Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Thema geschlossen
Alt 29.06.2013, 18:32   #1
xBluex
 
Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 - Standard

Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4



Guten Tag zusammen,
Mein Norton Antivirus muss alle 9min mehrere Angriffe von Trojan.Zeroaccess.C blockieren, leider entfernt es ihn nicht.
Nach einen vollständigen Systemscan wird der Trojan.Zeroaccess!inf4 angezeigt, der ein Entfernen von Hand erfordert.

An dieser Stelle erhoffe ich mir Hilfe von euch.

Ist mein Erster Post deshalb hoffe ich das alles richtig ist.

OTL - Log
Code:
ATTFilter
OTL logfile created on: 29.06.2013 18:42:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 49,13% Memory free
6,00 Gb Paging File | 4,68 Gb Available in Paging File | 78,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 235,59 Gb Total Space | 60,48 Gb Free Space | 25,67% Space Free | Partition Type: NTFS
Drive D: | 3,05 Gb Total Space | 2,96 Gb Free Space | 97,07% Space Free | Partition Type: NTFS
Drive F: | 3,02 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive O: | 3,76 Gb Total Space | 1,44 Gb Free Space | 38,38% Space Free | Partition Type: FAT32
Drive P: | 203,76 Gb Total Space | 79,23 Gb Free Space | 38,88% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.29 18:40:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.25 14:24:08 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.12.25 14:23:40 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.11.19 19:27:22 | 000,017,408 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe
PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.25 06:16:43 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.24 21:17:04 | 000,234,096 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe -- (SXDS10)
SRV - [2013.03.21 16:04:53 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.25 14:24:08 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.12.25 14:23:40 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.09.15 12:06:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.07.17 16:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe -- (NAV)
SRV - [2012.01.05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.08 20:52:52 | 000,031,968 | -H-- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012.09.12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.08.16 12:38:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.08.05 14:48:58 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.07.06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.07.06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.06.07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2012.05.22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.04.18 04:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.04.18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.17 16:08:16 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:64bit: - [2011.08.16 00:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 00:49:16 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:35:58 | 000,047,872 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fet6x64.sys -- (FETNDIS)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.07.26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008.07.26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008.07.26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2013.06.25 21:52:16 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130628.024\ex64.sys -- (NAVEX15)
DRV - [2013.06.25 21:52:16 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130628.024\eng64.sys -- (NAVENG)
DRV - [2013.05.31 18:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20130620.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.03.15 21:42:49 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.12.29 17:59:26 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.09.14 20:22:46 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\CESG502.SYS -- (PVUSB)
DRV - [2012.09.06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20130628.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.07.24 11:39:42 | 000,108,648 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\SleeN1864.sys -- (SLEE_18_DRIVER)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=FAB406195B747D79&affID=119357&tt=250613_gr5&tsp=4927
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=FAB406195B747D79&affID=119357&tt=250613_gr5&tsp=4927
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=FAB406195B747D79&affID=119357&tt=250613_gr5&tsp=4927
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=FAB406195B747D79&affID=119357&tt=250613_gr5&tsp=4927"
FF - prefs.js..extensions.enabledAddons: escamod%40gmx.net0002:2.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=2.9&ts=1368309633604&tguid=43169-3580-1368309633604-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPlgn\ [2012.08.05 14:49:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 18:52:16 | 000,000,000 | ---D | M]
 
[2012.07.24 09:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.06.29 18:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\my4md3vw.default\extensions
[2013.03.24 10:26:34 | 000,103,962 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\my4md3vw.default\extensions\escamod@gmx.net0002.xpi
[2013.05.24 11:06:43 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\my4md3vw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.07.26 00:05:18 | 000,002,558 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\my4md3vw.default\searchplugins\aol-search.xml
[2013.06.29 00:26:01 | 000,006,545 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\my4md3vw.default\searchplugins\babylon.xml
[2013.06.29 00:26:29 | 000,001,294 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\my4md3vw.default\searchplugins\delta.xml
[2013.05.12 00:01:13 | 000,003,320 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\my4md3vw.default\searchplugins\Web Search.xml
[2013.06.29 00:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013.05.25 06:16:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.05.25 06:16:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.08.05 14:49:05 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPLGN
[2013.05.12 00:01:13 | 000,003,320 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Babylon (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=FAB406195B747D79&affID=119357&tt=250613_gr5&tsp=4927
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=FAB406195B747D79&affID=119357&tt=250613_gr5&tsp=4927
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Delta Toolbar = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\
CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.10_0\crossrider
CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.10_0\
CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.6_0\crossrider
CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.6_0\
CHR - Extension: GoPhoto.it = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\
 
