| Tempelritter | 05.09.2012 19:19 |
ukash Windows 7 otl Scan erfolgt
Hallo aus dem Norden.
Mit der Bitte um Hilfe, der ukash hat mich erwischt, anbei ein otl Scan :OTL Logfile: Code:
OTL logfile created on: 05.09.2012 19:51:54 - Run 2
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Volker\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 7,14 Gb Available Physical Memory | 89,44% Memory free
15,96 Gb Paging File | 15,23 Gb Available in Paging File | 95,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 45,53 Gb Total Space | 0,63 Gb Free Space | 1,38% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 878,19 Gb Free Space | 94,28% Space Free | Partition Type: NTFS
Drive E: | 4,06 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: VOLKER-PC | User Name: Volker | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.05 19:45:07 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2011.02.19 01:45:18 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.09.04 20:44:10 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.29 20:20:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.09 11:37:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 11:37:11 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.09 11:37:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.21 12:50:38 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.09.28 03:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.04 21:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Stopped] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.05.09 11:37:12 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 11:37:12 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.30 20:58:53 | 000,310,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.04.30 20:39:57 | 000,042,696 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.16 15:44:49 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011.03.16 15:44:49 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011.03.16 15:44:49 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.19 02:27:30 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.02.19 01:03:54 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.12.24 09:32:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.02.17 01:04:31 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2008.02.17 01:04:15 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2007.10.12 02:00:22 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.10.12 01:56:34 | 000,582,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV561V64.sys -- (PID_0928)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1943606177-273820932-3053845200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-1943606177-273820932-3053845200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-21-1943606177-273820932-3053845200-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1943606177-273820932-3053845200-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1943606177-273820932-3053845200-1000\..\SearchScopes\{A43F3CB0-E816-431E-8537-AC8B2A43EBCC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=a4a35da3-76c6-409b-9c08-f6a3684da571&apn_sauid=67C7E372-D6B8-460D-91EB-3658BBBA4476
IE - HKU\S-1-5-21-1943606177-273820932-3053845200-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=a4a35da3-76c6-409b-9c08-f6a3684da571&apn_ptnrs=%5EABT&apn_sauid=67C7E372-D6B8-460D-91EB-3658BBBA4476&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.04 20:44:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011.09.09 22:09:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Extensions
[2012.08.08 20:37:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\89zbzdxw.default\extensions
[2012.08.08 20:37:23 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\89zbzdxw.default\extensions\toolbar@ask.com
[2012.08.08 20:37:23 | 000,002,344 | ---- | M] () -- C:\Users\Volker\AppData\Roaming\mozilla\firefox\profiles\89zbzdxw.default\searchplugins\askcom.xml
[2011.09.09 22:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.04 20:44:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.24 23:29:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.04 20:44:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.24 23:29:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.24 23:29:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.24 23:29:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.24 23:29:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
CHR - Extension: YouTube = C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1943606177-273820932-3053845200-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1943606177-273820932-3053845200-1000..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1943606177-273820932-3053845200-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11CC00DA-E741-43C0-937C-0ABC2F9CF924}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.03.29 11:21:24 | 000,536,936 | R--- | M] (Gaming Minds Studios GmbH) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2012.03.30 13:12:30 | 000,420,621 | R--- | M] () - E:\autodata.zip -- [ UDF ]
O32 - AutoRun File - [2011.03.03 10:48:42 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5f8d3252-db15-11e0-8067-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5f8d3252-db15-11e0-8067-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2012.03.29 11:21:24 | 000,536,936 | R--- | M] (Gaming Minds Studios GmbH)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.05 19:45:07 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe
[2012.09.05 19:22:46 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{0E86E092-9D02-4D72-B3DD-F8E10A8BC02D}
[2012.09.04 22:53:57 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\AskToolbar
[2012.09.04 19:54:31 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{AAECBEDC-0BF2-4D1C-9139-C2A9EB83C02E}
[2012.09.03 16:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.09.03 16:27:19 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{A2E0BE00-C09B-400B-9F6C-44E336FC8FDB}
