Home » Viren, Trojaner & Malware Forum » vbc.exe + Win32.Agent.adb + MediaPlex entfernen » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

vbc.exe + Win32.Agent.adb + MediaPlex entfernen

07.08.2013, 01:41

Madn

Member

Beiträge: 108

#1 Hallo, ich habe mir wohl einen Keylogger eingefangen und einen Trojaner und benötige bei der Entfernung hilfe.
Aufgefallen ist mir meine Infektion nur dadurch, dass bei einem einzigen zirkumplex-Tastendruck direkt zwei zirkumplex erscheinen.
Habe dann mal ein wenig mit Virenscannern gesucht, diese haben aber nichts gefunden.
Allerdings hatte mir Antivir mal BDS/DarkKomet.ausv angezeigt, weshalb ich da nen Zusammenhang gefunden habe und nach Möglichkeiten der Entfernung gegooglet habe.
Habe dann das Program, DarkComet Remover gefunden, welches tatsächlich innerhalb weniger Sekunden das Programm vbc.exe gefunden hat. Option Problem beheben gewählt und das Problem war gelöst.
Es kamen jetzt nur noch ein zirkumplex pro tastendruck raus statt direkt zwei.
Aber nach einem erneuten Systemstart tritt das Problem wieder auf.
Kann die Datei zwar immer wieder mit dem Darcomet remover reinigen, aber sie aktiviert sich über den Systemneustart immer selbst. Im abgesichertem Modus tritt das Problem auch nicht auf.

vbc.exe unter C:\Windows\Microsoft.NET\Framework\v2.0.50727

Mit Spybot konnte ich den Win32.Agent.adb und MediaPlex aufspüren, allerdings kommt auch dieser nach einem Systemneustart zurück.

hier das OTL Logfile

OTL logfile created on: 8/7/2013 12:56:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7.98 Gb Total Physical Memory | 5.85 Gb Available Physical Memory | 73.28% Memory free
15.96 Gb Paging File | 13.33 Gb Available in Paging File | 83.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.34 Gb Total Space | 11.78 Gb Free Space | 5.07% Space Free | Partition Type: NTFS
Drive D: | 233.03 Gb Total Space | 40.10 Gb Free Space | 17.21% Space Free | Partition Type: NTFS
Drive E: | 6.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found --
PRC - [2013/07/27 00:46:24 | 000,563,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/07/27 00:46:22 | 001,807,272 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/07/15 23:09:24 | 000,554,384 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/06/24 11:04:42 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/06/24 11:04:25 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/06/24 11:04:25 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/06/13 02:27:38 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/05/25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/30 23:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/20 19:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/03 15:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/07/27 00:46:24 | 001,122,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/07/16 00:32:40 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/07/01 18:20:48 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/06/15 01:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/15 01:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/15 01:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/03/13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2012/10/01 04:15:52 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2011/12/06 18:25:40 | 000,161,168 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/12/06 18:15:46 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/07/01 12:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/03/02 16:36:16 | 000,266,680 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/12/09 18:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 16:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/07/27 00:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/24 11:04:42 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/06/24 11:04:25 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/06/13 02:27:38 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/09 22:38:00 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2012/11/30 23:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/07/18 19:43:25 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/12/20 19:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 19:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/04/12 11:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2013/08/01 07:59:09 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013/08/01 02:31:14 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/07/06 23:53:03 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/30 11:58:42 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/03/30 11:58:42 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/03/30 11:58:42 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/07/03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 12:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/31 16:38:14 | 000,656,896 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2012/01/31 16:38:14 | 000,624,640 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2012/01/31 16:38:14 | 000,038,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2012/01/11 08:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/08 18:06:08 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 20:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 16:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/27 13:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/20 11:26:46 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/17 20:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/10 14:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 14:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 13:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/18 15:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/08/30 11:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/07/01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/06/18 17:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 13:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010/12/30 10:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysWOW64\drivers\RKHit.sys -- (RkHit)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.14
FF - prefs.js..extensions.enabledAddons: YouTubeAutoReplay@arikv.com:2.84