O1 HOSTS File: ([2012.11.30 11:55:27 | 000,000,937 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com
O1 - Hosts: 127.0.0.1 oscount.techsmith.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Plus-HD-2.2) - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll (Plus HD)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SAFE2012 File Redirection Starter] C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe (Steganos Software GmbH)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095}  (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4345968-D09F-4ABA-83DC-AF265F95C9E6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6B6DDD5-D6B1-494B-9CFA-4CDE2DC925C7}: DhcpNameServer = 192.168.1.1 192.168.123.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.28 10:00:55 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{41f615c1-f136-11e1-a701-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{41f615c1-f136-11e1-a701-806e6f6e6963}\Shell\AutoRun\command - "" = N:\setup.exe
O33 - MountPoints2\{5732ed07-2b4c-11e2-9968-0019db80cb1b}\Shell - "" = AutoRun
O33 - MountPoints2\{5732ed07-2b4c-11e2-9968-0019db80cb1b}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\{5732ed14-2b4c-11e2-9968-0019db80cb1b}\Shell - "" = AutoRun
O33 - MountPoints2\{5732ed14-2b4c-11e2-9968-0019db80cb1b}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\{dbd08d87-d560-11e1-a522-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dbd08d87-d560-11e1-a522-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2010.08.11 06:51:04 | 000,349,992 | R--- | M] (Valve Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.29 18:40:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.06.29 03:00:12 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2013.06.29 02:09:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\MinMaxGames
[2013.06.29 01:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2013.06.29 01:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.06.29 01:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.06.29 00:26:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.06.29 00:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.06.29 00:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.06.29 00:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.06.29 00:26:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Delta
[2013.06.29 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon
[2013.06.27 13:22:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\LogMeIn Hamachi
[2013.06.27 13:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.06.27 13:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.06.27 13:11:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\.technic
[2013.06.27 13:11:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\.minecraft
[2013.06.23 21:01:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\DownloadGuide
[2013.06.17 20:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.06.17 18:58:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Wondershare
[2013.06.09 19:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2013.06.09 19:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2013.06.09 06:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2013.06.09 06:38:32 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys
[2013.06.09 06:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2013.06.09 06:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it
[2013.06.07 00:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-2.2
[2013.06.03 09:23:10 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\TrackMania
[2013.06.03 09:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2013.06.02 21:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
[2013.06.02 21:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 2.0
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.29 18:40:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.06.29 18:33:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1120000741-3036561441-1105448708-1000UA.job
[2013.06.29 18:29:32 | 000,001,828 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-firefoxinstaller.job
[2013.06.29 18:27:47 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013.06.29 18:27:02 | 000,001,902 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-chromeinstaller.job
[2013.06.29 18:27:02 | 000,001,192 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-updater.job
[2013.06.29 18:27:01 | 000,001,196 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-codedownloader.job
[2013.06.29 18:27:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-enabler.job
