F-FF23936613EF}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{C87395B5-70D9-4E25-AB1F-FF23936613EF}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{DDBBEB8E-5DEC-4B90-BDD9-B282877F50E2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=f3fe8bd7-f655-4a6d-9f6d-f07f32eeed50&apn_sauid=821DED16-C7E6-475E-92D3-187EBE7844B4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-695ea9f5bdba4fec\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Timm\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Timm\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Timm\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.02 11:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.05.20 19:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timm\AppData\Roaming\mozilla\Extensions
[2013.05.19 20:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.09 12:39:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.09 12:39:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Timm\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Timm\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Timm\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files (x86)\Roblox\Versions\version-695ea9f5bdba4fec\\NPRobloxProxy.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Timm\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.06.15 19:01:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8941748B-A8C1-4A01-8C63-D051DBEAFEC4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6504385-FD4F-40B8-826D-EB35A0D6B846}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browserprotect.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.19 14:31:22 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013.06.18 19:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.17 16:15:56 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.17 16:15:56 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.17 16:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.06.17 16:11:10 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.17 16:11:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.17 16:11:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.17 16:11:00 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.17 16:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.06.17 15:38:49 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.06.17 15:38:38 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.06.17 15:38:38 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.06.17 15:38:38 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.06.17 15:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.06.17 15:20:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2013.06.17 15:19:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.06.16 19:04:53 | 000,000,000 | ---D | C] -- C:\Users\Timm\Documents\Vanessa
[2013.06.15 22:42:13 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.15 22:42:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.15 19:21:06 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Roaming\Malwarebytes
[2013.06.15 19:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.15 19:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.15 19:20:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.15 19:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.15 19:05:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.15 18:47:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.15 18:47:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.15 18:47:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.15 18:46:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.15 18:46:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.14 21:23:57 | 000,000,000 | ---D | C] -- C:\Users\Timm\Desktop\Logs
[2013.06.14 19:56:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.12 21:24:05 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.12 21:24:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.12 21:24:05 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.12 21:24:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.12 21:24:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.12 21:24:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.12 21:24:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.12 21:24:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.12 21:24:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.12 21:24:03 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.12 21:24:03 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.12 21:24:03 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.12 21:24:02 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 19:48:45 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 19:48:45 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 19:48:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 19:48:41 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 19:48:32 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 19:48:22 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 19:48:22 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 19:48:22 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 19:48:21 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 19:48:21 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 19:48:21 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 19:48:11 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 19:48:10 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.10 18:20:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Starship Corporation
[2013.06.10 17:48:17 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Roaming\Leky
