Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner und Probleme mit dem System

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.06.2013, 11:03   #1
vile
 
GVU-Trojaner und Probleme mit dem System - Standard

GVU-Trojaner und Probleme mit dem System



Hallo!

Ich habe mir vor ein vorgestern den GVU-Trojaner eingefangen gehabt und mein Bildschirm war gesperrt. Nachdem ich mich per Google schlau gelesen hab, hielt ich es zunächst für die beste Idee das System mit der Kaspersky Rescue-Disk zu scannen und zu reinigen, was auch geklappt hat. Anschließend ließ ich Malware-Bytes drüberlaufen, was auch nochmal etwas gefunden hat und dann waren eigentlich alle Probleme weg.

Was jedoch nach den Scans und Löschen des Trojaners merkwürdig war: "Der Windows Sicherheitscenterdienst konnte nicht ausgeführt werden". Ich hab versucht das Problem mit dieser Hilfestellung von Microsoft anzugehen: hxxp://support.microsoft.com/kb/2519899/de
was jedoch ebenfalls erfolglos blieb. Ich führte den unter 11. aufgelisteten Registry-Eintrag durch und musste feststellen, dass mir der PC sagt, dass ich eine falsche Datei importieren wolle, das kam mir schon etwas merkwürdig vor. Was mir aber noch viel merkwürdiger vorkam: ich konnte einfache Spiele wie FIFA oder Call of Duty usw. einfach nicht mehr starten, nach dem Doppelklick auf die .exe Dateien erschienen diese zwar im Task-Manager, öffneten sich jedoch nicht.

Nun hab ich die Vermutung bzw die Angst, dass ich mein System irgendwie beschädigt habe und deshalb nichts mehr so richtig funktioniert. Meine Frage: Gibt es eine Möglichkeit das System zu retten oder sollte ich es lieber gleich formatieren? (was ja eigentlich immer als letzte Möglichkeit gilt)

Mit freundlichen Grüßen,

vile

Alt 27.06.2013, 11:25   #2
aharonov
/// TB-Ausbilder
 
GVU-Trojaner und Probleme mit dem System - Standard

GVU-Trojaner und Probleme mit dem System



Hallo vile,

Zitat:
das System mit der Kaspersky Rescue-Disk zu scannen und zu reinigen, was auch geklappt hat. Anschließend ließ ich Malware-Bytes drüberlaufen, was auch nochmal etwas gefunden hat
Kannst du mir bitte die Logs von Kaspersky und MBAM posten, wo aufgelistet ist, was da alles genau gelöscht wurde. Siehe hier: http://www.trojaner-board.de/125889-...en-posten.html

Zusätzlich:


Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.
__________________

__________________

Alt 27.06.2013, 11:57   #3
vile
 
GVU-Trojaner und Probleme mit dem System - Standard

GVU-Trojaner und Probleme mit dem System



Kaspersky:
Zitat:
Untersuchung von Objekten: wurde abgeschlossen vor 2 Minuten (Ereignis: 9, Objekte: 1740, Zeit: 00:02:05)
26.06.13 09:12 Aufgabe wurde abgeschlossen
26.06.13 09:12 Gelöscht: Trojan-Ransom.Win32.Foreign.ehtf C:/ProgramData/4lodr.dat
26.06.13 09:12 Desinfiziert: Trojan-Ransom.Win32.Foreign.ehtf HKLM\System\ControlSet002\Services\Winmgmt\Parameters/ServiceDll
26.06.13 09:12 Desinfiziert: Trojan-Ransom.Win32.Foreign.ehtf HKLM\System\ControlSet001\Services\Winmgmt\Parameters/ServiceDll
26.06.13 09:12 Desinfiziert: Trojan-Ransom.Win32.Foreign.ehtf HKEY_USERS\S-1-5-21-3838710685-4183119134-1903458399-1000\Software\Microsoft\Windows\CurrentVersion\Run/ctfmon32.exe
26.06.13 09:12 Gefunden: Trojan-Ransom.Win32.Foreign.ehtf C:/ProgramData/4lodr.dat
26.06.13 09:11 Nicht desinfizierte Objekte: Trojan-Ransom.Win32.Foreign.ehtf C:/ProgramData/4lodr.dat Zurückgestellt
26.06.13 09:11 Gefunden: Trojan-Ransom.Win32.Foreign.ehtf C:/ProgramData/4lodr.dat
26.06.13 09:10 Aufgabe wurde gestartet
Untersuchung von Objekten: wurde abgeschlossen vor weniger als einer Minute (Ereignis: 2, Objekte: 1738, Zeit: 00:01:42)
26.06.13 09:15 Aufgabe wurde abgeschlossen
26.06.13 09:13 Aufgabe wurde gestartet
Malware-Bytes:

Zitat:
´ Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.26.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
Alessandro :: VILE [Administrator]

Schutz: Aktiviert

26.06.2013 09:57:27
mbam-log-2013-06-26 (09-57-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210359
Laufzeit: 5 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\rundll32.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
OLT.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.06.2013 12:46:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alessandro\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 45,69% Memory free
6,50 Gb Paging File | 4,44 Gb Available in Paging File | 68,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1376,16 Gb Total Space | 1001,13 Gb Free Space | 72,75% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,64 Gb Free Space | 58,19% Space Free | Partition Type: NTFS
 
Computer Name: VILE | User Name: Alessandro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.27 12:45:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alessandro\Desktop\OTL.exe
PRC - [2013.06.27 12:44:39 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.27 12:44:14 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.06.27 12:44:08 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.27 12:44:08 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.06.26 11:20:48 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013.06.04 09:31:39 | 003,456,080 | ---- | M] (Electronic Arts) -- C:\Programme\Origin\Origin.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.24 13:03:28 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013.04.26 00:50:28 | 029,986,136 | ---- | M] (Electronic Arts) -- C:\Programme\Origin Games\FIFA 13\Game\fifa13.exe
PRC - [2013.04.25 00:10:38 | 005,534,488 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\LCore.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.01.08 09:59:20 | 000,228,448 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010.06.10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\Brother\BrStMonW.exe
PRC - [2010.02.24 12:41:16 | 000,088,576 | ---- | M] (ZTE) -- C:\Programme\T-Mobile\InternetManager_Z\Bin\mcserver.exe
PRC - [2010.01.26 12:35:46 | 000,215,552 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
PRC - [2010.01.26 12:35:42 | 000,031,232 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
PRC - [2010.01.26 12:35:36 | 000,043,008 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\gconfd-2.exe
PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\BrYNSvc.exe
PRC - [2010.01.09 01:34:18 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.14 03:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
PRC - [2009.06.03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.26 11:20:48 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013.06.04 09:31:40 | 000,062,976 | ---- | M] () -- C:\Programme\Origin\tufao.dll
MOD - [2013.05.24 13:03:28 | 003,128,728 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.02.28 09:28:44 | 000,089,600 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\itapi.dll
MOD - [2010.02.28 09:28:38 | 000,054,272 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\coder.dll
MOD - [2010.02.28 09:28:36 | 000,043,008 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\audio.dll
MOD - [2010.02.28 09:28:34 | 000,025,088 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\log.dll
MOD - [2010.02.24 12:41:04 | 000,034,304 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\libctlsvr.dll
MOD - [2010.01.26 12:35:46 | 000,215,552 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
MOD - [2010.01.26 12:35:42 | 000,031,232 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
MOD - [2010.01.26 12:35:36 | 000,043,008 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\gconfd-2.exe
MOD - [2010.01.26 12:35:34 | 000,055,808 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\libgconfbackend-xml.dll
MOD - [2010.01.26 12:35:20 | 000,157,696 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\libgconf-2.dll
MOD - [2010.01.26 12:35:06 | 000,594,432 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\dbus-1.dll
MOD - [2010.01.26 12:34:04 | 000,341,504 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\sqlite3.dll
MOD - [2009.06.03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.06.03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.03.28 09:19:06 | 000,080,688 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\zlib1.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008.05.06 13:50:00 | 000,971,776 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\libxml2.dll
MOD - [2007.09.09 17:07:00 | 000,151,552 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\libexpat.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013.06.27 12:44:39 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.27 12:44:08 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.26 11:20:48 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.24 13:03:28 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.15 19:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys -- (AODDriver4.01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\amdiox86.sys -- (amdiox86)
DRV - [2013.06.04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013.06.04 09:15:02 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013.05.14 10:32:58 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.04.01 22:03:38 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.04.01 22:03:38 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.04.01 22:03:38 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.12.15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.11.25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.16 12:18:27 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010.04.28 01:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010.04.28 01:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010.04.28 01:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010.04.27 23:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010.01.09 01:54:44 | 005,191,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010.01.09 00:40:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009.12.15 04:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.12.15 04:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009.11.24 03:49:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.11.24 03:49:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.11.24 03:49:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.11.24 03:49:44 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.11.24 02:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.24 02:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&k=0
IE - HKCU\..\SearchScopes\{20BF448D-74C0-4621-B7E2-2DD39AD139E8}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{275D361A-B4C3-4298-A34B-1FB8A2AB2D56}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3647AB84-CFFD-44FE-9EA7-EF15DD26F594}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8635E1C6-87A1-4588-B0E2-3FD9EA95A43C}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{A74AD699-1DB4-4A02-9861-F8DE0F949842}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{B5F6E15C-46E5-4844-A9A9-A7B0D49BEFB9}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{DF4FB3A0-F2DE-4D48-B757-9979117356D9}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D4D45445444462670633D4D414D44267372633D49452D536561726368426F78&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\ALESSA~1\\AppData\\Local\\Temp\\proxtube.pac"
FF - prefs.js..network.proxy.ftp: "212.119.105.65"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "212.119.105.65"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "212.119.105.65"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "212.119.105.65"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alessandro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Alessandro\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon [2010.02.02 15:19:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.24 13:03:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.26 11:19:44 | 000,000,000 | ---D | M]
 