[2013.06.29 18:06:36 | 000,010,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.29 18:06:36 | 000,010,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.29 17:59:42 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.29 17:59:42 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.06.29 17:59:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.29 17:58:51 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.29 17:57:00 | 000,000,020 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.06.29 17:56:28 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2013.06.29 17:52:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.29 08:38:40 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1120000741-3036561441-1105448708-1000Core.job
[2013.06.29 03:00:12 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2013.06.29 02:08:54 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2013.06.29 02:04:08 | 000,000,222 | ---- | M] () -- C:\Users\User\Desktop\Space Pirates and Zombies.url
[2013.06.29 01:49:24 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.06.29 00:27:45 | 000,002,001 | ---- | M] () -- C:\Users\User\Desktop\JDownloader.lnk
[2013.06.27 13:20:17 | 000,000,886 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013.06.27 13:12:52 | 001,686,712 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.27 13:12:52 | 000,725,766 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.27 13:12:52 | 000,675,080 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.27 13:12:52 | 000,160,110 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.27 13:12:52 | 000,129,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.27 09:43:13 | 000,007,605 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2013.06.21 16:19:12 | 003,020,770 | ---- | M] () -- C:\Users\User\Desktop\TechnicLauncher(1).exe
[2013.06.11 16:17:58 | 000,001,003 | ---- | M] () -- C:\Users\User\Desktop\AdvanceMap.exe.lnk
[2013.06.09 19:20:57 | 000,001,049 | ---- | M] () -- C:\Users\User\Desktop\Cheat Engine.lnk
[2013.06.09 06:39:55 | 000,001,305 | ---- | M] () -- C:\Users\User\Desktop\Wondershare Streaming Audio Recorder.lnk
[2013.06.09 06:23:15 | 005,662,891 | ---- | M] () -- C:\Users\User\Desktop\Wondershare Streaming Audio Recorder.rar
[2013.06.07 16:38:46 | 000,412,357 | ---- | M] () -- C:\Users\User\Desktop\HalleBewerbung.xps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.29 17:56:59 | 000,000,020 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013.06.29 17:56:26 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2013.06.29 02:08:54 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013.06.29 02:04:08 | 000,000,222 | ---- | C] () -- C:\Users\User\Desktop\Space Pirates and Zombies.url
[2013.06.29 01:49:24 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.06.29 00:27:45 | 000,002,001 | ---- | C] () -- C:\Users\User\Desktop\JDownloader.lnk
[2013.06.29 00:27:33 | 000,001,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.06.29 00:27:32 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.06.29 00:27:31 | 000,001,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.06.27 13:20:15 | 000,000,886 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013.06.27 12:54:23 | 003,020,770 | ---- | C] () -- C:\Users\User\Desktop\TechnicLauncher(1).exe
[2013.06.27 09:43:13 | 000,007,605 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2013.06.17 20:47:36 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.17 20:47:35 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.11 16:17:58 | 000,001,003 | ---- | C] () -- C:\Users\User\Desktop\AdvanceMap.exe.lnk
[2013.06.09 19:20:57 | 000,001,049 | ---- | C] () -- C:\Users\User\Desktop\Cheat Engine.lnk
[2013.06.09 06:39:55 | 000,001,305 | ---- | C] () -- C:\Users\User\Desktop\Wondershare Streaming Audio Recorder.lnk
[2013.06.07 16:38:41 | 000,412,357 | ---- | C] () -- C:\Users\User\Desktop\HalleBewerbung.xps
[2013.06.07 00:27:48 | 000,001,192 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-updater.job
[2013.06.07 00:27:43 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-enabler.job
[2013.06.07 00:27:27 | 000,001,196 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-codedownloader.job
[2013.06.07 00:27:11 | 000,001,828 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-firefoxinstaller.job
[2013.06.07 00:27:05 | 000,001,902 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-chromeinstaller.job
[2013.06.07 00:26:45 | 005,662,891 | ---- | C] () -- C:\Users\User\Desktop\Wondershare Streaming Audio Recorder.rar
[2013.05.05 22:07:55 | 000,030,148 | ---- | C] () -- C:\Users\User\AppData\Local\3LB_Marketing-(eActivity)-4.xcp
[2013.05.05 22:07:55 | 000,020,635 | ---- | C] () -- C:\Users\User\AppData\Local\InfDeKurs-(eActivity)-1.xcp
[2013.05.05 22:07:55 | 000,014,817 | ---- | C] () -- C:\Users\User\AppData\Local\2LB_KTR_BAB-(eActivity)-4.xcp
[2013.05.05 22:07:55 | 000,014,195 | ---- | C] () -- C:\Users\User\AppData\Local\AG-VBR-(eActivity)-1.xcp
[2013.05.05 22:07:55 | 000,013,299 | ---- | C] () -- C:\Users\User\AppData\Local\5LV_VWLA-(eActivity)-3.xcp
[2013.05.05 22:07:55 | 000,010,151 | ---- | C] () -- C:\Users\User\AppData\Local\1LB_PF-(eActivity)-3.xcp
[2013.05.05 22:07:55 | 000,009,605 | ---- | C] () -- C:\Users\User\AppData\Local\Fremdfinanzierung-(eActivity)-1.xcp
[2013.05.05 22:07:55 | 000,007,836 | ---- | C] () -- C:\Users\User\AppData\Local\X-tras-(eActivity)-4.xcp
