Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Fund in BAcroIEHelpe182.dll (https://www.trojaner-board.de/122254-fund-bacroiehelpe182-dll.html)

Hilfloser78 16.08.2012 15:13
Fund in BAcroIEHelpe182.dll
 
Hallo , ich glaube ich habe mir einen Virus eingefangen. Antivir meldet seit Tagen , dass es einen Virus namens BAcroIEHelpe182.dll (die Zahl ist immer anders) gefunden hat. Wenn ich versuche diese Dateien zu löschen geht das nicht , weil sie angeblich gerade in Prozessen geöffnet sind. (z.b. Fifa Manager 10 , was vollkommen unrealistisch ist! ) ((Habe den Ordner von FM10 bereits durchsucht und da ist keine Datei die so heißt)). Habe auch bereits einen OTL-Scan gemacht.

Code:
OTL logfile created on: 16.08.2012 15:38:42 - Run 1
OTL by OldTimer - Version 3.2.57.0    Folder = C:\Users\Lars\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,59 Gb Available Physical Memory | 69,91% Memory free
16,00 Gb Paging File | 12,81 Gb Available in Paging File | 80,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 676,48 Gb Free Space | 72,63% Space Free | Partition Type: NTFS
Drive F: | 7,47 Gb Total Space | 5,20 Gb Free Space | 69,61% Space Free | Partition Type: FAT32
 
Computer Name: LARS-PC | User Name: Lars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lars\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachii\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\SysWOW64\ASDR.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Lars\AppData\Roaming\BAcroIEHelpe192.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll ()
MOD - C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (ATKFUSService) -- C:\Windows\SysNative\ATKFUSService.exe (ASUSTeK COMPUTER INC.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Guard.Mail.ru) -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachii\hamachi-2.exe (LogMeIn Inc.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Ralink Technology, Corp.)
SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (ASDR) -- C:\Windows\SysWOW64\ASDR.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (EIO64) -- C:\Windows\SysNative\drivers\EIO64.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (IOMap) -- C:\Windows\SysNative\drivers\IOMap64.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\drivers\RTL85n64.sys (Realtek)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (atkdisplf) -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (sfvfs02) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV:64bit: - (sfsync02) -- C:\Windows\SysNative\drivers\sfsync02.sys (Protection Technology)
DRV:64bit: - (sfdrv01a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV:64bit: - (sfhlp02) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110910.002\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110910.002\ENG64.SYS (Symantec Corporation)
DRV - (UnlockerDriver5) -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys ()
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20091205.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20091105.001\IDSVia64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{438CB363-A94D-4AE3-8F99-E93393D46036}: "URL" = hxxp://www.bing.com/?cc=de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/bsprpc/{13BB2A4A-85ED-4CC1-8CED-57EE92743B9A}
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{50742086-32D3-4D7F-A73C-DDB2FBE0C4B3}: "URL" = hxxp://www.bing.com/?cc=de
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/bsprpc/{13BB2A4A-85ED-4CC1-8CED-57EE92743B9A}
 
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 96 84 03 63 F2 CC 01  [binary data]
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\RAR Password Cracker DB Toolbar Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\SearchScopes\{2E28205A-39AA-4B55-A087-9AEBDD6E8CC5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=W3I4&o=15996&src=crm&q={searchTerms}&locale=&apn_ptnrs=^A9Q&apn_dtid=^YYYYYY^YY^DE&apn_uid=C4BEDA72-6476-4277-957B-866E594150E8&apn_sauid=43AC60CB-C1F5-4A72-A733-104D2F20262B
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/bsprpc/{13BB2A4A-85ED-4CC1-8CED-57EE92743B9A}?q={searchTerms}
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB3&ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=W3I4&o=15996&locale=de_DE&apn_uid=C4BEDA72-6476-4277-957B-866E594150E8&apn_ptnrs=%5EA9Q&apn_sauid=43AC60CB-C1F5-4A72-A733-104D2F20262B&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npNxGame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Lars\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lars\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lars\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2011.09.10 15:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2011.09.10 15:47:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2011.11.13 02:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 14:26:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.06 11:14:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Lars\AppData\Roaming\13001.041
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 14:26:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.06 11:14:29 | 000,000,000 | ---D | M]
 
[2012.05.03 21:43:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Extensions
[2012.08.08 03:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\y5ioa3a9.default\extensions
[2012.06.25 23:12:01 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\y5ioa3a9.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.03.30 14:23:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\y5ioa3a9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.17 18:56:15 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\y5ioa3a9.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2012.07.22 00:54:25 | 000,000,000 | ---D | M] (ICQ Sparberater) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\y5ioa3a9.default\extensions\ciuvo-extension@icq.de
[2011.10.02 18:02:15 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\y5ioa3a9.default\extensions\firefox@tvunetworks.com
[2012.07.07 17:57:35 | 000,000,000 | ---D | M] ("SearchGBY") -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\y5ioa3a9.default\extensions\plugin@searchgby.com
[2012.08.08 03:16:14 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\y5ioa3a9.default\extensions\toolbar@ask.com
[2012.07.22 00:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\y5ioa3a9.default\extensions\ciuvo-extension@icq.de\chrome
[2012.08.08 03:16:14 | 000,002,337 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\y5ioa3a9.default\searchplugins\askcom.xml
[2012.03.27 18:46:30 | 000,000,947 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\y5ioa3a9.default\searchplugins\conduit.xml
[2012.08.06 11:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.06 11:14:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011.11.27 00:00:34 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2011.12.17 22:26:12 | 000,003,084 | ---- | M] () (No name found) -- C:\USERS\LARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y5IOA3A9.DEFAULT\EXTENSIONS\{1FC895A6-2042-46EC-A61B-233165B4C218}.XPI
[2012.06.25 14:26:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.06 18:21:21 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2010.09.17 14:00:12 | 000,305,152 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npuuseep.dll
[2011.06.09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012.06.25 14:26:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.25 14:26:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.25 14:26:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 14:26:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 14:26:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 14:26:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://web.de/
CHR - Extension: No name found = C:\Users\Lars\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
 
