Evolution199 | 13.05.2013 17:57 | ADW CLEAR:AdwCleaner Logfile: Code:
# AdwCleaner v2.300 - Datei am 13/05/2013 um 18:17:14 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Maik Rosemeier - ROSEMEIER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Maik Rosemeier\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Désinfected : C:\Users\Maik Rosemeier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Datei Désinfected : C:\Users\Maik Rosemeier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Désinfected : C:\Users\Maik Rosemeier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Maik Rosemeier\AppData\Local\APN
Ordner Gelöscht : C:\Users\Maik Rosemeier\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Maik Rosemeier\AppData\Roaming\Mozilla\Firefox\Profiles\vcffdi1l.default\jetpack
Ordner Gelöscht : C:\Users\MAIKRO~1\AppData\Local\Temp\Desk365
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST31000524AS_6VPKHFX4XXXX6VPKHFX4&ts=1368035338
Daten Gelöscht : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST31000524AS_6VPKHFX4XXXX6VPKHFX4&ts=1368035338
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST31000524AS_6VPKHFX4XXXX6VPKHFX4&ts=1368035338 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST31000524AS_6VPKHFX4XXXX6VPKHFX4&ts=1368035338 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST31000524AS_6VPKHFX4XXXX6VPKHFX4&ts=1368035338 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST31000524AS_6VPKHFX4XXXX6VPKHFX4&ts=1368035338 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST31000524AS_6VPKHFX4XXXX6VPKHFX4&ts=1368035338 --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Maik Rosemeier\AppData\Roaming\Mozilla\Firefox\Profiles\vcffdi1l.default\prefs.js
Gelöscht : user_pref("browser.search.defaultenginename", "qvo6");
Gelöscht : user_pref("browser.search.order.1", "qvo6");
Gelöscht : user_pref("browser.search.selectedEngine", "qvo6");
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Maik Rosemeier\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [3972 octets] - [13/05/2013 18:17:14]
########## EOF - C:\AdwCleaner[S1].txt - [4032 octets] ########## --- --- ---
ComboFix:
Combofix Logfile: Code:
ComboFix 13-05-12.01 - Maik Rosemeier 13.05.2013 18:29:41.1.8 - x64
ausgeführt von:: c:\users\Maik Rosemeier\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{df7b8139-c56b-f660-18fe-511de119f503}\@
c:\windows\Installer\{df7b8139-c56b-f660-18fe-511de119f503}\L\00000004.@
c:\windows\Installer\{df7b8139-c56b-f660-18fe-511de119f503}\L\76603ac3
c:\windows\Installer\{df7b8139-c56b-f660-18fe-511de119f503}\U\00000004.@
c:\windows\Installer\{df7b8139-c56b-f660-18fe-511de119f503}\U\00000008.@
c:\windows\Installer\{df7b8139-c56b-f660-18fe-511de119f503}\U\000000cb.@
c:\windows\Installer\{df7b8139-c56b-f660-18fe-511de119f503}\U\80000000.@
c:\windows\Installer\{df7b8139-c56b-f660-18fe-511de119f503}\U\80000032.@
c:\windows\Installer\{df7b8139-c56b-f660-18fe-511de119f503}\U\80000064.@
c:\windows\SysWow64\frapsvid.dll
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-13 bis 2013-05-13 ))))))))))))))))))))))))))))))
.
.