[2013.05.05 22:07:55 | 000,006,782 | ---- | C] () -- C:\Users\User\AppData\Local\Kanaly-(eActivity)-1.xcp
[2013.05.05 22:07:55 | 000,005,731 | ---- | C] () -- C:\Users\User\AppData\Local\KG-VBR-(eActivity)-1.xcp
[2013.05.05 22:07:55 | 000,005,153 | ---- | C] () -- C:\Users\User\AppData\Local\Kennz-(eActivity)-1.xcp
[2013.05.05 16:57:07 | 000,027,045 | ---- | C] () -- C:\Users\User\AppData\Local\3LB_Marketing-(eActivity)-3.xcp
[2013.05.05 16:57:07 | 000,020,635 | ---- | C] () -- C:\Users\User\AppData\Local\InfDeKurs-(eActivity).xcp
[2013.05.05 16:57:07 | 000,014,195 | ---- | C] () -- C:\Users\User\AppData\Local\AG-VBR-(eActivity).xcp
[2013.05.05 16:57:07 | 000,013,299 | ---- | C] () -- C:\Users\User\AppData\Local\5LV_VWLA-(eActivity)-2.xcp
[2013.05.05 16:57:07 | 000,012,221 | ---- | C] () -- C:\Users\User\AppData\Local\2LB_KTR_BAB-(eActivity)-3.xcp
[2013.05.05 16:57:07 | 000,009,605 | ---- | C] () -- C:\Users\User\AppData\Local\Fremdfinanzierung-(eActivity).xcp
[2013.05.05 16:57:07 | 000,008,377 | ---- | C] () -- C:\Users\User\AppData\Local\1LB_PF-(eActivity)-2.xcp
[2013.05.05 16:57:07 | 000,005,731 | ---- | C] () -- C:\Users\User\AppData\Local\KG-VBR-(eActivity).xcp
[2013.05.05 16:57:07 | 000,005,667 | ---- | C] () -- C:\Users\User\AppData\Local\Kanaly-(eActivity).xcp
[2013.05.05 16:57:07 | 000,005,153 | ---- | C] () -- C:\Users\User\AppData\Local\Kennz-(eActivity).xcp
[2013.05.05 16:57:07 | 000,004,652 | ---- | C] () -- C:\Users\User\AppData\Local\VBRVP-(eActivity).xcp
[2013.05.05 16:57:07 | 000,004,152 | ---- | C] () -- C:\Users\User\AppData\Local\X-tras-(eActivity)-3.xcp
[2013.04.25 15:19:51 | 000,006,594 | ---- | C] () -- C:\Users\User\AppData\Local\X-Tras-(eActivity)-2.xcp
[2013.04.25 15:16:19 | 000,001,907 | ---- | C] () -- C:\Users\User\AppData\Local\X-tras-(eActivity)-1.xcp
[2013.04.25 06:35:56 | 000,014,431 | ---- | C] () -- C:\Users\User\AppData\Local\Verteilungen-(eActivity)-1.xcp
[2013.04.25 06:34:33 | 000,002,259 | ---- | C] () -- C:\Users\User\AppData\Local\DifIntr-(eActivity).xcp
[2013.04.25 06:34:28 | 000,014,297 | ---- | C] () -- C:\Users\User\AppData\Local\Verteilungen-(eActivity).xcp
[2013.04.25 06:34:26 | 000,009,371 | ---- | C] () -- C:\Users\User\AppData\Local\MatrizenVektor-(eActivity).xcp
[2013.04.24 21:14:36 | 000,017,408 | ---- | C] () -- C:\Windows\Launcher.exe
[2013.04.14 19:39:54 | 000,877,747 | ---- | C] () -- C:\Users\User\AppData\Local\Tempmusic.ogg
[2013.04.13 17:51:37 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2013.03.23 17:42:33 | 000,098,304 | ---- | C] () -- C:\Windows\Lavish.dll
[2013.03.15 14:52:44 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2013.03.14 22:14:55 | 000,012,221 | ---- | C] () -- C:\Users\User\AppData\Local\2LB_KTR_BAB-(eActivity)-2.xcp
[2013.03.14 22:11:11 | 000,024,544 | ---- | C] () -- C:\Users\User\AppData\Local\3LB_Marketing-(eActivity)-2.xcp
[2013.03.14 22:11:11 | 000,013,299 | ---- | C] () -- C:\Users\User\AppData\Local\5LV_VWLA-(eActivity)-1.xcp
[2013.03.14 22:11:11 | 000,012,059 | ---- | C] () -- C:\Users\User\AppData\Local\2LB_KTR_BAB-(eActivity)-1.xcp
[2013.03.14 22:11:11 | 000,008,377 | ---- | C] () -- C:\Users\User\AppData\Local\1LB_PF-(eActivity)-1.xcp
[2013.03.14 22:11:11 | 000,001,907 | ---- | C] () -- C:\Users\User\AppData\Local\X-tras-(eActivity).xcp
[2013.03.14 20:46:09 | 000,013,287 | ---- | C] () -- C:\Users\User\AppData\Local\5LV_VWLA-(eActivity).xcp
[2013.03.14 17:45:24 | 000,024,535 | ---- | C] () -- C:\Users\User\AppData\Local\3LB_Marketing-(eActivity)-1.xcp
[2013.03.14 17:44:58 | 000,024,535 | ---- | C] () -- C:\Users\User\AppData\Local\3LB_Marketing-(eActivity).xcp
[2013.03.14 17:44:46 | 000,024,535 | ---- | C] () -- C:\Users\User\AppData\Local\LB3_Marketing-(eActivity).xcp
[2013.03.10 22:00:53 | 000,000,879 | ---- | C] () -- C:\Users\User\AppData\Local\Mathhh-(eActivity)-1.xcp
[2013.03.10 21:54:46 | 000,000,824 | ---- | C] () -- C:\Users\User\AppData\Local\Mathhh-(eActivity).xcp
[2013.03.10 16:16:16 | 000,011,981 | ---- | C] () -- C:\Users\User\AppData\Local\2LB_KTR_BAB-(eActivity).xcp
[2013.03.10 12:29:02 | 000,008,368 | ---- | C] () -- C:\Users\User\AppData\Local\1LB_PF-(eActivity).xcp
[2013.02.28 22:36:26 | 000,010,779 | ---- | C] () -- C:\Users\User\AppData\Local\MatheLk-(eActivity).xcp
[2013.01.25 19:47:36 | 000,151,040 | ---- | C] () -- C:\Windows\SysWow64\lua51_win32.dll
[2013.01.25 19:45:00 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2013.01.25 19:31:50 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2013.01.22 08:36:41 | 000,000,527 | ---- | C] () -- C:\Users\User\AppData\Local\MatheStochastik-(eActivity)-1.xcp
[2013.01.22 08:35:56 | 000,000,527 | ---- | C] () -- C:\Users\User\AppData\Local\MatheStochastik-(eActivity).xcp
[2013.01.09 08:13:15 | 000,003,396 | ---- | C] () -- C:\Users\User\AppData\Local\Schnell-(eActivity).xcp
[2013.01.02 19:36:52 | 000,018,240 | ---- | C] () -- C:\Users\User\AppData\Local\Kenz erweitert-(eActivity)-1.xcp