O1 HOSTS File: ([2011.09.21 14:42:00 | 000,000,950 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 mp02.maniaplanet.com
O1 - Hosts: 127.0.0.1 mp01.maniaplanet.com
O1 - Hosts: 127.0.0.1 mp03.maniaplanet.com
O1 - Hosts: 127.0.0.1 game.maniaplanet.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\RAR Password Cracker DB Toolbar Toolbar\tbcore3.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (RAR Password Cracker DB Toolbar Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\RAR Password Cracker DB Toolbar Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\Toolbar\WebBrowser: (RAR Password Cracker DB Toolbar Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\RAR Password Cracker DB Toolbar Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachii\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001..\Run: [DontSleep] "C:\Users\Lars\Desktop\DontSleep.exe" -bg File not found
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001..\Run: [Facebook Update] C:\Users\Lars\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001..\Run: [Smart PC Cleaner] C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe (Avanquest Software)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001..\Run: [Steam] C:\Program Files (x86)\Steam0\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001..\Run: [Userinit] C:\Users\Lars\AppData\Roaming\appConf32.exe ()
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001..\Run: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe (WhatPulse.org)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..Trusted Ranges: Range1979 ([http] in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FD8AA59-CB36-43C6-8857-55FCFF485CD1}: DhcpNameServer = 192.168.220.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8fd7de70-dbb4-11e0-a338-00040efb87b1}\Shell - "" = AutoRun
O33 - MountPoints2\{8fd7de70-dbb4-11e0-a338-00040efb87b1}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{e9d6b881-e709-11e0-9bd9-00040efb87b1}\Shell - "" = AutoRun
O33 - MountPoints2\{e9d6b881-e709-11e0-9bd9-00040efb87b1}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.15 22:00:00 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 21:59:58 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 21:59:58 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 21:59:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 21:59:57 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 21:59:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 21:59:57 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.08.15 21:59:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 21:59:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 21:59:56 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 21:59:49 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.08.15 21:59:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 21:59:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 21:59:48 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 21:59:48 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 21:59:48 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 21:59:48 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 21:59:45 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.13 21:34:00 | 000,000,000 | ---D | C] -- C:\Users\Lars\Desktop\advmapserver
[2012.08.12 20:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.08.12 20:41:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.08.12 20:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.08.12 20:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.08.12 19:31:10 | 000,000,000 | ---D | C] -- C:\AMD
[2012.08.11 03:24:57 | 000,000,000 | ---D | C] -- C:\card
[2012.08.09 21:04:52 | 000,000,000 | ---D | C] -- C:\Sierra
[2012.08.09 21:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2012.08.09 20:10:00 | 000,000,000 | ---D | C] -- C:\Users\Lars\Desktop\JDL
[2012.08.08 20:11:31 | 000,000,000 | ---D | C] -- C:\Users\Lars\Desktop\Desktopzeug
[2012.08.08 03:18:40 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Smart PC Cleaner
[2012.08.08 03:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012.08.08 03:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2012.08.08 03:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Cleaner
[2012.08.08 03:16:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Cleaner
[2012.08.08 03:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.08.08 03:15:59 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\APN
[2012.08.06 11:14:29 | 000,476,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.08.06 11:14:29 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.08.06 11:14:29 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.08.06 11:14:29 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.08.06 02:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2012.08.06 00:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2012.08.05 02:30:39 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Ikpom
[2012.08.03 19:38:49 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
[2012.08.03 19:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2
[2012.08.03 19:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMRecordedRenamer
[2012.08.03 19:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOMRecordedRenamer
[2012.08.01 02:57:54 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\Howei
[2012.08.01 01:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades
[2012.07.26 14:24:50 | 000,000,000 | ---D | C] -- C:\Casino
[2012.07.22 01:55:24 | 000,000,000 | ---D | C] -- C:\Users\Lars\Desktop\Hardcore RELOADED
[2012.07.22 00:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012.07.22 00:55:25 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\ICQ Search
[2012.07.22 00:54:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\icq
[2012.07.22 00:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guard-ICQ
[2012.07.22 00:53:51 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\ICQ
[2012.07.22 00:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M
[2012.07.20 19:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefly Studios
[2012.07.20 19:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Lars\AppData\Roaming\*.tmp files -> C:\Users\Lars\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2012.08.16 15:38:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA.job
[2012.08.16 15:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.16 13:43:01 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA.job
[2012.08.16 12:59:05 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 12:59:05 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 12:58:54 | 000,006,400 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\BAcroIEHelpe192.dll