2013-05-13 16:33 . 2013-05-13 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-12 15:55 . 2013-05-12 15:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-12 15:55 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-12 15:45 . 2013-05-12 15:45 -------- d-----w- C:\_OTL
2013-05-12 12:22 . 2013-05-12 12:22 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2013-05-12 12:18 . 2013-05-12 14:21 -------- d-----w- c:\users\Maik Rosemeier\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2013-05-12 12:18 . 2013-05-12 12:18 -------- d--h--r- c:\users\Maik Rosemeier\AppData\Roaming\SecuROM
2013-05-12 11:53 . 2013-05-12 11:53 -------- d-----w- c:\program files (x86)\Electronic Arts
2013-05-08 17:59 . 2013-05-08 17:59 -------- d-----w- c:\users\Maik Rosemeier\AppData\Roaming\Malwarebytes
2013-05-08 17:59 . 2013-05-08 17:59 -------- d-----w- c:\programdata\Malwarebytes
2013-05-08 17:46 . 2013-05-08 17:46 -------- d-----w- c:\users\Maik Rosemeier\ChromeExtensions
2013-05-08 17:46 . 2013-05-08 17:46 -------- d-----w- c:\users\Maik Rosemeier\AppData\Local\Tempfcfac0fcd1f06398551093adec072bea
2013-05-08 17:46 . 2013-05-08 17:46 -------- d-----w- c:\users\Maik Rosemeier\AppData\Local\Temp5b5f25a93692c59a16ba49f05e089b70
2013-05-08 17:46 . 2013-05-08 17:46 -------- d-----w- c:\users\Maik Rosemeier\AppData\Local\Tempc7ac0636cfef4a6f1313fc7989cfe5ea
2013-05-07 15:02 . 2013-05-07 15:02 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-04 10:52 . 2013-05-04 10:52 -------- d-----w- c:\program files (x86)\CAPCOM
2013-05-04 10:50 . 2013-05-04 10:51 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-05-04 10:50 . 2013-05-04 10:50 -------- d-----w- c:\windows\SysWow64\xlive
2013-05-04 09:13 . 2013-05-11 12:29 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-05-04 09:13 . 2013-05-13 16:23 -------- d-----w- c:\program files (x86)\Steam
2013-04-24 11:23 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 10:47 . 2013-04-21 10:47 -------- d-----w- c:\users\Maik Rosemeier\AppData\Roaming\raidcall
2013-04-21 10:47 . 2013-04-27 05:23 -------- d-----w- c:\program files (x86)\RaidCall
2013-04-19 15:42 . 2013-04-19 15:42 -------- d-----w- c:\users\Maik Rosemeier\AppData\Local\Gameforge4d
2013-04-19 15:41 . 2013-04-19 15:41 -------- d-----w- c:\users\Maik Rosemeier\AppData\Local\Programs
2013-04-15 11:33 . 2013-04-15 12:19 -------- d-----w- C:\AutoMacroRecorder
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-12 17:33 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-12 14:48 . 2012-11-26 19:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-12 14:48 . 2012-11-26 19:05 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-04 07:39 . 2012-11-30 13:47 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-05-04 07:39 . 2012-11-29 17:18 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-05-04 07:17 . 2012-11-29 17:18 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-04-02 18:22 . 2013-04-02 18:22 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 18:22 . 2013-04-02 18:22 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 18:22 . 2013-04-02 18:22 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 18:22 . 2013-04-02 18:22 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 18:22 . 2013-04-02 18:22 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 18:22 . 2013-04-02 18:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 18:22 . 2013-04-02 18:22 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 18:22 . 2013-04-02 18:22 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 18:22 . 2013-04-02 18:22 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 18:22 . 2013-04-02 18:22 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 18:22 . 2013-04-02 18:22 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 18:22 . 2013-04-02 18:22 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 18:22 . 2013-04-02 18:22 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 18:22 . 2013-04-02 18:22 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 18:22 . 2013-04-02 18:22 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 18:22 . 2013-04-02 18:22 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 18:22 . 2013-04-02 18:22 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 18:22 . 2013-04-02 18:22 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 18:22 . 2013-04-02 18:22 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 18:22 . 2013-04-02 18:22 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 18:22 . 2013-04-02 18:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 18:22 . 2013-04-02 18:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 18:22 . 2013-04-02 18:22 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 18:22 . 2013-04-02 18:22 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 18:22 . 2013-04-02 18:22 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 18:22 . 2013-04-02 18:22 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 18:22 . 2013-04-02 18:22 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 18:22 . 2013-04-02 18:22 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 18:22 . 2013-04-02 18:22 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 18:22 . 2013-04-02 18:22 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 18:22 . 2013-04-02 18:22 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 18:22 . 2013-04-02 18:22 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 18:22 . 2013-04-02 18:22 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 18:22 . 2013-04-02 18:22 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 18:22 . 2013-04-02 18:22 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 18:22 . 2013-04-02 18:22 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 18:22 . 