[2013.01.02 19:36:52 | 000,002,832 | ---- | C] () -- C:\Users\User\AppData\Local\VBR 13 IIHJ-(eActivity)-1.xcp
[2013.01.02 19:36:29 | 000,018,240 | ---- | C] () -- C:\Users\User\AppData\Local\Kenz erweitert-(eActivity).xcp
[2013.01.02 19:36:29 | 000,017,572 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity)-7.xcp
[2013.01.02 19:36:29 | 000,016,685 | ---- | C] () -- C:\Users\User\AppData\Local\VBR IHJ IIKl-(eActivity)-2.xcp
[2013.01.02 19:36:29 | 000,002,832 | ---- | C] () -- C:\Users\User\AppData\Local\VBR 13 IIHJ-(eActivity).xcp
[2012.12.25 14:27:31 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2012.12.25 14:23:57 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.25 14:23:40 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.12.25 14:23:40 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.25 14:22:35 | 001,564,734 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.16 10:59:37 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.12.05 07:26:19 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll
[2012.12.02 23:37:23 | 000,017,051 | ---- | C] () -- C:\Users\User\AppData\Local\VBR IHJ IIKl-(eActivity)-1.xcp
[2012.12.02 14:09:25 | 000,016,685 | ---- | C] () -- C:\Users\User\AppData\Local\VBR IHJ IIKl-(eActivity).xcp
[2012.10.04 07:14:06 | 000,017,572 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity)-6.xcp
[2012.09.24 07:15:36 | 000,017,585 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity)-5.xcp
[2012.09.24 07:15:13 | 000,017,585 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity)-4.xcp
[2012.09.24 07:14:26 | 000,017,585 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity)-3.xcp
[2012.09.16 21:14:18 | 000,013,385 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity)-2.xcp
[2012.09.16 21:14:07 | 000,013,385 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity)-1.xcp
[2012.09.15 16:01:49 | 000,011,757 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity).xcp
[2012.07.24 09:55:49 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.07.24 09:28:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{055f4c1c-872b-46b6-5346-27841acd03f3}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{055f4c1c-872b-46b6-5346-27841acd03f3}\L
[2013.06.29 18:46:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{055f4c1c-872b-46b6-5346-27841acd03f3}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013.06.29 17:59:02 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013.06.29 17:59:02 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.27 13:11:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2013.06.27 13:12:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.technic
[2012.12.05 07:26:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Apowersoft
[2013.06.09 07:00:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ashampoo
[2013.06.29 00:25:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2012.08.28 19:22:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited
[2013.06.29 00:26:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Delta
[2013.03.15 13:55:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dwarfs
[2013.02.07 14:21:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Firefly Studios
[2012.12.02 13:38:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GlarySoft
[2012.12.24 10:48:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IObit
[2013.01.10 01:19:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Langenscheidt
[2012.11.29 12:04:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Load
[2012.12.08 09:47:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX
[2013.06.29 02:09:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MinMaxGames
[2012.12.28 14:08:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PDF Experte 8
[2013.04.24 21:14:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SimplyTech
[2013.06.29 01:51:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2013.01.21 17:05:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Steganos
[2012.11.21 14:07:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\temp
[2012.07.24 10:07:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2013.04.05 10:34:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
[2013.04.05 10:26:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wise Auto Shutdown
[2013.06.29 18:00:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wise Care 365
[2013.05.07 00:14:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wise Game Booster
[2013.04.05 11:34:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wise Uninstaller
[2013.06.17 18:58:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wondershare
[2012.12.20 16:19:01 | 000,000,000 | -HSD | M] -- C:\Users\User\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.04.01 18:29:08 | 000,030,109 | ---- | M] ()(C:\Users\User\Desktop\??? ?????.docx) -- C:\Users\User\Desktop\Моя Семья.docx
[2013.03.28 23:01:00 | 000,030,109 | ---- | C] ()(C:\Users\User\Desktop\??? ?????.docx) -- C:\Users\User\Desktop\Моя Семья.docx