[2010.07.29 16:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alessandro\AppData\Roaming\mozilla\Extensions
[2013.06.26 11:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alessandro\AppData\Roaming\mozilla\Firefox\Profiles\hkcx0dob.default\extensions
[2013.04.05 09:25:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Alessandro\AppData\Roaming\mozilla\Firefox\Profiles\hkcx0dob.default\extensions\ich@maltegoetz.de
[2013.02.09 22:37:15 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\extensions\stealthyextension@gmail.com.xpi
[2012.12.11 18:43:41 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.02.07 10:24:24 | 000,002,419 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\searchplugins\englische-ergebnisse.xml
[2012.02.07 10:24:24 | 000,010,525 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\searchplugins\gmx-suche.xml
[2012.02.07 10:24:24 | 000,002,457 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\searchplugins\lastminute.xml
[2012.02.07 10:24:24 | 000,005,508 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\searchplugins\webde-suche.xml
[2011.07.28 17:23:19 | 000,002,182 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\searchplugins\{7F12DBA2-C662-4618-8998-64513EA51B23}.xml
[2011.07.28 17:23:19 | 000,002,071 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\searchplugins\{7F2DB4BC-60A3-4410-8881-2EB7F86FAD5D}.xml
[2011.07.28 17:23:19 | 000,001,864 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\searchplugins\{E4C2741D-4974-4962-B5FE-0C0C62234130}.xml
[2013.05.24 13:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.24 13:03:28 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - Reg Error: Value error. File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - Reg Error: Value error. File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{086FD720-5EA6-438D-8CB4-CB97B36AE2D0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C78A69F-91A0-4A65-B8D9-D5B6DD7424AF}: DhcpNameServer = 178.238.129.66 66.96.208.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBCDE3F5-905F-4D68-8D8C-7F66A3DB625B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1e2bd3c0-b9b3-11e0-98c0-40618698c73e}\Shell - "" = AutoRun
O33 - MountPoints2\{1e2bd3c0-b9b3-11e0-98c0-40618698c73e}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.27 12:45:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alessandro\Desktop\OTL.exe
[2013.06.26 12:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2013.06.26 12:00:03 | 000,017,344 | ---- | C] (Dll-Files.com) -- C:\Windows\System32\roboot.exe
[2013.06.26 12:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
[2013.06.26 11:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.06.26 11:19:44 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.06.26 11:19:44 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.26 11:19:35 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.26 10:43:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.26 10:42:06 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.26 10:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013.06.26 10:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.26 09:56:07 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\Malwarebytes
[2013.06.26 09:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.26 09:55:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.26 09:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.26 09:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.26 09:19:34 | 000,000,000 | -HSD | C] -- C:\found.000
[2013.06.12 14:04:05 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.12 14:04:04 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.12 14:01:04 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.12 14:01:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.06.12 14:01:04 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.12 14:01:03 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.12 14:01:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.06.12 14:01:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.06.12 14:01:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.06.12 14:01:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.06.12 12:17:56 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.06.12 12:17:54 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013.06.12 12:17:49 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.06.12 12:17:47 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.06.12 12:17:43 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.12 12:17:43 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.04 09:15:02 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013.06.04 09:15:02 | 000,084,248 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.27 12:49:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.06.27 12:45:48 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.27 12:45:48 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.27 12:45:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alessandro\Desktop\OTL.exe
[2013.06.27 12:44:43 | 000,067,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.06.27 12:38:36 | 000,000,210 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.06.27 12:38:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.27 12:38:29 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.26 16:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.26 16:08:00 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2013.06.26 12:26:19 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013.06.26 12:26:19 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013.06.26 11:49:08 | 000,657,698 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.26 11:49:08 | 000,618,974 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.26 11:49:08 | 000,131,070 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.26 11:49:08 | 000,107,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.26 11:20:48 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.26 11:20:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.26 11:19:29 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.06.26 11:19:29 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.06.26 11:19:29 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.26 11:19:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.06.26 11:19:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.06.26 11:19:29 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.26 09:55:59 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.26 09:20:31 | 000,003,552 | ---- | M] () -- C:\bootsqm.dat
[2013.06.26 08:31:12 | 095,023,320 | ---- | M] () -- C:\ProgramData\rdol4.pad
[2013.06.25 17:47:21 | 000,002,655 | ---- | M] () -- C:\ProgramData\rdol4.js
[2013.06.24 09:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013.06.04 09:15:02 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013.05.31 12:51:45 | 000,001,054 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.31 12:51:12 | 000,001,032 | ---- | M] () -- C:\Users\Alessandro\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.26 12:00:16 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013.06.26 12:00:15 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013.06.26 09:55:59 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.26 09:20:31 | 000,003,552 | ---- | C] () -- C:\bootsqm.dat
[2013.06.25 17:47:21 | 000,002,655 | ---- | C] () -- C:\ProgramData\rdol4.js
[2013.06.25 17:47:20 | 095,023,320 | ---- | C] () -- C:\ProgramData\rdol4.pad
[2013.05.23 10:10:26 | 000,011,241 | ---- | C] () -- C:\Windows\wininit.ini
[2012.03.08 10:40:32 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.02.12 19:44:36 | 000,017,408 | ---- | C] () -- C:\Users\Alessandro\AppData\Local\WebpageIcons.db
[2012.02.11 11:46:56 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.12.20 11:12:27 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011.12.17 00:10:56 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011.12.17 00:10:26 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011.11.16 22:18:42 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.11.16 22:18:41 | 000,138,056 | ---- | C] () -- C:\Users\Alessandro\AppData\Roaming\PnkBstrK.sys
[2011.11.16 22:18:24 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.11.16 22:18:23 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011.11.16 22:18:23 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.08.31 19:45:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.08.31 19:36:54 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