[2013.06.09 21:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kebarl Space Program
[2013.06.09 21:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kebarl Space Program
[2013.06.03 17:13:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.05.26 16:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.05.26 16:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.05.23 08:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.23 08:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.19 14:47:08 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 14:47:08 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 14:38:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.19 14:38:33 | 2800,803,840 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.19 14:31:22 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013.06.17 16:15:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.17 16:15:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.17 16:15:56 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.17 16:10:51 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.06.17 16:10:51 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.06.17 16:10:51 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.17 16:10:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.17 16:10:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.17 16:10:51 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.17 16:09:02 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.06.17 15:38:29 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.06.17 15:38:28 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.06.17 15:38:28 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.06.17 15:38:28 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.06.17 15:38:28 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.06.17 15:38:28 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.06.16 11:29:25 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.16 11:29:25 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.16 11:29:25 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.16 11:29:25 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.16 11:29:25 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.15 22:47:54 | 001,591,930 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.15 19:01:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.14 19:00:12 | 000,046,583 | ---- | M] () -- C:\Users\Timm\Desktop\OTL Log-Timm638.zip
[2013.06.12 21:21:23 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2434292891-1991117707-1313040686-1002UA.job
[2013.06.12 20:32:30 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.12 18:32:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.12 18:03:02 | 006,890,598 | ---- | M] () -- C:\Users\Timm\Desktop\minecraft.jar
[2013.06.10 19:23:39 | 000,009,742 | ---- | M] () -- C:\Users\Timm\Desktop\Zombatar_2.jpg
[2013.06.10 18:21:29 | 000,002,133 | ---- | M] () -- C:\Users\Timm\Desktop\Starship Corporation Alpha.lnk
[2013.06.09 21:04:12 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Kebarl Space Program .lnk
[2013.06.09 11:37:07 | 000,010,142 | ---- | M] () -- C:\Users\Timm\Desktop\Unbenannt.png
[2013.06.09 11:28:00 | 000,001,442 | ---- | M] () -- C:\Users\Timm\Desktop\112.png
[2013.06.09 11:27:39 | 000,001,710 | ---- | M] () -- C:\Users\Timm\Desktop\006.png
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.08 09:49:10 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2434292891-1991117707-1313040686-1002Core.job
[2013.06.07 15:39:44 | 000,002,367 | ---- | M] () -- C:\Users\Timm\Desktop\Google Chrome.lnk
[2013.06.05 14:56:14 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTimm.job
[2013.05.25 17:31:51 | 002,468,600 | ---- | M] () -- C:\Users\Timm\Desktop\TechnicLauncher.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.17 16:15:56 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.17 16:09:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.06.17 16:09:02 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.06.15 18:47:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.15 18:47:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.15 18:47:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.15 18:47:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.15 18:47:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.14 18:59:49 | 000,046,583 | ---- | C] () -- C:\Users\Timm\Desktop\OTL Log-Timm638.zip
[2013.06.10 19:23:39 | 000,009,742 | ---- | C] () -- C:\Users\Timm\Desktop\Zombatar_2.jpg
[2013.06.10 18:21:29 | 000,002,133 | ---- | C] () -- C:\Users\Timm\Desktop\Starship Corporation Alpha.lnk
[2013.06.09 21:04:12 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Kebarl Space Program .lnk
[2013.06.09 11:37:07 | 000,010,142 | ---- | C] () -- C:\Users\Timm\Desktop\Unbenannt.png
[2013.06.09 11:28:00 | 000,001,442 | ---- | C] () -- C:\Users\Timm\Desktop\112.png
[2013.06.09 11:27:39 | 000,001,710 | ---- | C] () -- C:\Users\Timm\Desktop\006.png
[2013.05.26 16:12:06 | 000,000,202 | ---- | C] () -- C:\Users\Timm\Documents\Terraria.url
[2013.04.11 18:57:20 | 000,000,218 | ---- | C] () -- C:\Users\Timm\AppData\Local\recently-used.xbel
[2013.04.11 18:52:55 | 000,001,348 | ---- | C] () -- C:\Users\Timm\Neues Dokument 1.2013_04_11_18_52_55.0.svg
[2012.12.09 19:05:15 | 000,703,117 | ---- | C] () -- C:\Users\Timm\AppData\Roaming\technic-launcher.jar
[2012.12.09 19:05:15 | 000,581,642 | ---- | C] () -- C:\Users\Timm\AppData\Roaming\technic-launcher.jar.bak
[2012.11.18 20:03:07 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.11.18 20:03:07 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2012.10.16 17:37:01 | 000,000,018 | ---- | C] () -- C:\Windows\LEPROP.INI