< End of report >
         
Extras - Log
Code:
ATTFilter
OTL Extras logfile created on: 29.06.2013 18:42:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 49,13% Memory free
6,00 Gb Paging File | 4,68 Gb Available in Paging File | 78,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 235,59 Gb Total Space | 60,48 Gb Free Space | 25,67% Space Free | Partition Type: NTFS
Drive D: | 3,05 Gb Total Space | 2,96 Gb Free Space | 97,07% Space Free | Partition Type: NTFS
Drive F: | 3,02 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive O: | 3,76 Gb Total Space | 1,44 Gb Free Space | 38,38% Space Free | Partition Type: FAT32
Drive P: | 203,76 Gb Total Space | 79,23 Gb Free Space | 38,88% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56403FFF-145E-35C5-A090-96598BE57FB8}" = Microsoft Visual Basic 2008 Express Edition - DEU
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5E6EC4DD-7B1F-4E10-82B9-EA1B90791031}" = Nero 8
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6910C412-A523-493C-BC22-0213CD7F4F3A}" = IndustrieGigant 2 - Gold Edition
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6F1D4E2A-4F74-4BD7-97B0-72C5C7BECB00}" = S4 League_EU
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB2B4C2B-0805-4E06-873D-CECB046A5BE8}" = Camtasia Studio 8
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D06737BC-9887-46E0-A203-29D7FE756019}" = ClassPad Manager v3 Professional
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D922EF97-6657-3075-BC93-A6CF59444E84}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.13
"{EA561FC0-A965-11E2-94D3-B8AC6F98CCE3}" = Google Earth Plug-in
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}" = Steganos Safe 2012
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = PDF Experte 8 Ultimate
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Akamai" = Akamai NetSession Interface Service
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"CINEMA 4D Release 11" = CINEMA 4D Release 11
"DAEMON Tools Lite" = DAEMON Tools Lite
"delta" = Delta toolbar  
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps (remove only)
"Glary Utilities_is1" = Glary Utilities Pro 2.50.0.1632
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX_{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - DEU" = Microsoft Visual Basic 2008 Express Edition - DEU
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library für Microsoft Visual Studio 2008 Express Editions
"NAV" = Norton AntiVirus
"Plus-HD-2.2" = Plus-HD-2.2
"Project 64_is1" = Project 64 version 2.0.0.14
"PunkBusterSvc" = PunkBuster Services
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"Steam App 107200" = Space Pirates and Zombies
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.2
"WinLems_is1" = WinLems 1.24
"WinLiveSuite" = Windows Live Essentials
"Wise Auto Shutdown_is1" = Wise Auto Shutdown 1.13
"Wise Game Booster_is1" = Wise Game Booster 1.12
"Wise Program Uninstaller_is1" = Wise Program Uninstaller 1.24
"Wondershare Streaming Audio Recorder_is1" = Wondershare Streaming Audio Recorder(Build 2.0.2.3)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.06.2013 03:43:42 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: S4Client.exe, Version: 0.8.32.2091,
 Zeitstempel: 0x51b69462  Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
 Zeitstempel: 0x4dcddbf3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00011eeb  ID des fehlerhaften
 Prozesses: 0x10e0  Startzeit der fehlerhaften Anwendung: 0x01ce730a0a78afb4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
 495d80b0-defd-11e2-bd0b-0019db80cb1b
 
Error - 27.06.2013 03:50:20 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: S4Client.exe, Version: 0.8.32.2091,
 Zeitstempel: 0x51b69462  Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
 Zeitstempel: 0x4dcddbf3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00011eeb  ID des fehlerhaften
 Prozesses: 0x135c  Startzeit der fehlerhaften Anwendung: 0x01ce730af6c48ac2  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
 36f651cf-defe-11e2-bc90-0019db80cb1b
 
Error - 27.06.2013 03:54:36 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: S4Client.exe, Version: 0.8.32.2091,
 Zeitstempel: 0x51b69462  Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
 Zeitstempel: 0x4dcddbf3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00011eeb  ID des fehlerhaften
 Prozesses: 0xa3c  Startzeit der fehlerhaften Anwendung: 0x01ce730b8fc86d5f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
 cf737707-defe-11e2-bc90-0019db80cb1b
 
Error - 27.06.2013 07:33:14 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec3cc  Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec306  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001c9789  ID des fehlerhaften
 Prozesses: 0x940  Startzeit der fehlerhaften Anwendung: 0x01ce7329f7e37d4e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 5a138d36-df1d-11e2-bc90-0019db80cb1b
 
Error - 28.06.2013 19:48:40 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 BrowserDefendert since QueryServiceConfig API failed  System Error: Das System kann
 die angegebene Datei nicht finden.  .
 
Error - 28.06.2013 20:13:41 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec367  Name des fehlerhaften Moduls: mozalloc.dll, Version: 21.0.0.4879,
 Zeitstempel: 0x518eaa4a  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001988  ID des fehlerhaften
 Prozesses: 0x1694  Startzeit der fehlerhaften Anwendung: 0x01ce745a8893f476  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll  Berichtskennung:
 c0a10701-e050-11e2-bc90-0019db80cb1b
 
Error - 28.06.2013 20:41:06 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 BrowserDefendert since QueryServiceConfig API failed  System Error: Das System kann
 die angegebene Datei nicht finden.  .
 