[2012.08.16 12:52:16 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.08.16 12:50:15 | 000,299,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.16 12:49:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.16 12:49:11 | 2146,832,383 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.15 22:43:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core.job
[2012.08.14 22:30:31 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.14 22:30:31 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.14 18:38:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core.job
[2012.08.11 04:39:56 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.08.11 04:39:56 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.08.11 04:39:56 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.08.11 03:37:55 | 000,001,176 | ---- | M] () -- C:\Users\Lars\Desktop\joey_pc.exe - Verknüpfung.lnk
[2012.08.11 02:28:24 | 000,001,545 | ---- | M] () -- C:\Users\Public\Desktop\EE-ZDE.lnk
[2012.08.11 02:23:06 | 000,000,415 | ---- | M] () -- C:\Windows\SIERRA.INI
[2012.08.11 01:53:55 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.11 01:53:55 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.11 01:53:55 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.11 01:53:55 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.11 01:53:55 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.10 20:04:47 | 004,079,616 | ---- | M] () -- C:\Users\Lars\Desktop\Empire Earth.exe
[2012.08.09 21:05:18 | 000,001,645 | ---- | M] () -- C:\Users\Public\Desktop\Empire Earth.lnk
[2012.08.08 18:19:33 | 000,000,133 | -H-- | M] () -- C:\Users\Lars\Desktop\DontSleep.ini
[2012.08.07 18:53:40 | 000,002,014 | ---- | M] () -- C:\Users\Lars\Desktop\Wow.lnk
[2012.08.06 17:59:38 | 000,002,155 | ---- | M] () -- C:\Users\Lars\Desktop\Age of Mythology Gold.lnk
[2012.08.06 11:14:21 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.08.06 11:14:21 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.08.06 11:14:21 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.08.06 11:14:20 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.08.06 11:14:20 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.08.06 11:12:29 | 000,001,564 | ---- | M] () -- C:\Users\Lars\Desktop\Manager10.lnk
[2012.08.05 20:34:47 | 000,001,246 | ---- | M] () -- C:\Users\Public\Desktop\Fussball Manager 12.lnk
[2012.08.05 02:33:22 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2012.08.01 18:21:11 | 000,007,594 | ---- | M] () -- C:\Users\Lars\AppData\Local\Resmon.ResmonCfg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Lars\AppData\Roaming\*.tmp files -> C:\Users\Lars\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2012.08.16 12:58:54 | 000,006,400 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\BAcroIEHelpe192.dll
[2012.08.11 03:37:55 | 000,001,176 | ---- | C] () -- C:\Users\Lars\Desktop\joey_pc.exe - Verknüpfung.lnk
[2012.08.11 02:28:24 | 000,001,545 | ---- | C] () -- C:\Users\Public\Desktop\EE-ZDE.lnk
[2012.08.10 20:02:09 | 004,079,616 | ---- | C] () -- C:\Users\Lars\Desktop\Empire Earth.exe
[2012.08.09 21:05:16 | 000,001,645 | ---- | C] () -- C:\Users\Public\Desktop\Empire Earth.lnk
[2012.08.09 21:04:52 | 000,000,415 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.08.09 21:04:08 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.08.09 21:04:08 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.08.09 21:04:08 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.08.05 04:16:31 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{192a88a3-a51e-3828-ef01-79d659704214}\U\800000cb.@
[2012.08.05 04:16:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{192a88a3-a51e-3828-ef01-79d659704214}\U\80000000.@
[2012.08.05 02:30:11 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{192a88a3-a51e-3828-ef01-79d659704214}\U\00000001.@
[2012.08.03 01:07:01 | 000,001,632 | ---- | C] () -- C:\Users\Lars\AppData\Local\{192a88a3-a51e-3828-ef01-79d659704214}\U\000000cb.@
[2012.07.26 14:24:53 | 000,000,784 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Europa Casino.lnk
[2012.07.19 18:09:28 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.06 18:16:23 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe
[2012.06.30 01:38:57 | 000,299,544 | ---- | C] () -- C:\Windows\RegGenieOnUninstall.exe
[2012.06.11 18:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 18:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.23 23:40:07 | 000,007,594 | ---- | C] () -- C:\Users\Lars\AppData\Local\Resmon.ResmonCfg
[2012.01.20 21:36:54 | 000,017,408 | ---- | C] () -- C:\Users\Lars\AppData\Local\WebpageIcons.db
[2012.01.11 18:43:47 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{192a88a3-a51e-3828-ef01-79d659704214}\@
[2012.01.11 18:43:47 | 000,002,048 | -HS- | C] () -- C:\Users\Lars\AppData\Local\{192a88a3-a51e-3828-ef01-79d659704214}\@
[2011.12.17 22:49:03 | 000,000,848 | ---- | C] () -- C:\Users\Lars\.recently-used.xbel
[2011.12.17 22:28:28 | 000,000,600 | ---- | C] () -- C:\Users\Lars\PUTTY.RND
[2011.12.07 21:44:50 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.11.02 01:23:54 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe
[2011.11.02 01:23:19 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2011.11.02 01:23:19 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2011.09.16 17:37:51 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.10 16:04:11 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.09.10 16:04:11 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.09.10 16:04:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2011.09.10 16:04:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2011.09.10 16:04:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2011.09.10 16:04:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2011.09.10 16:04:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2011.09.10 16:04:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2011.09.10 16:04:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2011.09.10 16:04:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2011.09.10 15:41:50 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.09.10 15:41:50 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.09.10 15:41:48 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.09.10 15:41:48 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.09.10 15:37:33 | 000,042,256 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.05.24 01:59:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.24 01:59:37 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.24 01:59:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.07 02:22:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.07 02:05:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.05.07 02:04:59 | 000,034,378 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008.12.09 17:23:13 | 000,051,152 | RHS- | C] () -- C:\Users\Lars\AppData\Roaming\appconf32.exe
 