[2012.10.05 13:57:20 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2012.07.27 13:12:39 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\CC736B83F3.sys
[2012.07.27 13:12:31 | 000,001,056 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.07.15 19:46:59 | 000,007,754 | ---- | C] () -- C:\Users\Timm\AppData\Roaming\.freeciv-client-rc-2.3
[2012.07.06 20:32:38 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.06.11 18:46:49 | 000,007,605 | ---- | C] () -- C:\Users\Timm\AppData\Local\Resmon.ResmonCfg
[2012.06.08 16:17:00 | 002,631,680 | ---- | C] () -- C:\Users\Timm\GestureMouseSession.etl
[2012.05.16 16:35:15 | 000,005,120 | ---- | C] () -- C:\Users\Timm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.03 14:22:23 | 000,001,579 | ---- | C] () -- C:\Users\Timm\Welcome Center.lnk
[2012.04.30 17:27:07 | 000,000,680 | RHS- | C] () -- C:\Users\Timm\ntuser.pol
[2011.12.25 01:56:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.25 01:53:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.12.25 01:49:09 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.25 01:38:42 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.10.14 22:23:20 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011.09.28 07:49:36 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.09.06 13:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Viel Spaß :P

Code:
ATTFilter
OTL logfile created on: 19.06.2013 14:42:51 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timm\Desktop\Logs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,48 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 61,68% Memory free
6,95 Gb Paging File | 5,37 Gb Available in Paging File | 77,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441,12 Gb Total Space | 282,18 Gb Free Space | 63,97% Space Free | Partition Type: NTFS
Drive D: | 20,48 Gb Total Space | 2,19 Gb Free Space | 10,69% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,23% Space Free | Partition Type: FAT32
 
Computer Name: TIMMS-LAPTOP | User Name: Timm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.14 18:18:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timm\Desktop\Logs\OTL.exe
PRC - [2013.05.15 12:08:46 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.02 11:21:35 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.22 19:54:16 | 000,046,144 | ---- | M] (Raptr, Inc) -- C:\PROGRA~2\Raptr\raptr_im.exe
PRC - [2013.03.22 19:54:14 | 000,064,576 | ---- | M] (Raptr, Inc) -- C:\PROGRA~2\Raptr\raptr.exe
PRC - [2013.03.21 14:26:44 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.21 14:25:17 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.28 12:40:08 | 000,101,376 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.06 11:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012.03.05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011.10.08 04:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.10 14:28:10 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.10.27 09:53:18 | 002,717,595 | ---- | M] () -- C:\PROGRA~2\Raptr\heliotrope._purple.pyd
MOD - [2012.06.22 23:59:52 | 000,313,856 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtWebKit.pyd
MOD - [2012.06.22 23:55:58 | 000,494,592 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtNetwork.pyd
MOD - [2012.06.22 23:53:22 | 005,812,736 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtGui.pyd
MOD - [2012.06.22 23:39:06 | 001,662,464 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtCore.pyd
MOD - [2012.06.22 23:24:28 | 000,067,584 | ---- | M] () -- C:\PROGRA~2\Raptr\sip.pyd
MOD - [2012.02.06 22:28:48 | 000,011,264 | ---- | M] () -- C:\PROGRA~2\Raptr\Crypto.Util._counter.pyd
MOD - [2012.02.06 22:28:42 | 000,031,744 | ---- | M] () -- C:\PROGRA~2\Raptr\Crypto.Cipher.AES.pyd
MOD - [2012.02.06 22:28:34 | 000,010,752 | ---- | M] () -- C:\PROGRA~2\Raptr\Crypto.Random.OSRNG.winrandom.pyd
MOD - [2011.09.09 01:47:40 | 001,183,699 | ---- | M] () -- C:\PROGRA~2\Raptr\liboscar.dll
MOD - [2011.09.09 01:47:36 | 001,640,221 | ---- | M] () -- C:\PROGRA~2\Raptr\libjabber.dll
MOD - [2011.09.09 01:47:32 | 001,052,194 | ---- | M] () -- C:\PROGRA~2\Raptr\libymsg.dll
MOD - [2011.09.09 01:47:22 | 000,495,680 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libaim.dll
MOD - [2011.09.09 01:47:22 | 000,483,306 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libicq.dll
MOD - [2011.09.09 01:47:16 | 000,655,356 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libirc.dll
MOD - [2011.09.09 01:47:16 | 000,603,326 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\ssl-nss.dll
MOD - [2011.09.09 01:47:14 | 000,497,782 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libyahoojp.dll
MOD - [2011.09.09 01:47:14 | 000,474,199 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\ssl.dll
MOD - [2011.09.09 01:47:10 | 001,306,387 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libmsn.dll
MOD - [2011.09.09 01:47:04 | 000,565,461 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libxmpp.dll
MOD - [2011.09.09 01:46:56 | 000,506,276 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libyahoo.dll
MOD - [2011.05.10 21:01:42 | 000,030,208 | ---- | M] () -- C:\PROGRA~2\Raptr\simplejson._speedups.pyd
MOD - [2011.02.15 20:17:28 | 001,213,633 | ---- | M] () -- C:\PROGRA~2\Raptr\libxml2-2.dll
MOD - [2011.02.15 20:17:28 | 000,417,501 | ---- | M] () -- C:\PROGRA~2\Raptr\sqlite3.dll
MOD - [2010.11.23 01:06:22 | 000,055,808 | ---- | M] () -- C:\PROGRA~2\Raptr\zlib1.dll
MOD - [2010.11.23 00:57:34 | 000,167,936 | ---- | M] () -- C:\PROGRA~2\Raptr\win32gui.pyd
MOD - [2010.11.23 00:57:34 | 000,111,104 | ---- | M] () -- C:\PROGRA~2\Raptr\win32file.pyd