[2012.09.02 06:38:54 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{8E79F88A-DFCD-4382-8188-5C213EEE9785}
[2012.09.01 11:34:21 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{F92D7E92-A9E7-42CF-BD99-F6FEAA588A52}
[2012.08.31 13:49:19 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{05785660-8204-4D12-98ED-EE1053CCB33C}
[2012.08.30 19:46:09 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{1957F9CA-65C1-407D-88D6-D720A27484D6}
[2012.08.29 20:51:12 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\Kalypso Media
[2012.08.29 20:45:55 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Roaming\Kalypso Media
[2012.08.29 20:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
[2012.08.29 20:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso Media
[2012.08.29 20:14:30 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{DCBBAB44-AF5A-42C9-822C-B6FF9ACF4420}
[2012.08.28 16:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.08.28 16:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012.08.28 16:50:20 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{3D86661A-7066-42C6-AD3A-C01D98D0473F}
[2012.08.27 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{373355F0-7EB7-4274-A478-EAEADEE7E858}
[2012.08.26 15:00:35 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{56063AF9-A38A-4FDC-B29E-6AC021E8E133}
[2012.08.25 08:05:19 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{0CB04008-0C6F-488F-BDD2-C52920072DAC}
[2012.08.24 13:58:33 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{AD70AE30-CD95-46C9-9C3C-1435BE66B5E5}
[2012.08.23 17:18:22 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{8622BA63-755D-4BFD-A4D5-EFC5C400FD43}
[2012.08.22 19:27:19 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{51EB91D4-B2D2-48E3-8470-FC55C5BEE985}
[2012.08.22 06:15:17 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{392C4EAF-C4B2-4E73-AF8F-931450CA72B9}
[2012.08.21 20:13:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.08.21 16:10:47 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{AB221F70-F233-4035-BA07-8EBABEE27A29}
[2012.08.20 19:50:51 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{57070810-A7D2-46BB-AF52-A3066F3FFF36}
[2012.08.20 06:15:28 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{103F6B69-56E2-4AB8-A2C4-282C6BF1176B}
[2012.08.19 13:58:47 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{8E4BAE33-E762-4A22-877E-6FA3B20DE9AF}
[2012.08.18 15:34:24 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{FF65B44B-0BA7-44C6-8E68-B1AD3234399D}
[2012.08.18 15:34:13 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{70ACBD53-EB26-46F1-913E-B7088E26AD45}
[2012.08.17 23:21:41 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\Oberon Games
[2012.08.17 23:02:37 | 000,000,000 | ---D | C] -- C:\Users\Volker\Documents\Hattrick ORG
[2012.08.17 22:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.08.17 22:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.17 22:54:37 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.08.17 22:54:37 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.08.17 22:54:37 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.17 22:54:35 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.17 22:54:35 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.17 22:54:35 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.08.17 22:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.08.17 22:41:42 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{271AC40E-5FC5-4B42-AD59-4486C2FB8791}
[2012.08.17 22:41:32 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{C488400E-F8F3-4A3F-B755-8B2BEC210268}
[2012.08.17 02:20:22 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{FD0DFD4B-AC86-425B-BC33-6487427AAA44}
[2012.08.17 02:20:11 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{DBD4BDDF-A516-435F-8ABE-8EC4AF42925F}
[2012.08.16 13:03:48 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.16 13:03:48 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.16 13:03:48 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.16 13:03:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.16 13:03:47 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.16 13:03:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.16 13:03:47 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.08.16 13:03:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.16 13:03:47 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.16 13:03:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.16 13:03:45 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.08.16 13:03:45 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 13:03:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 13:03:45 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 13:03:45 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 13:03:45 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 13:03:45 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 13:03:44 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.16 13:00:34 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{61EC6B02-2886-4782-B9CF-25821C7F2E1C}
[2012.08.16 13:00:19 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{39B3D07F-70FE-4830-9599-91585EEB4E09}
[2012.08.15 16:08:15 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{61B896C3-B8DC-4081-954B-3020A72D471D}
[2012.08.15 16:08:04 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{EACB9A0A-0061-4422-87B3-1DFC1CD02526}
[2012.08.14 17:32:11 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{99939C47-1ACB-4E48-84FE-3AD344453B20}
[2012.08.14 17:32:01 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{78B05573-9BE7-48B8-B391-E43BE1A78906}
[2012.08.13 18:09:03 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{B1CF038F-9E11-4306-BF69-8ECB446C1FD5}
[2012.08.13 18:08:52 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{4C36818A-EEBD-45DC-8953-45FE26DDC584}