========== LOP Check ==========
 
[2012.08.13 18:11:45 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\.minecraft
[2012.07.21 23:35:20 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\.spoutcraft
[2012.02.25 05:33:06 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\.Version-Changer
[2012.05.01 22:44:46 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Blockscape
[2011.09.25 01:55:24 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Canneverbe Limited
[2012.07.06 18:21:25 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\convert
[2011.11.29 20:36:03 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\DAEMON Tools Lite
[2012.01.15 17:54:25 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Easeware
[2011.09.10 20:48:09 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\GameRanger
[2011.10.18 15:31:01 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\gtk-2.0
[2012.08.16 01:18:58 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\ICQ
[2012.07.22 00:55:25 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\ICQ Search
[2012.08.05 02:30:39 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Ikpom
[2011.12.28 01:20:30 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\JAM Software
[2012.07.11 17:52:52 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\kock
[2012.07.26 13:47:18 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\loadtbs
[2011.10.09 00:48:00 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\LolClient
[2011.09.11 22:28:33 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Notepad++
[2012.01.16 16:18:50 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\PacificPoker
[2012.06.25 23:06:47 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\PDM
[2012.03.04 00:57:39 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Philipp Winterberg
[2012.07.06 18:17:13 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\pics
[2012.01.16 16:14:44 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\QuickStoresToolbar
[2012.06.30 01:54:31 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\RegGenie
[2012.08.08 03:18:40 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Smart PC Cleaner
[2012.08.12 02:04:29 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\SoftGrid Client
[2012.01.12 18:30:18 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Teeworlds
[2012.05.12 22:32:15 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\The Creative Assembly
[2011.09.13 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Tific
[2012.05.13 02:06:37 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\TIPP10
[2011.09.16 17:38:41 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\TP
[2012.01.16 21:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\TS3Client
[2012.07.12 14:29:44 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\TuneUp Software
[2012.08.03 16:48:49 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\UAs
[2012.08.12 02:04:27 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\uTorrent
[2012.04.01 02:53:58 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\WhatPulse
[2011.09.20 18:30:34 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Windows SideBar
[2012.05.31 01:51:05 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\www.rene-zeidler.de
[2012.08.03 16:49:26 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\xmldm
[2012.08.15 22:43:00 | 000,001,112 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core.job
[2012.08.16 13:43:01 | 000,001,134 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA.job
[2012.03.29 13:44:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Hier noch die Extras.txt

Code:
OTL Extras logfile created on: 16.08.2012 15:38:42 - Run 1
OTL by OldTimer - Version 3.2.57.0    Folder = C:\Users\Lars\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,59 Gb Available Physical Memory | 69,91% Memory free
16,00 Gb Paging File | 12,81 Gb Available in Paging File | 80,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 676,48 Gb Free Space | 72,63% Space Free | Partition Type: NTFS
Drive F: | 7,47 Gb Total Space | 5,20 Gb Free Space | 69,61% Space Free | Partition Type: FAT32
 
Computer Name: LARS-PC | User Name: Lars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{44B4F244-5B4D-856E-B3A6-E8DDBDC7F127}" = AMD Fuel
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EEB9326A-7D04-C212-CEAC-C23B462A21B0}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"DriverAgent.exe" = DriverAgent by eSupport.com
"DriverEasy_is1" = DriverEasy 3.11.3
"Explorer Suite_is1" = Explorer Suite III
"HyperCam 2" = HyperCam 2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{0DE8527A-FE3E-4FCA-A023-D57EF0B796C9}_is1" = Plants vs. Zombies 1.0.4.7924 (by Scar)
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = AMD VISION Engine Control Center
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30C01299-554C-4B62-BD0F-849F43E01C91}_is1" = Pokemon World Online version 1.81
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{415ADF7E-6DB8-4481-86C0-1CEC0163CC7B}" = Nexon Game Manager
"{453C9E55-80DF-4BD2-9885-52A1FB0D9382}" = eReader
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{573576B6-2112-4679-BF42-C8D9CE2E4A29}" = Ace of Spades
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{831D4B74-7A92-4363-869D-524876C480B1}_is1" = Sirius MT2 Version 20.12.02
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{9DEA24B3-59BC-4C57-BD1C-4A261F269748}" = TASTstar 5.0 Demo
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{B433B7D6-0A97-4ED4-BE64-863A0B3A0776}_is1" = YouFreeTV Version 0.02
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = EE-ZDE
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}" = EclipseCrossword
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D179B513-AD43-4013-AC50-C16107A0A02D}" = LogMeIn Hamachi
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFF6E91F-0009-4047-83BA-6DAD390D7B60}_is1" = Fussball Manager 12
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"888poker" = 888poker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"AOMRecordedRenamer_is1" = AOMRecordedRenamer v1.2
"Arensus Crossword Puzzle Editor_is1" = Arensus Crossword Puzzle Editor 1.1.8
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Blockscape_is1" = Blockscape Phase 1 (beta)
"Carte" = Carte 0.10.1
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Crossword Construction Kit" = Crossword Construction Kit
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fiddler2" = Fiddler2
"GameSpy Arcade" = GameSpy Arcade
"Guard.Mail.ru" = Guard.ICQ
"Icy Tower v1.5_is1" = Icy Tower v1.5
"Idoswin Pro_is1" = Idoswin Pro 5.65
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)
"IsoBuster_is1" = IsoBuster 2.8.5
"loadtbs-3.0" = loadtbs-3.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"McAfee Security Scan" = McAfee Security Scan Plus
"MD-SavegameManager_is1" = MD-SavegameManager V1.6.0.0
"MegaDev - FM10 Additions_is1" = MegaDev - FM10 Additions V1.2.0.4
"Metin2_is1" = Metin2
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"p.i.c.s. Rätsel-Generator" = p.i.c.s. Rätsel-Generator
"pc-profi-Chart_de2011_is1" = pc-profi-Chart_de2011
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener
"RAR Password Cracker" = RAR Password Cracker
"RAR Password Cracker DB Toolbar Toolbar" = RAR Password Cracker DB Toolbar Toolbar
"RealPlayer 15.0" = RealPlayer
"RegGenie" = RegGenie v3.0
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Santa Claus in Trouble" = Santa Claus in Trouble
"Simple Port Forwarding" = Simple Port Forwarding
"Smart PC Cleaner_is1" = Smart PC Cleaner v3.0
"Steam App 34330" = Total War: SHOGUN 2
"SystemRequirementsLab" = System Requirements Lab
"TIPP10_is1" = TIPP10 Version 2.1.0
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.1
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"Touch Typing Deluxe_is1" = Touch Typing Deluxe 1.2.50
"Travel Mouse and Key Counter" = Travel Mouse and Key Counter 1.3
"TreeSize Personal_is1" = TreeSize Personal V5.5.3
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Unlocker" = Unlocker 1.9.1
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.11
"WhatPulse" = WhatPulse 1.7.1
"Winload Toolbar" = Winload Toolbar
"World of Warcraft" = World of Warcraft
"xvid" = XviD MPEG-4 Video Codec
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Europa Casino" = Europa Casino
"fae8f6cbeb8cfed0" = mcmmoCalc
"GameRanger" = GameRanger
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.08.2012 06:12:25 | Computer Name = Lars-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 15.08.2012 06:24:18 | Computer Name = Lars-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000cea18  ID des fehlerhaften
 Prozesses: 0x24c8  Startzeit der fehlerhaften Anwendung: 0x01cd7ad01f395366  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 5e4d4e10-e6c3-11e1-9cc4-00040efb87b1
 