2013-04-02 18:22 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 18:22 . 2013-04-02 18:22 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 18:22 . 2013-04-02 18:22 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 18:22 . 2013-04-02 18:22 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 18:22 . 2013-04-02 18:22 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 18:22 . 2013-04-02 18:22 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 18:22 . 2013-04-02 18:22 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 18:22 . 2013-04-02 18:22 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 18:22 . 2013-04-02 18:22 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 18:22 . 2013-04-02 18:22 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 18:22 . 2013-04-02 18:22 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-02 18:22 . 2013-04-02 18:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 18:22 . 2013-04-02 18:22 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-02 18:22 . 2013-04-02 18:22 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-02 18:22 . 2013-04-02 18:22 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-02 18:22 . 2013-04-02 18:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-02 18:22 . 2013-04-02 18:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-02 18:22 . 2013-04-02 18:22 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-04-02 18:22 . 2013-04-02 18:22 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-04-02 18:22 . 2013-04-02 18:22 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-02 18:22 . 2013-04-02 18:22 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-02 18:22 . 2013-04-02 18:22 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-02 18:22 . 2013-04-02 18:22 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-02 18:22 . 2013-04-02 18:22 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-02 18:22 . 2013-04-02 18:22 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-02 18:22 . 2013-04-02 18:22 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-02 18:22 . 2013-04-02 18:22 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-04-02 18:22 . 2013-04-02 18:22 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-02 18:22 . 2013-04-02 18:22 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-02 18:22 . 2013-04-02 18:22 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-04-02 18:22 . 2013-04-02 18:22 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-02 18:22 . 2013-04-02 18:22 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-04-02 18:22 . 2013-04-02 18:22 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-02 18:22 . 2013-04-02 18:22 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-04-02 18:22 . 2013-04-02 18:22 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-04-02 18:22 . 2013-04-02 18:22 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-02 18:22 . 2013-04-02 18:22 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-04-02 18:22 . 2013-04-02 18:22 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-04-02 18:22 . 2013-04-02 18:22 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-04-02 18:22 . 2013-04-02 18:22 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-04-02 18:22 . 2013-04-02 18:22 1643520 ----a-w- c:\windows\system32\DWrite.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-03-26 3497552]
"Spotify Web Helper"="c:\users\Maik Rosemeier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-04 1105408]
"Spotify"="c:\users\Maik Rosemeier\AppData\Roaming\Spotify\spotify.exe" [2013-05-04 4573184]
"Akamai NetSession Interface"="c:\users\Maik Rosemeier\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-06-08 118784]
"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"LVT"="c:\program files\Lenovo\LVT\LJYZ.exe" [2011-11-24 886112]
"Fastboot"="c:\program files (x86)\Lenovo\Rapidboot\FBConsole.exe" [2011-12-16 1260128]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"RoccatIsku"="c:\program files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE" [2012-11-09 542560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Fastboot;Fastboot;c:\windows\System32\DRIVERS\Fastboot.sys [2011-12-16 69216]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\Rapidboot\FBService.exe [2011-12-16 199264]
S2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe [2011-03-16 32768]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-20 247400]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 14:48]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4153300239-3673358812-1809579925-1001Core.job
- c:\users\Maik Rosemeier\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-08 18:26]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4153300239-3673358812-1809579925-1001UA.job
- c:\users\Maik Rosemeier\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-08 18:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.youtube.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Maik Rosemeier\AppData\Roaming\Mozilla\Firefox\Profiles\vcffdi1l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - ExtSQL: 2013-05-03 17:37; jid0-8tN1572BjKN38NbylynGgV1L2AU@jetpack; c:\users\Maik Rosemeier\AppData\Roaming\Mozilla\Firefox\Profiles\vcffdi1l.default\extensions\jid0-8tN1572BjKN38NbylynGgV1L2AU@jetpack.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4153300239-3673358812-1809579925-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:be,3e,d8,e1,bb,fa,3a,f8,d5,62,27,4f,b5,0c,05,13,3d,dd,47,ea,d1,82,a1,
5b,f4,aa,08,a9,4d,0f,1a,a3,81,8b,bd,33,c2,f2,ee,ad,78,ed,c4,21,2d,f0,45,8e,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-13 18:45:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-05-13 16:45
.