[2012.08.12 19:47:46 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{85008D93-9335-4DE9-B0E4-4D7A9A94C86D}
[2012.08.12 19:47:36 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{97605DCB-F428-483E-A6F5-50FC18CBB1D7}
[2012.08.11 22:20:55 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{F07CCC0E-A8E4-4FD6-80D7-87F79B221FDC}
[2012.08.11 22:20:44 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{552A63B0-BA82-4F20-B0B6-8FFA5F9BAF1A}
[2012.08.11 09:07:24 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{E366EE5C-F338-4A5E-9F40-1E7AD9DDBCB2}
[2012.08.11 09:07:14 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{2E2BD555-D747-43E1-B9E6-C8585C3FE9CE}
[2012.08.10 16:40:49 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{528500BA-1461-4CEC-BE61-FD150D13BF46}
[2012.08.10 16:40:39 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{ED729A2C-6B1C-403F-A4B7-5B3B2ED32A23}
[2012.08.10 03:55:47 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{63D83E7F-8643-4EF5-8105-55FA5317640F}
[2012.08.10 03:55:29 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{B4BD0476-7893-4EF5-BBBF-C0521AFEB62A}
[2012.08.08 20:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.08 20:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.08.08 20:37:18 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\APN
[2012.08.08 20:34:44 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{7E956889-2832-40DB-9992-8BA03F5191EE}
[2012.08.08 20:34:33 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{D48C5DCF-CC76-4F49-9719-D7EC1E58D061}
[2012.08.07 20:06:16 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{1EF75728-B823-4D16-8CCA-4A68249E73DE}
[2012.08.07 20:06:05 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Local\{51ED204D-9D6F-4301-87DD-0101F4DF644E}
========== Files - Modified Within 30 Days ==========
[2012.09.05 19:49:10 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.05 19:49:10 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.05 19:49:10 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.05 19:49:10 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.05 19:49:10 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.05 19:45:07 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe
[2012.09.05 19:42:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.05 19:42:53 | 2133,688,319 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.05 19:36:13 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.05 19:35:34 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 19:35:34 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 19:28:36 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.04 22:53:54 | 000,001,897 | ---- | M] () -- C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.04 22:50:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.04 22:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.04 20:50:57 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.03 16:28:18 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.09.03 16:28:18 | 000,002,098 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.08.29 20:42:36 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\Port Royale 3.lnk
[2012.08.29 20:20:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.29 20:20:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.17 22:54:33 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.08.17 22:54:33 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.08.17 22:54:33 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.17 22:54:33 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.17 22:54:33 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.17 22:54:33 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.08.16 17:56:49 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.08 20:37:25 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
========== Files Created - No Company Name ==========
[2012.09.04 22:53:54 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.04 22:53:54 | 000,001,897 | ---- | C] () -- C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.29 20:42:36 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\Port Royale 3.lnk
[2012.08.28 16:50:50 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.08.28 16:50:50 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.08.28 16:50:48 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011.11.19 15:43:22 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.21 11:39:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.19 03:48:03 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.16 15:08:24 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== LOP Check ==========
[2011.12.25 22:04:04 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\OEM
[2012.07.28 16:00:42 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\PowerCinema
[2011.12.25 22:07:58 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\directx9
[2012.06.17 13:23:40 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\FreeVideoConverter
[2012.05.28 20:50:17 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\GlobalSCAPE
[2012.08.29 20:45:55 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Kalypso Media
[2011.09.09 21:02:18 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\OEM
[2011.10.07 20:51:10 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\PowerCinema
[2012.09.01 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\SoftGrid Client
[2011.11.19 15:43:49 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\TP
[2012.09.01 11:33:56 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:798A3728
< End of report >
--- --- ---
Führe parallel dazu den Malwarebytes Quick-Scan durch........... mal sehen.
Nette Grüße
So, Quick-Scan ist durchgeführt, Neustart ist erfolgt : Hinweis auf Trojaner Agend , habe ich in Quarantäne geschoben.
Das wird es doch sicher noch nicht gewesen sein, um einen Rat wäre ich sehr dankbar.
Gruß |