Extras.txt:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.06.2013 12:46:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alessandro\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 45,69% Memory free
6,50 Gb Paging File | 4,44 Gb Available in Paging File | 68,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1376,16 Gb Total Space | 1001,13 Gb Free Space | 72,75% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,64 Gb Free Space | 58,19% Space Free | Partition Type: NTFS
 
Computer Name: VILE | User Name: Alessandro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0473D69A-3520-4E7E-BEF4-E7003BEE9210}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0DFC9C64-31B6-4009-9E56-10C3FF5435CC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1143F6BE-5E5A-43E4-B44F-3A863B88BE26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19F404E7-DC44-422C-8DEC-0911936502E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{22E2BD0D-CA9E-476D-9C88-A894F39D2DA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2D9CE987-2A11-4A7C-AEE9-AC3B76800D82}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2DD462A3-5756-479A-9176-CD63B929D2CD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{37F4ECD8-E322-4E3A-811D-2FBB4B523F91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3A666525-1DF9-4BFB-B611-AE7097EB1147}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3BDF8A68-161B-4F5A-ABF6-EC884FFEBA94}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{44D860FB-3B79-4013-BC6C-D5014CCE85FD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{47C041E1-832A-4A73-804B-F36A8B57EDDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{51394565-6AF7-44E0-A9D8-199F7A9B5FA4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{56E5E902-E628-4353-97E9-5C918C1601A3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{57B6D303-F1F8-4C91-AF01-0A48075887BB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5AB3FA8D-F5AE-49CA-80C8-78C9FE5355CF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5E7030A9-5A01-4F3E-8149-BF6DE67B616B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6DD89834-7040-4DEC-9D50-647DDD5EAFB8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7465C75C-10A1-4F39-95E7-8347F7840BFC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{788042D4-471D-45E5-B2FA-FEDDF11A8176}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7A145E7A-6938-456F-A8CA-0C1520D6C14A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{8D8A5B5A-4891-485E-9C1B-2CDE6AF21483}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A0139B67-03E4-4866-98D9-D171FFE884AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A1095C7F-3205-4E39-9394-B30CA816FC6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A808ADDD-CC2F-4E72-806C-1A3948E2FC24}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A97EE164-C74D-4252-8712-6DD004E5CE0F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{A9A16BD8-B6DD-4CCC-B7C8-7D59E6F289DA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AD373CF8-FBEC-429D-958C-F4F4C1198446}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BBB81D2C-73FD-4EB4-9C16-C521A9D7A4E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CAFD594B-7704-44C4-9A5A-B303C5B7665D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D85AF6B5-AC32-41FD-A10B-203F165D986E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E496787E-300F-4CF4-B5B3-113C49A35929}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EE93148E-B870-46C4-80E8-A3FF2A07B179}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EEA2D732-4767-4DD7-83E8-AB761C3BCD15}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F4E63509-ECEC-4A11-9452-BB6787BB1C5D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01154F24-DFAB-4D2B-8F6F-D48AEAA623BA}" = protocol=6 | dir=in | app=c:\users\alessandro\appdata\roaming\dropbox\bin\dropbox.exe | 