Error - 15.08.2012 12:55:47 | Computer Name = Lars-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 15.08.2012 13:28:03 | Computer Name = Lars-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
 Version: 11.3.300.271, Zeitstempel: 0x5026ffac  Name des fehlerhaften Moduls: ntdll.dll,
 Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0001fe54  ID des fehlerhaften Prozesses: 0x16e4  Startzeit der fehlerhaften Anwendung:
 0x01cd7b0a3387a1fc  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 90cff7ab-e6fe-11e1-b0e7-00040efb87b1
 
Error - 15.08.2012 13:49:41 | Computer Name = Lars-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Lars\Desktop\desktopzeug\NDSEMU\NO$GBA
 2.6a\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\Users\Lars\Desktop\desktopzeug\NDSEMU\NO$GBA
 2.6a\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 15.08.2012 13:49:58 | Computer Name = Lars-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Lars\Desktop\Lars\zoom\DelZip179.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\Users\Lars\Desktop\Lars\zoom\DelZip179.dll"
 in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
 ungültig.
 
Error - 15.08.2012 14:57:14 | Computer Name = Lars-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Lars\Desktop\desktopzeug\NDSEMU\NO$GBA
 2.6a\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\Users\Lars\Desktop\desktopzeug\NDSEMU\NO$GBA
 2.6a\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 15.08.2012 14:57:16 | Computer Name = Lars-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Lars\Desktop\Lars\zoom\DelZip179.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\Users\Lars\Desktop\Lars\zoom\DelZip179.dll"
 in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
 ungültig.
 
Error - 15.08.2012 23:03:50 | Computer Name = Lars-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Manager10.exe, Version: 1.0.0.0,
Zeitstempel: 0x4aca3a81  Name des fehlerhaften Moduls: GfxCore.dll, Version: 0.0.0.0,
 Zeitstempel: 0x4aca3946  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00314d67  ID des fehlerhaften
 Prozesses: 0x36e8  Startzeit der fehlerhaften Anwendung: 0x01cd7b4caa3b932b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\FUSSBALL MANAGER 10\Manager10.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\FUSSBALL MANAGER 10\GfxCore.dll
Berichtskennung:
 003997d3-e74f-11e1-b0e7-00040efb87b1
 
Error - 16.08.2012 06:51:37 | Computer Name = Lars-PC | Source = WinMgmt | ID = 10
Description =
 
[ Media Center Events ]
Error - 06.03.2012 08:39:46 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 13:39:42 - Fehler beim Herstellen der Internetverbindung.  13:39:42
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.04.2012 12:06:36 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 18:06:36 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..) 
 
Error - 16.04.2012 12:07:44 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 18:07:21 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..) 
 
[ System Events ]
Error - 16.08.2012 06:48:54 | Computer Name = Lars-PC | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 16.08.2012 06:48:54 | Computer Name = Lars-PC | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
 
Error - 16.08.2012 06:49:01 | Computer Name = Lars-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01a.sys konnte nicht geladen werden.
 
Error - 16.08.2012 06:51:17 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 16.08.2012 06:51:19 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 16.08.2012 06:51:20 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 16.08.2012 06:51:21 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Norton Internet Security" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1.
 
Error - 16.08.2012 06:51:21 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 16.08.2012 06:51:45 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 16.08.2012 06:51:45 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  sfdrv01a  sfsync02  sptd
 
 
< End of report >
Danke für eure Hilfe.

markusg 16.08.2012 18:26
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001..\Run: [Userinit] C:\Users\Lars\AppData\Roaming\appConf32.exe ()
[2012.08.16 12:58:54 | 000,006,400 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\BAcroIEHelpe192.dll
[2012.08.03 16:49:26 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\xmldm
[2012.07.11 17:52:52 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\kock
 :Files
C:\Users\Lars\AppData\Roaming\appConf32.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Hilfloser78 23.08.2012 02:18
Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Userinit not found.
File C:\Users\Lars\AppData\Roaming\appConf32.exe not found.
C:\Users\Lars\AppData\Roaming\BAcroIEHelpe192.dll moved successfully.
C:\Users\Lars\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Lars\AppData\Roaming\kock folder moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Lars
->Flash cache emptied: 4517 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Lars
->Temp folder emptied: 417932 bytes
->Temporary Internet Files folder emptied: 61215841 bytes
->Java cache emptied: 7589499 bytes
->FireFox cache emptied: 918441407 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 157692270 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 639 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.092,00 mb
 