Error - 28.06.2013 21:56:48 | Computer Name = User-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 28.06.2013 21:56:49 | Computer Name = User-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 28.06.2013 21:56:49 | Computer Name = User-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ OSession Events ]
Error - 26.02.2013 15:24:36 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12888
 seconds with 540 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.06.2013 01:48:19 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 29.06.2013 01:48:19 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 29.06.2013 11:59:02 | Computer Name = User-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 29.06.2013 11:59:02 | Computer Name = User-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 29.06.2013 11:59:12 | Computer Name = User-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 29.06.2013 11:59:14 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 29.06.2013 11:59:24 | Computer Name = User-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 29.06.2013 11:59:26 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebCake Desktop Updater" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 29.06.2013 11:59:50 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 29.06.2013 11:59:50 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
 
< End of report >
         

Alt 29.06.2013, 18:33   #2
xBluex
 
Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 - Standard

Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4



Gmer - Log
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-29 19:19:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAJS-00TKA0 rev.12.01C01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                                                                        fffff960001b4000 7 bytes [80, 93, F3, FF, 01, 9D, F0]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                                                                                                                    fffff960001b4008 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.reloc   C:\Windows\system32\services.exe [668] section is executable [0x4A8, 0xA0000020]                                                                                                                                                                       0000000100052000
.text    C:\Windows\SysWOW64\svchost.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                          00000000760d1465 2 bytes [0D, 76]
.text    C:\Windows\SysWOW64\svchost.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                         00000000760d14bb 2 bytes [0D, 76]
.text    ...                                                                                                                                                                                                                                                    * 2
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1808] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                                                                                                0000000073ba1a22 2 bytes [BA, 73]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1808] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                                                                                                0000000073ba1ad0 2 bytes [BA, 73]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1808] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                                                                                                0000000073ba1b08 2 bytes [BA, 73]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1808] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                                                                                                0000000073ba1bba 2 bytes [BA, 73]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1808] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                                                                                                0000000073ba1bda 2 bytes [BA, 73]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2400] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                                                                                                0000000073ba1a22 2 bytes [BA, 73]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2400] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                                                                                                0000000073ba1ad0 2 bytes [BA, 73]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2400] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                                                                                                0000000073ba1b08 2 bytes [BA, 73]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2400] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                                                                                                0000000073ba1bba 2 bytes [BA, 73]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2400] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                                                                                                0000000073ba1bda 2 bytes [BA, 73]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                                                                                                         00000000760d1465 2 bytes [0D, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                                                                                                        00000000760d14bb 2 bytes [0D, 76]
.text    ...                                                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2504] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                                                                     00000000760d1465 2 bytes [0D, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2504] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                                                                    00000000760d14bb 2 bytes [0D, 76]
.text    ...                                                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                           00000000760d1465 2 bytes [0D, 76]
.text    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                          00000000760d14bb 2 bytes [0D, 76]
.text    ...                                                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1748] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                                                                                                         0000000074ea549c 5 bytes JMP 00000001001f0800
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                               00000000760d1465 2 bytes [0D, 76]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                              00000000760d14bb 2 bytes [0D, 76]
.text    ...                                                                                                                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\services.exe [668:728]                                                                                                                                                                                                             0000000000b71e58
Thread   C:\Windows\system32\svchost.exe [572:3092]                                                                                                                                                                                                             000007fef4e00ea8
Thread   C:\Windows\system32\svchost.exe [572:3108]                                                                                                                                                                                                             000007fef4df9db0
Thread   C:\Windows\system32\svchost.exe [572:3172]                                                                                                                                                                                                             000007fef4dfaa10
Thread   C:\Windows\system32\svchost.exe [572:3176]                                                                                                                                                                                                             000007fef4e01c94
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2552]                                                                                                                                                                0000000077433e45
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2572]                                                                                                                                                                0000000077432e25
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2868]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2872]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2876]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2880]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2884]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2888]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2164]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2160]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:1864]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2216]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2076]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2072]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:1740]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2088]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2084]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2020]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2268]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:1384]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2280]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2284]                                                                                                                                                                0000000077433e45
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2292]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2324]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:1372]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2420]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2428]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:1956]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:3560]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:3428]                                                                                                                                                                00000000745429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:3324]                                                                                                                                                                00000000745429e1
---- Processes - GMER 2.1 ----

Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [560] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)                                           000007fefc8d0000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [864] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)                                           000007fefc8d0000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [112] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)                                           000007fefc8d0000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [380] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)                                           000007fefc8d0000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1252] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)                                          000007fefc8d0000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1552] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)                                          000007fefc8d0000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Windows\SysWOW64\svchost.exe [1704] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)                                          00000000736f0000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Bonjour\mDNSResponder.exe [1788] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)                         00000000736f0000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1364] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)          00000000736f0000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2220] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)                  00000000736f0000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Windows\SysWOW64\PnkBstrA.exe [1808] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)                                         00000000736f0000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Windows\SysWOW64\PnkBstrB.exe [2400] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)                                         00000000736f0000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2504] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)     00000000736f0000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3040] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)  000007fefc8d0000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3668] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04)                                          000007fefc8d0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                                                                    0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                                                                                 0xCF 0xAF 0x22 0x8F ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                                                                                    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                                                                                                                              
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                                                                           0xA0 0x02 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                                                                                        0x9A 0x51 0x8F 0xF6 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                                                                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                                                                                 0x3A 0xB5 0x1D 0xC3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                    C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                                    0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                                    1
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                                 0x8D 0xC1 0x47 0x02 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                                                                                                              
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                                           0xA0 0x02 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                                                        0xA5 0x80 0x98 0x49 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                                                   0x09 0x05 0x19 0x47 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                                                                                                   
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                                                                        0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                                                                                     0xCF 0xAF 0x22 0x8F ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                                                                                        C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                                                                                                                          
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                                                                               0xA0 0x02 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                                                                                            0x9A 0x51 0x8F 0xF6 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                                                                                                                                   
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                                                                                     0x3A 0xB5 0x1D 0xC3 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                                                                                   
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                        C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                                        1
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                                     0x8D 0xC1 0x47 0x02 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                                                                                          
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                                               0xA0 0x02 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                                                            0xA5 0x80 0x98 0x49 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                                                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                                                       0x09 0x05 0x19 0x47 ...