"{0590E01C-9493-4E52-AE35-31F2BEA47C1C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{05A7AB25-7C38-458A-ABD1-A77E581C595A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{07F18438-ADFC-45CA-A6A9-A8E3BA34B51F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{1D2FF8D5-808D-4490-95B8-1846E3238961}" = protocol=6 | dir=out | app=system | 
"{25201B46-02D6-4F8F-8CCC-0BB9CF364CEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{35FBCA4A-EC26-4393-A137-5C4F43DAA143}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{386CD64E-F6B5-496D-8038-7D5FA55203D3}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa 12\game\fifa.exe | 
"{3C7836B2-238F-45C4-89FD-6A2ED22FC2D3}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{3F0E5E17-9858-49AE-8C0B-5EC0B2DD4741}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{44BDCDD8-D48A-4C87-A288-504B4C2740F3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4A87C16E-97B6-4A4A-9967-56958D9E6FB2}" = dir=in | app=c:\users\alessandro\appdata\local\microsoft\skydrive\skydrive.exe | 
"{4F3CBE1E-9927-4FCA-87B8-F6E2B0C5E8BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5C622688-31F6-4372-888C-9D9E9A29C0FD}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{611B8AE3-3E98-4F5F-9528-DF1AB034A7E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{64938165-2FCF-4B90-8FA1-10D3BA0F464C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{66AB87BA-8C5E-4A78-9B7A-0DB73D5DD5ED}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa 13\game\fifa13.exe | 
"{687637AB-9D42-42E4-9114-CE3182311076}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6DE184F2-1DA1-4D71-A3E9-C2829328E38E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{73B4F0A5-B744-4A0C-AC21-88388D56F1FE}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{73E7D63F-4E15-4A53-B5DE-64EA30A9DE92}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{77273DB1-6AE2-4A63-ACB8-D0EB3DE64F53}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{77DB5798-A9CF-46BB-851A-CD52385353AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{87BF2EFB-C4F7-496A-A7AD-2055B92134D9}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{8BFC2C54-FD4F-47D1-860A-87D632AC3AA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{99D168F6-7F7F-413A-922C-68CECA8B5FEA}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{9C4952A8-E321-4E00-9DB3-5A1A307CF05E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{9FE65A61-CB53-4C06-9DA3-2AD1B6B9F6DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{A04E7E58-984A-4880-AD05-86F7C00C40A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A235D383-B5B8-43E3-B444-2F7ACDC0605C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{A6536D2F-0762-40D0-AC5D-988F8DC7BCF2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{AE3657F8-384A-405E-9753-932BB3E6718B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AE6A3543-7B67-413C-A7A9-CFB4DD22652B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AFD22247-DB64-469D-98E9-2D86AF0E2AC1}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{B3371478-B690-42B9-8054-1514875974B4}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa 12\game\fifa.exe | 
"{B6540AAD-0BB9-4A2B-B9E6-018610D84CE3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E4F97E8D-5BDA-479F-B155-8349E07704F2}" = protocol=17 | dir=in | app=c:\users\alessandro\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E5CC0B59-6F70-45EB-A84A-8393F0964903}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E8C2AFCD-504D-4ED2-A396-2A9564C496AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EED3F8C4-9096-4E4E-81D7-AC6F61447514}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F53BEF43-729F-40DC-81FE-9114CBCE4D36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7CE7140-D894-493E-BCE1-6F34B9BB76AA}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa 13\game\fifa13.exe | 