MOD - [2010.11.23 00:57:34 | 000,096,256 | ---- | M] () -- C:\PROGRA~2\Raptr\win32api.pyd
MOD - [2010.11.23 00:57:34 | 000,036,352 | ---- | M] () -- C:\PROGRA~2\Raptr\win32process.pyd
MOD - [2010.11.23 00:57:18 | 000,141,312 | ---- | M] () -- C:\PROGRA~2\Raptr\gobject._gobject.pyd
MOD - [2010.11.23 00:56:56 | 000,110,592 | ---- | M] () -- C:\PROGRA~2\Raptr\pywintypes26.dll
MOD - [2010.11.23 00:56:26 | 000,324,608 | ---- | M] () -- C:\PROGRA~2\Raptr\PIL._imaging.pyd
MOD - [2010.11.23 00:56:02 | 000,805,376 | ---- | M] () -- C:\PROGRA~2\Raptr\_ssl.pyd
MOD - [2010.11.23 00:56:02 | 000,583,680 | ---- | M] () -- C:\PROGRA~2\Raptr\unicodedata.pyd
MOD - [2010.11.23 00:56:02 | 000,356,864 | ---- | M] () -- C:\PROGRA~2\Raptr\_hashlib.pyd
MOD - [2010.11.23 00:56:02 | 000,127,488 | ---- | M] () -- C:\PROGRA~2\Raptr\pyexpat.pyd
MOD - [2010.11.23 00:56:02 | 000,124,928 | ---- | M] () -- C:\PROGRA~2\Raptr\_elementtree.pyd
MOD - [2010.11.23 00:56:02 | 000,087,040 | ---- | M] () -- C:\PROGRA~2\Raptr\_ctypes.pyd
MOD - [2010.11.23 00:56:02 | 000,044,544 | ---- | M] () -- C:\PROGRA~2\Raptr\_sqlite3.pyd
MOD - [2010.11.23 00:56:02 | 000,043,008 | ---- | M] () -- C:\PROGRA~2\Raptr\_socket.pyd
MOD - [2010.11.23 00:56:02 | 000,009,216 | ---- | M] () -- C:\PROGRA~2\Raptr\winsound.pyd
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.09.29 04:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.09.28 07:19:38 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013.06.17 16:15:56 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.21 14:26:44 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.21 14:25:17 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.28 12:40:08 | 000,101,376 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.09.06 11:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.29 03:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.05.27 21:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.10.11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.21 14:27:12 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.21 14:27:12 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.21 14:27:12 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.11.23 16:15:31 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.11.23 16:15:31 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.15 07:37:02 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.10.15 07:37:02 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.29 04:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.09.29 03:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.08.18 14:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011.08.01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.07.19 02:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011.06.17 13:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011.06.17 13:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.06.10 04:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.31 02:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011.05.27 21:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.03.31 00:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.01.27 07:35:26 | 000,425,064 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.07.28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{C87395B5-70D9-4E25-AB1F-FF23936613EF}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{C87395B5-70D9-4E25-AB1F-FF23936613EF}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{C87395B5-70D9-4E25-AB1F-FF23936613EF}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{DDBBEB8E-5DEC-4B90-BDD9-B282877F50E2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=f3fe8bd7-f655-4a6d-9f6d-f07f32eeed50&apn_sauid=821DED16-C7E6-475E-92D3-187EBE7844B4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-695ea9f5bdba4fec\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Timm\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Timm\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Timm\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.02 11:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.05.20 19:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timm\AppData\Roaming\mozilla\Extensions
[2013.05.19 20:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.09 12:39:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.09 12:39:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Timm\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Timm\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Timm\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files (x86)\Roblox\Versions\version-695ea9f5bdba4fec\\NPRobloxProxy.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Timm\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\Timm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.06.15 19:01:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8941748B-A8C1-4A01-8C63-D051DBEAFEC4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6504385-FD4F-40B8-826D-EB35A0D6B846}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browserprotect.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.19 14:31:22 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013.06.18 19:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.17 16:15:56 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.17 16:15:56 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.17 16:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.06.17 16:11:10 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.17 16:11:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.17 16:11:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.17 16:11:00 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.17 16:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.06.17 15:38:49 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.06.17 15:38:38 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.06.17 15:38:38 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.06.17 15:38:38 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.06.17 15:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.06.17 15:20:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2013.06.17 15:19:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.06.16 19:04:53 | 000,000,000 | ---D | C] -- C:\Users\Timm\Documents\Vanessa