 
OTL by OldTimer - Version 3.2.57.0 log created on 08232012_030548

Files\Folders moved on Reboot...
C:\Users\Lars\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Lars\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
Dasi ist der OTL Log nach dem Neustart

Leider kann ich den Movedfiles Ordner nicht zippen da ich "keine Leseberechtigung" habe. Liegt aber nur an der BAcroIEHelpe192.dll

markusg 28.08.2012 19:25
rechtsklick auf den schirm, avira deaktivieren und erneut probieren zu packen, dann hochladen.
ps sorry für die wartezeit

Hilfloser78 28.08.2012 22:57
MAcht nix , ihr habt schlißlich auch ncoh ein Privatleben , und seid zu ncihts verpflichtet!

Habs jetzt hochgeladen.

markusg 29.08.2012 18:45
hi
nutzt du den pc für oninebanking, zum einkaufen für sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie berufliches?

Hilfloser78 29.08.2012 21:26
Bis jetzt noch nicht , das wird aber irgendwann mal kommen (bin erst 15!)

markusg 30.08.2012 19:44
hi ok
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hilfloser78 01.09.2012 12:43
Hallo, hab jetzt mal Comcofix rüber laufen lassen, denke mal es lief alles glatt ,erster Neustart war zwar ein Bluescreen , kommt aber bei bir manchmal vor. (1 aus 25 Fällen ca.)
Kann es der Fall sein , dass ich allen Programmen den Internetzugriff neu erlaben muss? (Ich frage nur , weil mein Skype (ist im Autostart) erst geöffnet wurde , nachdem ich es erlaubt hatte.