---- EOF - GMER 2.1 ----
         
__________________


Alt 29.06.2013, 18:46   #3
M-K-D-B
/// TB-Ausbilder
 
Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 - Standard

Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.
__________________
__________________

Alt 29.06.2013, 18:52   #4
xBluex
 
Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 - Standard

Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4



Das ging schnell.
Danke Matthias.

Alt 29.06.2013, 18:54   #5
M-K-D-B
/// TB-Ausbilder
 
Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 - Standard

Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4



Servus,




Aus deiner Logdatei:
Zitat:
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com
O1 - Hosts: 127.0.0.1 oscount.techsmith.com
Die von mir gelisteten Einträge deuten stark darauf hin, dass auf diesem Rechner Software benutzt wird, die nicht legal erworben wurde.

Supportstopp
Lesestoff:
Cracks und Keygens
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.
Damit ist das Thema beendet.

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 29.06.2013, 19:09   #6
xBluex
 
Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 - Standard

Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4



Huch, das hab ich ja total vergessen...
Danke trotzdem.

Alt 29.06.2013, 19:11   #7
M-K-D-B
/// TB-Ausbilder
 
Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 - Standard

Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4



Zitat:
Zitat von xBluex Beitrag anzeigen
Huch, das hab ich ja total vergessen...
Vergessen zu editieren ode wie?

Das ist echt unterstes Niveau.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Thema geschlossen

Themen zu Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4
adobe reader xi, antivirus, bho, bonjour, browserdefendert, entfernen, error, excel, failed, firefox, flash player, format, gmx.net, google, helper, iexplore.exe, install.exe, logfile, mozilla, msvcr80.dll, msvcrt, object, pirates, registry, richtlinie, rundll, security, server, software, spotify web helper, symantec, system error, teamspeak, third party, trojan.zeroaccess!inf4, trojan.zeroaccess.c, version., visual studio, windows



Ähnliche Themen: Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4


  1. Trojanerbefall mit Trojan.Zeroaccess.C
    Log-Analyse und Auswertung - 25.11.2013 (16)
  2. Trojan.Zeroaccess.C entfernen? Windows 7 64 bit
    Plagegeister aller Art und deren Bekämpfung - 15.11.2013 (13)
  3. Habe Trojaner: Trojan.Zeroaccess.C, Trojan.Zeroaccess.B,Trojan.Gen.2
    Log-Analyse und Auswertung - 10.11.2013 (3)
  4. Win 7 /64 - mit Trojan.ZeroAccess.C. + Trojan.Gen.2
    Log-Analyse und Auswertung - 14.10.2013 (20)
  5. Trojan.Zeroaccess!inf4
    Log-Analyse und Auswertung - 30.09.2013 (9)
  6. Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt?
    Log-Analyse und Auswertung - 26.08.2013 (19)
  7. Windows XP mit Trojan.ZeroAccess.C.
    Log-Analyse und Auswertung - 21.08.2013 (5)
  8. Trojan ZeroAccess!inf4
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (10)
  9. Trojan Zeroaccess!inf4 C:\windows\system32\services.exe + Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (2)
  10. Trojan.Zeroaccess!inf4
    Log-Analyse und Auswertung - 21.10.2012 (7)
  11. Spyware Trojan.Zeroaccess!inf4 - Virus
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (1)
  12. Trojan.Zeroaccess.B / Trojan.Gen.2 / Trojan.Zeroaccess.B
    Log-Analyse und Auswertung - 04.09.2012 (3)
  13. Norton meldet Trojan.Zeroaccess
    Plagegeister aller Art und deren Bekämpfung - 27.08.2012 (1)
  14. Trojan.gen/ Rootkit Zeroaccess
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (4)
  15. Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (2)
  16. trojan.zeroaccess.
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (1)
  17. Trojan.zeroaccess!kmem - nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 02.02.2012 (1)

Zum Thema Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 - Guten Tag zusammen, Mein Norton Antivirus muss alle 9min mehrere Angriffe von Trojan.Zeroaccess.C blockieren, leider entfernt es ihn nicht. Nach einen vollständigen Systemscan wird der Trojan.Zeroaccess!inf4 angezeigt, der ein Entfernen - Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4...
Archiv
Du betrachtest: Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.