[2013.06.15 22:42:13 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.15 22:42:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.15 19:21:06 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Roaming\Malwarebytes
[2013.06.15 19:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.15 19:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.15 19:20:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.15 19:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.15 19:05:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.15 18:47:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.15 18:47:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.15 18:47:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.15 18:46:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.15 18:46:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.14 21:23:57 | 000,000,000 | ---D | C] -- C:\Users\Timm\Desktop\Logs
[2013.06.14 19:56:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.12 21:24:05 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.12 21:24:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.12 21:24:05 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.12 21:24:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.12 21:24:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.12 21:24:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.12 21:24:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.12 21:24:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.12 21:24:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.12 21:24:03 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.12 21:24:03 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.12 21:24:03 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.12 21:24:02 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 19:48:45 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 19:48:45 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 19:48:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 19:48:41 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 19:48:32 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 19:48:22 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 19:48:22 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 19:48:22 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 19:48:21 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 19:48:21 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 19:48:21 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 19:48:11 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 19:48:10 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.10 18:20:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Starship Corporation
[2013.06.10 17:48:17 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Roaming\Leky
[2013.06.09 21:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kebarl Space Program
[2013.06.09 21:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kebarl Space Program
[2013.06.03 17:13:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.05.26 16:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.05.26 16:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.05.23 08:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.23 08:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.19 14:47:08 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 14:47:08 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 14:38:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.19 14:38:33 | 2800,803,840 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.19 14:31:22 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013.06.17 16:15:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.17 16:15:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.17 16:15:56 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.17 16:10:51 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.06.17 16:10:51 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.06.17 16:10:51 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.17 16:10:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.17 16:10:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.17 16:10:51 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.17 16:09:02 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.06.17 15:38:29 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.06.17 15:38:28 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.06.17 15:38:28 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.06.17 15:38:28 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.06.17 15:38:28 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.06.17 15:38:28 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.06.16 11:29:25 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.16 11:29:25 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.16 11:29:25 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.16 11:29:25 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.16 11:29:25 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.15 22:47:54 | 001,591,930 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.15 19:01:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.14 19:00:12 | 000,046,583 | ---- | M] () -- C:\Users\Timm\Desktop\OTL Log-Timm638.zip