Hier noch der ComboFix Log
Code:
ComboFix 12-08-31.08 - Lars 01.09.2012  13:19:15.1.6 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8191.6245 [GMT 2:00]
ausgeführt von:: c:\users\Lars\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\plugins\npuuseep.dll
c:\program files (x86)\RAR Password Cracker DB Toolbar Toolbar\tbHElper.dll
c:\program files (x86)\RegGenie
c:\program files (x86)\RegGenie\Backups\41090,0759446759
c:\program files (x86)\RegGenie\Backups\41090,0769951042
c:\program files (x86)\RegGenie\IgnoredKeys.ini
c:\program files (x86)\RegGenie\IgnoredValues.ini
c:\program files (x86)\RegGenie\Logs\Scan on 30.06.2012 01-48-35.txt
c:\program files (x86)\RegGenie\RegGenie.bim
c:\program files (x86)\RegGenie\RegGenie.bin
c:\program files (x86)\RegGenie\RegGenie.exe
c:\program files (x86)\RegGenie\RegGenie.ini
c:\program files (x86)\RegGenie\RegGenieOnReboot.exe
c:\program files (x86)\RegGenie\RegGenieOnRebootExpired.exe
c:\program files (x86)\RegGenie\RegGenieScheduler.exe
c:\program files (x86)\RegGenie\unins000.dat
c:\program files (x86)\RegGenie\unins000.exe
c:\program files (x86)\RegGenie\unins000.msg
c:\programdata\Microsoft\Windows\Start Menu\Programs\RegGenie
c:\programdata\Microsoft\Windows\Start Menu\Programs\RegGenie\RegGenie.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RegGenie\Uninstall RegGenie.lnk
c:\users\Lars\AppData\Roaming\AcroIEHelpe.txt
c:\users\Lars\AppData\Roaming\AcroIEHelpe192.dll
c:\users\Lars\AppData\Roaming\Ikpom
c:\users\Lars\AppData\Roaming\Ikpom\rexyu.osy
c:\users\Lars\AppData\Roaming\srvblck5.tmp
c:\windows\Installer\{192a88a3-a51e-3828-ef01-79d659704214}\@
c:\windows\Installer\{192a88a3-a51e-3828-ef01-79d659704214}\U\80000000.@
c:\windows\Installer\{192a88a3-a51e-3828-ef01-79d659704214}\U\800000cb.@
c:\windows\RegGenieOnUninstall.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-01 bis 2012-09-01  ))))))))))))))))))))))))))))))
.
.
2012-08-29 13:17 . 2012-08-29 13:17        --------        d-----w-        C:\Riot Games
2012-08-23 01:29 . 2011-12-01 14:07        1096688        ----a-w-        c:\windows\system32\drivers\pctEFA64.sys
2012-08-23 01:29 . 2011-12-01 14:07        453896        ----a-w-        c:\windows\system32\drivers\pctDS64.sys
2012-08-23 01:29 . 2012-02-24 08:31        145432        ----a-w-        c:\windows\system32\drivers\pctwfpfilter64.sys
2012-08-23 01:29 . 2012-02-24 08:31        339608        ----a-w-        c:\windows\system32\drivers\pctgntdi64.sys
2012-08-23 01:29 . 2011-11-14 13:12        367912        ----a-w-        c:\windows\system32\drivers\PCTCore64.sys
2012-08-23 01:29 . 2012-02-24 08:36        230952        ----a-w-        c:\windows\system32\drivers\PCTSD64.sys
2012-08-23 01:29 . 2012-02-24 08:35        14776        ----a-w-        c:\windows\system32\drivers\pctBTFix64.sys
2012-08-23 01:29 . 2012-02-24 08:37        92896        ----a-w-        c:\windows\system32\drivers\pctplsg64.sys
2012-08-23 01:28 . 2012-08-23 17:12        --------        d-----w-        c:\program files (x86)\PC Tools Security
2012-08-23 01:28 . 2012-08-23 01:36        --------        d-----w-        c:\program files (x86)\Common Files\PC Tools
2012-08-23 01:28 . 2012-08-23 01:29        --------        d-----w-        c:\programdata\PC Tools
2012-08-23 01:21 . 2012-08-23 01:26        --------        d-----w-        c:\users\Lars\AppData\Roaming\GetRightToGo
2012-08-23 01:10 . 2012-08-23 01:10        --------        d-----w-        c:\users\Lars\AppData\Roaming\xmldm
2012-08-23 01:05 . 2012-08-28 21:53        --------        d-----w-        C:\_OTL
2012-08-21 14:09 . 2012-08-21 14:10        --------        d-----w-        c:\users\Lars\AppData\Roaming\.techniclauncher
2012-08-21 11:07 . 2012-08-21 11:08        --------        d-----w-        c:\program files (x86)\SpeedFan
2012-08-20 21:08 . 2012-08-20 21:08        --------        d-----w-        c:\program files (x86)\XviD
2012-08-16 13:48 . 2012-08-16 13:48        --------        d-----w-        c:\users\Lars\AppData\Roaming\Malwarebytes
2012-08-16 13:48 . 2012-08-16 13:48        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-16 13:48 . 2012-08-16 13:48        --------        d-----w-        c:\programdata\Malwarebytes
2012-08-16 13:48 . 2012-07-03 11:46        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-16 13:43 . 2012-08-16 13:43        --------        d-----w-        c:\users\Lars\AppData\Roaming\13001.041
2012-08-16 01:03 . 2012-07-06 20:07        552960        ----a-w-        c:\windows\system32\drivers\bthport.sys
2012-08-15 20:00 . 2012-05-05 08:36        503808        ----a-w-        c:\windows\system32\srcore.dll
2012-08-15 20:00 . 2012-05-05 07:46        43008        ----a-w-        c:\windows\SysWow64\srclient.dll
2012-08-12 18:41 . 2012-08-12 18:41        --------        d-----w-        c:\programdata\ATI
2012-08-12 18:41 . 2012-08-12 18:41        --------        d-----w-        c:\program files (x86)\AMD AVT
2012-08-12 18:41 . 2012-08-12 18:41        --------        d-----w-        c:\program files (x86)\AMD APP
2012-08-12 17:31 . 2012-08-12 17:31        --------        d-----w-        C:\AMD
2012-08-11 01:24 . 2012-08-11 01:25        --------        d-----w-        C:\card
2012-08-09 19:04 . 2012-08-11 00:23        --------        d-----w-        C:\Sierra
2012-08-09 19:04 . 2012-08-11 02:39        21840        ----atw-        c:\windows\SysWow64\SIntfNT.dll
2012-08-09 19:04 . 2012-08-11 02:39        17212        ----atw-        c:\windows\SysWow64\SIntf32.dll
2012-08-09 19:04 . 2012-08-11 02:39        12067        ----atw-        c:\windows\SysWow64\SIntf16.dll
2012-08-08 01:16 . 2012-08-08 01:17        --------        d-----w-        c:\program files\Core Temp
2012-08-08 01:16 . 2012-08-08 01:16        --------        d-----w-        c:\program files (x86)\Ask.com
2012-08-08 01:15 . 2012-08-08 01:15        --------        d-----w-        c:\users\Lars\AppData\Local\APN
2012-08-06 09:14 . 2012-08-06 09:14        476976        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-08-05 22:18 . 2012-08-05 22:18        --------        d-----w-        c:\program files (x86)\Activision
2012-08-03 23:00 . 2008-04-25 19:10        1430528        ----a-w-        c:\program files (x86)\Microsoft Games\Age of Mythology\rm2\Nottud's RMS Generator v05.exe
2012-08-03 17:38 . 2012-08-03 17:38        --------        d-----w-        c:\program files\HyperCam 2
2012-08-03 17:35 . 2012-08-03 17:35        --------        d-----w-        c:\program files (x86)\AOMRecordedRenamer
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 01:00 . 2011-09-19 12:30        62134624        ----a-w-        c:\windows\system32\MRT.exe
2012-08-14 20:30 . 2012-06-22 19:54        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 20:30 . 2012-06-22 19:54        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-06 09:14 . 2011-09-10 17:00        472880        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-08-05 00:33 . 2009-07-13 23:19        328704        ----a-w-        c:\windows\system32\services.exe
2012-07-06 16:16 . 2012-07-06 16:16        330240        ----a-w-        c:\windows\PICSUninstall.exe
2012-06-30 15:13 . 2012-06-30 16:53        258352        ----a-w-        c:\windows\SysWow64\unicows.dll
2012-06-11 18:59 . 2012-06-11 18:59        10248192        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35        70144        ----a-w-        c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29        24826368        ----a-w-        c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00        20467712        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25        163840        ----a-w-        c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2010-09-29 01:55        924160        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2010-09-29 01:54        1090560        ----a-w-        c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20        442368        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19        532992        ----a-w-        c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19        239616        ----a-w-        c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17        21504        ----a-w-        c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2010-09-29 01:46        6301696        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2012-06-11 17:01        6914560        ----a-w-        c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2010-09-29 01:30        4246528        ----a-w-        c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2010-09-29 01:28        5480448        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45        15703040        ----a-w-        c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2010-09-29 01:22        4729344        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40        13277696        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2010-09-29 01:21        6605824        ----a-w-        c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2011-03-09 04:18        539136        ----a-w-        c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26        368640        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26        17920        ----a-w-        c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26        14848        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26        14848        ----a-w-        c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26        41984        ----a-w-        c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26        33280        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26        367616        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-05-25 20:07        54784        ----a-w-        c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2010-09-29 01:14        42496        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2010-09-29 01:13        45056        ----a-w-        c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2010-09-29 01:13        32768        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23        56320        ----a-w-        c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23        56320        ----a-w-        c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23        56832        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23        56832        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2012-06-11 11:50 . 2012-06-11 11:50        187392        ----a-w-        c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50        75264        ----a-w-        c:\windows\system32\OpenVideo64.dll