Vor Suchlauf: 14 Verzeichnis(se), 803.375.628.288 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 804.918.063.104 Bytes frei
.
- - End Of File - - FD685B0D5A3CE9B601C59E4D2E2916D0 --- --- ---
OTL :OTL Logfile: Code:
OTL logfile created on: 13.05.2013 18:50:27 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maik Rosemeier\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 57,98% Memory free
7,96 Gb Paging File | 6,15 Gb Available in Paging File | 77,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 749,74 Gb Free Space | 82,72% Space Free | Partition Type: NTFS
Drive D: | 6,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ROSEMEIER-PC | User Name: Maik Rosemeier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Maik Rosemeier\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Maik Rosemeier\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\Maik Rosemeier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Users\Maik Rosemeier\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.exe (ROCCAT GmbH)
PRC - C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe (1206 Lab)
PRC - C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe (Lenovo)
PRC - C:\Programme\Lenovo\LVT\LJYZ.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
PRC - C:\Windows\jmesoft\hotkey.exe (Lenovo)
PRC - C:\Windows\jmesoft\JME_LOAD.exe ()
PRC - C:\Windows\jmesoft\Service.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
========== Modules (No Company Name) ==========
MOD - C:\Users\Maik Rosemeier\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Origin\tufao.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Lenovo\Rapidboot\FBServiceps.dll ()
MOD - C:\Program Files (x86)\ROCCAT\Isku Keyboard\hiddriver.dll ()
MOD - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (FastbootService) -- C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe (1206 Lab)
SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.youtube.de/
IE - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LEND_deDE512
IE - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001\..\SearchScopes\{D572B651-2F07-4448-B86C-7936E0F3BDD9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LEND_deDE512
IE - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Maik Rosemeier\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Maik Rosemeier\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 15:20:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 15:20:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.11.26 20:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maik Rosemeier\AppData\Roaming\Mozilla\Extensions
[2013.05.09 17:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maik Rosemeier\AppData\Roaming\Mozilla\Firefox\Profiles\vcffdi1l.default\extensions
[2013.05.03 17:37:48 | 000,436,894 | ---- | M] () (No name found) -- C:\Users\Maik Rosemeier\AppData\Roaming\Mozilla\Firefox\Profiles\vcffdi1l.default\extensions\jid0-8tN1572BjKN38NbylynGgV1L2AU@jetpack.xpi
[2013.05.09 17:19:51 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Maik Rosemeier\AppData\Roaming\Mozilla\Firefox\Profiles\vcffdi1l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 15:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 15:20:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 09:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 09:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 09:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 09:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 09:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 09:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Maik Rosemeier\AppData\Local\Google\Chrome\User Data\Default\Extensions\egombopaikoeelblebkkilbmgpdofcio\1.0.0_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121127061644.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121127061644.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo)
O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe ()
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe (Lenovo)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RoccatIsku] C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001..\Run: [Akamai NetSession Interface] C:\Users\Maik Rosemeier\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001..\Run: [Spotify] C:\Users\Maik Rosemeier\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001..\Run: [Spotify Web Helper] C:\Users\Maik Rosemeier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-4153300239-3673358812-1809579925-1001\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF7BF9F-EFA4-4021-8966-152C8799B34F}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.15 14:19:23 | 000,000,000 | ---D | M] - C:\AutoMacroRecorder -- [ NTFS ]
O32 - AutoRun File - [2007.03.07 05:31:42 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]