[2013.06.12 21:21:23 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2434292891-1991117707-1313040686-1002UA.job
[2013.06.12 20:32:30 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.12 18:32:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.12 18:03:02 | 006,890,598 | ---- | M] () -- C:\Users\Timm\Desktop\minecraft.jar
[2013.06.10 19:23:39 | 000,009,742 | ---- | M] () -- C:\Users\Timm\Desktop\Zombatar_2.jpg
[2013.06.10 18:21:29 | 000,002,133 | ---- | M] () -- C:\Users\Timm\Desktop\Starship Corporation Alpha.lnk
[2013.06.09 21:04:12 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Kebarl Space Program .lnk
[2013.06.09 11:37:07 | 000,010,142 | ---- | M] () -- C:\Users\Timm\Desktop\Unbenannt.png
[2013.06.09 11:28:00 | 000,001,442 | ---- | M] () -- C:\Users\Timm\Desktop\112.png
[2013.06.09 11:27:39 | 000,001,710 | ---- | M] () -- C:\Users\Timm\Desktop\006.png
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.08 09:49:10 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2434292891-1991117707-1313040686-1002Core.job
[2013.06.07 15:39:44 | 000,002,367 | ---- | M] () -- C:\Users\Timm\Desktop\Google Chrome.lnk
[2013.06.05 14:56:14 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTimm.job
[2013.05.25 17:31:51 | 002,468,600 | ---- | M] () -- C:\Users\Timm\Desktop\TechnicLauncher.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.17 16:15:56 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.17 16:09:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.06.17 16:09:02 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.06.15 18:47:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.15 18:47:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.15 18:47:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.15 18:47:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.15 18:47:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.14 18:59:49 | 000,046,583 | ---- | C] () -- C:\Users\Timm\Desktop\OTL Log-Timm638.zip
[2013.06.10 19:23:39 | 000,009,742 | ---- | C] () -- C:\Users\Timm\Desktop\Zombatar_2.jpg
[2013.06.10 18:21:29 | 000,002,133 | ---- | C] () -- C:\Users\Timm\Desktop\Starship Corporation Alpha.lnk
[2013.06.09 21:04:12 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Kebarl Space Program .lnk
[2013.06.09 11:37:07 | 000,010,142 | ---- | C] () -- C:\Users\Timm\Desktop\Unbenannt.png
[2013.06.09 11:28:00 | 000,001,442 | ---- | C] () -- C:\Users\Timm\Desktop\112.png
[2013.06.09 11:27:39 | 000,001,710 | ---- | C] () -- C:\Users\Timm\Desktop\006.png
[2013.05.26 16:12:06 | 000,000,202 | ---- | C] () -- C:\Users\Timm\Documents\Terraria.url
[2013.04.11 18:57:20 | 000,000,218 | ---- | C] () -- C:\Users\Timm\AppData\Local\recently-used.xbel
[2013.04.11 18:52:55 | 000,001,348 | ---- | C] () -- C:\Users\Timm\Neues Dokument 1.2013_04_11_18_52_55.0.svg
[2012.12.09 19:05:15 | 000,703,117 | ---- | C] () -- C:\Users\Timm\AppData\Roaming\technic-launcher.jar
[2012.12.09 19:05:15 | 000,581,642 | ---- | C] () -- C:\Users\Timm\AppData\Roaming\technic-launcher.jar.bak
[2012.11.18 20:03:07 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.11.18 20:03:07 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2012.10.16 17:37:01 | 000,000,018 | ---- | C] () -- C:\Windows\LEPROP.INI
[2012.10.05 13:57:20 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2012.07.27 13:12:39 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\CC736B83F3.sys
[2012.07.27 13:12:31 | 000,001,056 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.07.15 19:46:59 | 000,007,754 | ---- | C] () -- C:\Users\Timm\AppData\Roaming\.freeciv-client-rc-2.3
[2012.07.06 20:32:38 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.06.11 18:46:49 | 000,007,605 | ---- | C] () -- C:\Users\Timm\AppData\Local\Resmon.ResmonCfg
[2012.06.08 16:17:00 | 002,631,680 | ---- | C] () -- C:\Users\Timm\GestureMouseSession.etl
[2012.05.16 16:35:15 | 000,005,120 | ---- | C] () -- C:\Users\Timm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.03 14:22:23 | 000,001,579 | ---- | C] () -- C:\Users\Timm\Welcome Center.lnk
[2012.04.30 17:27:07 | 000,000,680 | RHS- | C] () -- C:\Users\Timm\ntuser.pol
[2011.12.25 01:56:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.25 01:53:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.12.25 01:49:09 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.25 01:38:42 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.10.14 22:23:20 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011.09.28 07:49:36 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.09.06 13:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Alt 19.06.2013, 18:45   #28
markusg
/// Malware-holic
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes\{DDBBEB8E-5DEC-4B90-BDD9-B282877F50E2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=f3fe8bd7-f655-4a6d-9f6d-f07f32eeed50&apn_sauid=821DED16-C7E6-475E-92D3-187EBE7844B4
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup File not found
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.06.2013, 13:30   #29
Timm638
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DDBBEB8E-5DEC-4B90-BDD9-B282877F50E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDBBEB8E-5DEC-4B90-BDD9-B282877F50E2}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IntelliPoint deleted successfully.
c:\Programme\Microsoft IntelliPoint\ipoint.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SetDefault deleted successfully.