2012-06-11 11:50 . 2012-06-11 11:50        65024        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50        63488        ----a-w-        c:\windows\system32\OVDecode64.dll
2012-06-11 11:50 . 2012-06-11 11:50        56320        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2012-06-11 11:50 . 2012-06-11 11:50        16457728        ----a-w-        c:\windows\system32\amdocl64.dll
2012-06-11 11:49 . 2012-06-11 11:49        13008896        ----a-w-        c:\windows\SysWow64\amdocl.dll
2012-06-11 11:48 . 2012-06-11 11:48        54784        ----a-w-        c:\windows\system32\OpenCL.dll
2012-06-11 11:48 . 2012-06-11 11:48        50176        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2012-06-09 05:43 . 2012-07-11 17:05        14172672        ----a-w-        c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 17:05        2004480        ----a-w-        c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 17:05        1881600        ----a-w-        c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 17:05        1133568        ----a-w-        c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 17:05        1390080        ----a-w-        c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 17:05        1236992        ----a-w-        c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 17:05        805376        ----a-w-        c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWin0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}]
2011-12-28 12:21        128064        ----a-w-        c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2011-05-09 08:49        176936        ----a-w-        c:\program files (x86)\Winload\prxtbWin0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33        1519304        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWin0.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Facebook Update"="c:\users\Lars\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 2439072]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"ASUSGamerOSD"="c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachii\hamachi-2-ui.exe" [2012-02-07 1987976]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-07-21 1564368]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2011-12-7 1609728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 77688]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-24 867064]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 ALSysIO;ALSysIO;c:\users\Lars\AppData\Local\Temp\ALSysIO64.sys [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-01-27 125416]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-01-27 385512]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-09-27 38248]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-09-27 55336]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-09-27 301680]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-09-27 203624]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-09-27 58992]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-09-27 156520]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-09-27 278640]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-01-15 21712]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-25 113120]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-09-15 1061888]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-03-03 174184]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11-Drahtlosgerätetreiber;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-06-10 378368]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2012-02-24 402336]
R3 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NISx64\1105000.07F\SYMTDIV.SYS [2009-11-22 451120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2011-11-14 367912]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2011-12-01 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2011-12-01 1096688]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS [2009-10-15 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS [2010-04-22 221232]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20091205.001\BHDrvx64.sys [2009-11-26 668720]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1107000.00C\ccHPx64.sys [2010-02-26 615040]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-25 270912]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2011-09-10 16384]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20091105.001\IDSVia64.sys [2009-11-17 466992]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-02-24 230952]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1107000.00C\Ironx64.SYS [2010-04-29 150064]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-09-27 52896]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-07-21 1564368]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachii\hamachi-2.exe [2012-02-07 2343816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2009-08-19 212256]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-09-27 31080]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-09-10 136824]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 460800]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-05-15 1327520]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 20:30]
.
2012-08-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core.job
- c:\users\Lars\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-10 20:38]
.
2012-09-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA.job
- c:\users\Lars\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-10 20:38]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core.job
- c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09 00:13]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA.job
- c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09 00:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-20 418328]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-09-27 613024]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-09-27 379040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.bigseekpro.com/bsprpc/{13BB2A4A-85ED-4CC1-8CED-57EE92743B9A}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\y5ioa3a9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB3&ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.web.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=W3I4&o=15996&locale=de_DE&apn_uid=C4BEDA72-6476-4277-957B-866E594150E8&apn_ptnrs=%5EA9Q&apn_sauid=43AC60CB-C1F5-4A72-A733-104D2F20262B&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
Wow6432Node-HKCU-Run-DontSleep - c:\users\Lars\Desktop\DontSleep.exe
Toolbar-Locked - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
WebBrowser-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\ASDR.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Ralink\Common\RaRegistry.exe
c:\program files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-01  13:34:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-01 11:34
.
Vor Suchlauf: 23 Verzeichnis(se), 718.280.388.608 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 717.926.473.728 Bytes frei
.
- - End Of File - - 8985F0E9C05B96713AAC3ACE4EDED374

markusg 04.09.2012 20:27
du hast das zero access rootkit auf dem pc, wenn du oninebanking machst, lasse es sperren, am ende, alle passwörter endern.
da wir das rootkit nicht 100 %ig sicher entfernen können:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

Hilfloser78 05.09.2012 01:14
Hallo,
das klingt ja ziemlich übel. Nun hätte ich aber einige Fragen:
1. Funktioniert eine Neuinstallation auch nur mit der Recovery CD?
2. Kann ich problemlos Spiele (z.b. League of Legends, Manager10 usw), die Executables enthalten auf eine externe Festplatte ziehen , ohne dass der Virus mitkommt?
3. Sind Spieldateien (z.b. .sav , .scx usw) SICHER frei von Viren?

markusg 05.09.2012 16:48
1. ja.
2. kannst du dir selbst beantworten, lies meinen letzten post, da gibts nen link welche dateitypen du sichern kannst, ausführbare dateien gehören nicht dazu.
über ne datensicherung macht man sich eig vorher gedanken, nicht wenn es schon zu spät ist :-) aber das werden wir dann abendern.


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131