O32 - AutoRun File - [2007.02.25 06:23:24 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.03.02 11:31:43 | 000,162,880 | R--- | M] () - D:\autorun.exe -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.13 18:46:00 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013.05.13 18:44:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.05.13 18:28:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.05.13 18:28:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.05.13 18:28:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.05.13 18:25:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.13 18:25:18 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.05.13 18:24:17 | 005,069,265 | R--- | C] (Swearware) -- C:\Users\Maik Rosemeier\Desktop\ComboFix.exe
[2013.05.12 19:34:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maik Rosemeier\Desktop\OTL(1).exe
[2013.05.12 17:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.12 17:55:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.05.12 17:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.12 17:45:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.12 16:22:58 | 000,000,000 | ---D | C] -- C:\Users\Maik Rosemeier\Documents\Command & Conquer 3 Tiberium Wars
[2013.05.12 14:22:20 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\system32CmdLineExt.dll
[2013.05.12 14:18:23 | 000,000,000 | ---D | C] -- C:\Users\Maik Rosemeier\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2013.05.12 14:18:12 | 000,000,000 | RH-D | C] -- C:\Users\Maik Rosemeier\AppData\Roaming\SecuROM
[2013.05.12 13:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013.05.08 20:30:34 | 000,000,000 | ---D | C] -- C:\Users\Maik Rosemeier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.05.08 19:59:11 | 000,000,000 | ---D | C] -- C:\Users\Maik Rosemeier\AppData\Roaming\Malwarebytes
[2013.05.08 19:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.08 19:46:56 | 000,000,000 | ---D | C] -- C:\Users\Maik Rosemeier\AppData\Local\Tempfcfac0fcd1f06398551093adec072bea
[2013.05.08 19:46:56 | 000,000,000 | ---D | C] -- C:\Users\Maik Rosemeier\AppData\Local\Temp5b5f25a93692c59a16ba49f05e089b70
[2013.05.08 19:46:56 | 000,000,000 | ---D | C] -- C:\Users\Maik Rosemeier\ChromeExtensions
[2013.05.08 19:46:48 | 000,000,000 | ---D | C] -- C:\Users\Maik Rosemeier\AppData\Local\Tempc7ac0636cfef4a6f1313fc7989cfe5ea
[2013.05.07 17:02:28 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013.05.04 14:06:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.05.04 14:06:11 | 000,000,000 | ---D | C] -- C:\Users\Maik Rosemeier\Documents\CAPCOM
[2013.05.04 12:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CAPCOM
[2013.05.04 12:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2013.05.04 12:50:17 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\xlive
[2013.05.04 12:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.05.04 11:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.05.04 11:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.05.04 11:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.04.21 12:47:59 | 000,000,000 | ---D | C] -- C:\Users\Maik Rosemeier\AppData\Roaming\raidcall
[2013.04.21 12:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.04.21 12:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall
[2013.04.19 17:42:15 | 000,000,000 | ---D | C] -- C:\Users\Maik Rosemeier\AppData\Local\Gameforge4d
[2013.04.19 17:41:57 | 000,000,000 | ---D | C] -- C:\Users\Maik Rosemeier\AppData\Local\Programs
[2013.04.15 13:33:10 | 000,000,000 | ---D | C] -- C:\AutoMacroRecorder
[2012.06.15 02:33:04 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
========== Files - Modified Within 30 Days ==========
[2013.05.13 18:47:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.05.13 18:47:53 | 3207,364,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.13 18:44:00 | 000,001,156 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4153300239-3673358812-1809579925-1001UA.job
[2013.05.13 18:44:00 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4153300239-3673358812-1809579925-1001Core.job
[2013.05.13 18:42:00 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.13 18:42:00 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.13 18:38:48 | 001,612,310 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.05.13 18:38:48 | 000,696,620 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.05.13 18:38:48 | 000,651,938 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.05.13 18:38:48 | 000,147,916 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.05.13 18:38:48 | 000,120,870 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.05.13 18:32:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.05.13 18:23:55 | 005,069,265 | R--- | M] (Swearware) -- C:\Users\Maik Rosemeier\Desktop\ComboFix.exe