C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SysTrayApp deleted successfully.
C:\Programme\IDT\WDM\sttray64.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\APSDaemon deleted successfully.
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avgnt deleted successfully.
File move failed. C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Easybits Recovery deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IntelliPoint not found.
File c:\Program Files\Microsoft IntelliPoint\ipoint.exe not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SetDefault not found.
File C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SysTrayApp not found.
File C:\Programme\IDT\WDM\sttray64.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\APSDaemon not found.
File C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avgnt not found.
File move failed. C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Easybits Recovery not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Quick Launch deleted successfully.
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HPOSD deleted successfully.
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HPQuickWebProxy deleted successfully.
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LogMeIn Hamachi Ui deleted successfully.
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartCCC deleted successfully.
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Raptr deleted successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Bugla
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Timm
->Temp folder emptied: 5081167 bytes
->Temporary Internet Files folder emptied: 62178222 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 397247171 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47396881 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 5258061 bytes
 
Total Files Cleaned = 493,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06202013_132253

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe scheduled to be moved on reboot.
C:\Users\Timm\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 04.07.2013, 15:51   #30
markusg
/// Malware-holic
 
ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Standard

ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]



was ist mit der Antwort auf meine Frage
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]
antivir, avira, csrss.exe, desktop, dllhost.exe, entfernen, explorer.exe, frage, free, home, infiziert, internet, log, lsass.exe, microsoft, modul, programme, prozesse, services.exe, software, spybot, svchost.exe, temp, virus, windows, windows 7, winlogon.exe, wmp



Ähnliche Themen: ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]


  1. Interpol Virus / Bin ich infiziert?
    Plagegeister aller Art und deren Bekämpfung - 11.04.2014 (7)
  2. Notebook mit Virus infiziert
    Plagegeister aller Art und deren Bekämpfung - 10.10.2013 (17)
  3. ie_util.exe mit Trojaner R/Agent.73728.25
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (11)
  4. ie_util.exe, Firerfox startet selten, Viren, trojaner
    Log-Analyse und Auswertung - 26.06.2013 (9)
  5. mit ihavenet-Virus infiziert - was nun?
    Log-Analyse und Auswertung - 28.12.2012 (22)
  6. ihavenet - virus infiziert?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (3)
  7. (2x) Cmd.exe, Malwarebites FF Spybot funktionieren nicht, Virus?
    Mülltonne - 07.08.2012 (3)
  8. 50-€ Virus infiziert
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (19)
  9. [WINDOWS XP/UNGELÖST] Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Log-Analyse und Auswertung - 04.01.2012 (24)
  10. [doppelt] Scan mit Spybot und malewarebytes.Spybot...
    Mülltonne - 21.10.2011 (1)
  11. Trojaner/Virus blockiert Spybot und Malwarebyte
    Antiviren-, Firewall- und andere Schutzprogramme - 21.10.2010 (1)
  12. Spybot.. PC-Absturz..Spybot im abgesicherter Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 11.01.2010 (1)
  13. Virus infiziert Entwicklungsumgebung
    Nachrichten - 18.08.2009 (0)
  14. Virus? PC fährt runter, AntiVir,Zone Alarm, Spybot, Ad-Aware außer Gefecht
    Log-Analyse und Auswertung - 03.12.2008 (0)
  15. Hilfe! Virus hat Antivir &Spybot gelöscht - lässt sich nicht neu installieren
    Mülltonne - 02.09.2007 (0)
  16. Hilfe benötigt:I.Virus,PSW.x-vir,SpyBot@Mxt
    Plagegeister aller Art und deren Bekämpfung - 21.08.2007 (1)
  17. Virus? Worm/SpyBot.P2P.Gen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2003 (6)

Zum Thema ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] - Die Sprengung deines PC's habe ich mir für den Schluss aufgehoben :-) malwarebytes: Downloade Dir bitte Malwarebytes Installiere das Programm in den vorgegebenen Pfad. Vista und Win7 User mit Rechtsklick - ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST]...
Archiv
Du betrachtest: ie_util.exe infiziert mit Virus Spybot.DEZ. [UNGELÖST] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.