"{F8DE19A5-CF78-4907-BD5C-E5AC7AEBB708}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FFBF01E7-181B-4797-BC27-60FE1403A98F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{162A0331-9FD3-4AEA-9E15-76A33E617104}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"TCP Query User{31220FA3-C911-4745-81CA-BAA180FB107B}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{34D4F757-2A43-4588-8E89-B59397535A67}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{55D12CFB-805F-4883-BEAC-A0D3CE32BA53}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{85CAE748-37EC-497D-829C-9C4C507B2304}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{9064003F-8810-4C52-8A58-F6130DADBEDF}C:\program files\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe | 
"TCP Query User{99E5EE95-3799-421F-86E7-E4F33CA61D01}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{DD9D7567-EE4D-4378-B7A9-3A32EEBE52BA}C:\users\alessandro\downloads\rune gold edition\system\rune.exe" = protocol=6 | dir=in | app=c:\users\alessandro\downloads\rune gold edition\system\rune.exe | 
"UDP Query User{1C36F4C3-6178-4E6F-A3F2-C2E416EFAE64}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{21022AE6-1799-4D82-9757-7D674E70D11D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{3020D96C-39AC-4C88-86E9-2F99E833ADAD}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"UDP Query User{4BDF6ECC-B33A-42AE-BFCB-AE2B68ABF9A9}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{4D54D1D3-6032-45C2-91D9-B55EEB765963}C:\users\alessandro\downloads\rune gold edition\system\rune.exe" = protocol=17 | dir=in | app=c:\users\alessandro\downloads\rune gold edition\system\rune.exe | 
"UDP Query User{53B43998-7A9F-45A3-94BD-0C107F329E56}C:\program files\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe | 
"UDP Query User{A7EE207D-EF95-4100-A559-411303280736}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{D932C469-D2DE-405C-80C4-487E1C14F8FD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0FD60254-35B7-4915-862B-26847C9FE8DE}" = Tunebite
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{14383960-3D8E-139D-646A-F22C7DE00DB1}" = Napster 5 Beta
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = T-Mobile Internet Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}" = Catalyst Control Center InstallProxy
"{4E1D0591-14F7-736E-143A-62DC3E552A1A}" = Catalyst Control Center InstallProxy
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3
"{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A942958E-AF92-7901-861B-7F373A1B6ABA}" = AMD Catalyst Install Manager
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2130
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.Rhapsody.Napster5" = Napster 5 Beta
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Free Studio_is1" = Free Studio version 5.1.5
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Logitech Gaming Software" = Logitech Gaming Software 8.46
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.2.2
"Opera 11.64.1403" = Opera 11.64
"Orbit_is1" = Orbit Downloader
"Origin" = Origin
"Postal Fudge Pack" = Postal Fudge Pack
"PunkBusterSvc" = PunkBuster Services
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.5.3.0
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.06.2013 05:14:22 | Computer Name = Vile | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 26.06.2013 05:14:22 | Computer Name = Vile | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 26.06.2013 05:14:22 | Computer Name = Vile | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 26.06.2013 05:14:23 | Computer Name = Vile | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 26.06.2013 05:14:23 | Computer Name = Vile | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 26.06.2013 05:14:23 | Computer Name = Vile | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 26.06.2013 05:14:23 | Computer Name = Vile | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 26.06.2013 05:46:30 | Computer Name = Vile | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 Sicherheitscenter since QueryServiceConfig API failed  System Error: Das System kann
 die angegebene Datei nicht finden.  .
 