[2013.05.13 18:16:46 | 000,628,743 | ---- | M] () -- C:\Users\Maik Rosemeier\Desktop\adwcleaner.exe
[2013.05.12 19:33:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maik Rosemeier\Desktop\OTL(1).exe
[2013.05.12 19:18:56 | 000,377,856 | ---- | M] () -- C:\Users\Maik Rosemeier\Desktop\gmer_2.1.19163.exe
[2013.05.12 19:15:46 | 000,000,000 | ---- | M] () -- C:\Users\Maik Rosemeier\defogger_reenable
[2013.05.12 19:15:02 | 000,050,477 | ---- | M] () -- C:\Users\Maik Rosemeier\Desktop\Defogger.exe
[2013.05.12 17:55:41 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.12 14:22:20 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\system32CmdLineExt.dll
[2013.05.08 20:36:00 | 000,001,151 | ---- | M] () -- C:\Users\Maik Rosemeier\Desktop\Mozilla Firefox.lnk
[2013.05.08 20:30:34 | 000,002,417 | ---- | M] () -- C:\Users\Maik Rosemeier\Desktop\Google Chrome.lnk
[2013.05.07 17:02:20 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013.05.04 11:13:09 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.05.04 09:39:12 | 000,281,688 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2013.05.04 09:39:12 | 000,281,688 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013.05.04 09:17:02 | 000,281,688 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2013.04.27 20:27:41 | 000,283,104 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013.05.13 18:28:19 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.05.13 18:28:19 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.05.13 18:28:19 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.05.13 18:28:19 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.05.13 18:28:19 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.05.13 18:16:55 | 000,628,743 | ---- | C] () -- C:\Users\Maik Rosemeier\Desktop\adwcleaner.exe
[2013.05.12 19:19:06 | 000,377,856 | ---- | C] () -- C:\Users\Maik Rosemeier\Desktop\gmer_2.1.19163.exe
[2013.05.12 19:15:46 | 000,000,000 | ---- | C] () -- C:\Users\Maik Rosemeier\defogger_reenable
[2013.05.12 19:15:16 | 000,050,477 | ---- | C] () -- C:\Users\Maik Rosemeier\Desktop\Defogger.exe
[2013.05.12 17:55:41 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.08 20:30:34 | 000,002,417 | ---- | C] () -- C:\Users\Maik Rosemeier\Desktop\Google Chrome.lnk
[2013.05.08 20:27:00 | 000,001,156 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4153300239-3673358812-1809579925-1001UA.job
[2013.05.08 20:26:58 | 000,001,104 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4153300239-3673358812-1809579925-1001Core.job
[2013.05.04 11:13:09 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.03.29 09:10:13 | 000,007,599 | ---- | C] () -- C:\Users\Maik Rosemeier\AppData\Local\Resmon.ResmonCfg
[2012.11.29 19:18:06 | 000,281,688 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012.11.29 19:17:56 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012.06.15 02:30:36 | 001,589,442 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.06.15 02:13:43 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2012.06.15 02:13:43 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2012.06.15 01:20:48 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
========== ZeroAccess Check ==========
[2013.05.13 18:25:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{df7b8139-c56b-f660-18fe-511de119f503}\L
[2013.05.13 18:25:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{df7b8139-c56b-f660-18fe-511de119f503}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.04.08 06:36:48 | 000,000,000 | ---D | M] -- C:\Users\Maik Rosemeier\AppData\Roaming\Aeria Games & Entertainment
[2013.05.12 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\Maik Rosemeier\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.11.27 02:34:34 | 000,000,000 | ---D | M] -- C:\Users\Maik Rosemeier\AppData\Roaming\Leadertech
[2012.11.27 17:33:20 | 000,000,000 | ---D | M] -- C:\Users\Maik Rosemeier\AppData\Roaming\LolClient
[2012.12.01 12:22:37 | 000,000,000 | ---D | M] -- C:\Users\Maik Rosemeier\AppData\Roaming\Origin
[2013.04.21 12:47:59 | 000,000,000 | ---D | M] -- C:\Users\Maik Rosemeier\AppData\Roaming\raidcall
[2013.05.13 18:53:21 | 000,000,000 | ---D | M] -- C:\Users\Maik Rosemeier\AppData\Roaming\Spotify
[2013.04.13 15:00:22 | 000,000,000 | ---D | M] -- C:\Users\Maik Rosemeier\AppData\Roaming\TeamViewer
[2013.05.11 23:01:36 | 000,000,000 | ---D | M] -- C:\Users\Maik Rosemeier\AppData\Roaming\TS3Client
[2012.11.27 19:06:36 | 000,000,000 | ---D | M] -- C:\Users\Maik Rosemeier\AppData\Roaming\ts3overlay
[2012.11.27 19:07:23 | 000,000,000 | ---D | M] -- C:\Users\Maik Rosemeier\AppData\Roaming\ts3overlay_hook_win64
========== Purity Check ==========
< End of report > --- --- ---
Is alles glatt gelaufen bis auf das windows mir jetzt anzeigt ich hätte kein antivir etc and was ich aber an habe :)^^ |