Error - 26.06.2013 06:05:01 | Computer Name = Vile | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 Sicherheitscenter since QueryServiceConfig API failed  System Error: Das System kann
 die angegebene Datei nicht finden.  .
 
Error - 26.06.2013 06:07:07 | Computer Name = Vile | Source = Application Hang | ID = 1002
Description = Programm _iu14D2N.tmp, Version 51.1052.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 142c    Startzeit:
 01ce7254d4b8f5e6    Endzeit: 0    Anwendungspfad: C:\Users\ALESSA~1\AppData\Local\Temp\_iu14D2N.tmp

Berichts-ID:
   
 
[ Spybot - Search and Destroy Events ]
Error - 23.05.2013 04:10:40 | Computer Name = Vile | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 27.06.2013 06:49:59 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%2
 
Error - 27.06.2013 06:50:29 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%2
 
Error - 27.06.2013 06:51:00 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%2
 
Error - 27.06.2013 06:51:30 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%2
 
Error - 27.06.2013 06:52:00 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%2
 
Error - 27.06.2013 06:52:30 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%2
 
Error - 27.06.2013 06:53:00 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%2
 
Error - 27.06.2013 06:53:30 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%2
 
Error - 27.06.2013 06:54:00 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%2
 
Error - 27.06.2013 06:54:30 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%2
 
 
< End of report >
         
--- --- ---


PS: Mir ist auch gerade aufgefallen, dass Windows-Updates nicht mehr installiert werden können, werden als fehlerhaft angezeigt.

Hoffe das passt so,

Gruß,

Vile
__________________

Alt 27.06.2013, 12:16   #4
aharonov
/// TB-Ausbilder
 
GVU-Trojaner und Probleme mit dem System - Standard

GVU-Trojaner und Probleme mit dem System



Voraussetzung für ein normal laufendes System ist sicher mal saubere Software.. Sonst muss man sich über gar nichts wundern..

Wir suchen nicht gezielt nach solchen Hinweisen, aber wenn wir sie sehen, dann können wir nicht mehr beide Augen zudrücken. Deshalb:
Cracks und Keygens

Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Nebst ihrer Illegalität sind Cracks und Patches aus dubioser Quelle auch sehr oft mit Schädlingen versehen, womit man sich also fast schon vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Wir haben dich in unserer Anleitung unter Punkt 8 der Foren-Regeln auch unmissverständlich darauf hingewiesen, wie wir damit umgehen werden.

Diese Software hat ihren Preis und die Softwarefirmen leben von diesen Einnahmen. Als Alternative gibt es überall jede Menge sehr gute Freeware oder abgespeckte, günstig zu erwerbende Versionen.

Unsere Empfehlung hier lautet, einen sauberen Neuanfang zu vollziehen, und unsere Hilfe beschränkt sich daher auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Unterforum Alles rund um Windows.
__________________
cheers,
Leo

Alt 27.06.2013, 14:01   #5
vile
 
GVU-Trojaner und Probleme mit dem System - Standard

GVU-Trojaner und Probleme mit dem System



Okay, dann werde ich das tun. Trotzdem vielen Dank für die Hilfe!


Antwort

Themen zu GVU-Trojaner und Probleme mit dem System
beschädigt, bildschirm, datei, dateien, falsche, fifa, formatieren, formatieren?, frage, gen, google, gvutrojaner, kaspersky, löschen, merkwürdig, microsoft, nicht mehr, nichts, probleme, scan, scannen, spiele, starten, system, system kaputt, task-manager, windows



Ähnliche Themen: GVU-Trojaner und Probleme mit dem System


  1. System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverluss
    Log-Analyse und Auswertung - 19.09.2014 (7)
  2. Windows XP (SP3): Probleme mit Advanced System Protector?
    Log-Analyse und Auswertung - 04.01.2014 (7)
  3. System Restore Virus - Kleinere Probleme!
    Plagegeister aller Art und deren Bekämpfung - 10.02.2012 (1)
  4. mehrere Probleme u.a. hacken und trojaner oder rootkit im system
    Log-Analyse und Auswertung - 02.01.2012 (1)
  5. Probleme mit dem System
    Alles rund um Windows - 28.01.2011 (3)
  6. Probleme mit meinem System (Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 05.07.2010 (5)
  7. Browser machen Probleme und System spinnt!
    Log-Analyse und Auswertung - 30.04.2010 (0)
  8. System Probleme nach Trojaner/ Trojaner wirklich besiegt?
    Plagegeister aller Art und deren Bekämpfung - 28.10.2009 (3)
  9. Probleme mit neu aufgesetzem Windows System!
    Alles rund um Windows - 03.06.2009 (2)
  10. Probleme mit Speilabbrüchen und System 32 Fenster
    Log-Analyse und Auswertung - 27.01.2008 (1)
  11. System Alert und andere Probleme
    Plagegeister aller Art und deren Bekämpfung - 20.07.2007 (12)
  12. Probleme mit Neuen System
    Plagegeister aller Art und deren Bekämpfung - 13.07.2007 (10)
  13. System neu aufgesetzt und dennoch Probleme
    Plagegeister aller Art und deren Bekämpfung - 18.10.2006 (2)
  14. Probleme mit HKLM\System\CCS\Services\Tcpip\
    Log-Analyse und Auswertung - 24.08.2006 (1)
  15. System-Probleme bei Neustart
    Alles rund um Windows - 17.09.2004 (4)
  16. Probleme mit meinem win 2000 prof System
    Archiv - 12.01.2003 (3)

Zum Thema GVU-Trojaner und Probleme mit dem System - Hallo! Ich habe mir vor ein vorgestern den GVU-Trojaner eingefangen gehabt und mein Bildschirm war gesperrt. Nachdem ich mich per Google schlau gelesen hab, hielt ich es zunächst für die - GVU-Trojaner und Probleme mit dem System...
Archiv
Du betrachtest: GVU-Trojaner und Probleme mit dem System auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.