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/02/16 12:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/22 11:16:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/01 05:51:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/01 05:51:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/15 18:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions
[2013/07/22 15:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\7wtk37vu.default\extensions
[2013/05/24 04:01:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\7wtk37vu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/04 12:53:15 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\7wtk37vu.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012/08/26 19:08:04 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\7wtk37vu.default\extensions\DivXWebPlayer@divx.com.xpi
[2013/02/06 12:05:40 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\7wtk37vu.default\extensions\tineye@ideeinc.com.xpi
[2013/07/22 15:37:40 | 000,014,810 | ---- | M] () (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\7wtk37vu.default\extensions\YouTubeAutoReplay@arikv.com.xpi
[2012/12/18 02:01:55 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\7wtk37vu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/02 01:52:15 | 000,002,400 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\7wtk37vu.default\searchplugins\google-deutschland.xml
[2013/02/23 17:25:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/01 05:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/01 05:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/01/01 05:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012/07/18 19:43:26 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

O1 HOSTS File: ([2012/12/09 21:36:16 | 000,001,304 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 mermaidconsulting.dk
O1 - Hosts: 127.0.0.1 195.137.236.101
O1 - Hosts: 127.0.0.1 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 127.0.0.1 activation.cloud.techsmith.com
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (QuickNet BHO) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files (x86)\RegTweaker\key.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [pcsafedoctor.exe] C:\Program Files (x86)\PCSafeDoctor\pcsafedoctor.exe ()
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Filme_auf_DVD_8_TerraTec_Edition\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [nvcsvs] C:\Users\Christoph\AppData\Roaming\frmflup.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\Christoph\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Christoph\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Christoph\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Christoph\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <???>

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <???>

O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <???>

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <???>

O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <???>

O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <???>

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5FD0D3F-C049-4A48-BA0A-C576C92281C0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/12 23:30:33 | 000,696,176 | R--- | M] (LucasArts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011/07/04 17:54:41 | 000,000,144 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{65640fef-e618-11e2-9b1f-047d7b40c2c5}\Shell - "" = AutoRun
O33 - MountPoints2\{65640fef-e618-11e2-9b1f-047d7b40c2c5}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2011/07/12 23:30:33 | 000,696,176 | R--- | M] (LucasArts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/08/07 00:54:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2013/08/06 15:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/08/06 15:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSafeDoctor
[2013/08/06 15:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCSafeDoctor
[2013/08/02 21:50:49 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\RenPy
[2013/08/01 12:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhrozenSoft
[2013/08/01 12:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet RAT Remover
[2013/08/01 10:36:43 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\dclogs
[2013/08/01 02:41:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\LavasoftStatistics
[2013/08/01 02:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/08/01 02:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/08/01 02:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/08/01 02:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/08/01 02:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/08/01 02:33:29 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\adawarebp
[2013/08/01 02:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/08/01 02:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2013/08/01 02:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/08/01 02:31:14 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/08/01 02:31:14 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/08/01 02:31:12 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Ad-Aware Antivirus
[2013/07/23 21:54:36 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Any Video Converter
[2013/07/23 21:54:36 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\AnvSoft
[2013/07/23 21:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2013/07/23 21:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2013/07/23 21:48:53 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\MKV Converter Studio
[2013/07/23 21:48:40 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Apowersoft
[2013/07/23 00:52:13 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Freemake
[2013/07/23 00:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013/07/23 00:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013/07/23 00:48:17 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Tipard Studio
[2013/07/23 00:48:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Tipard Studio
[2013/07/22 02:57:48 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Media Player Classic
[2013/07/22 02:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XP Codec Pack
[2013/07/21 02:50:06 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\MegaMan Unlimited
[2013/07/17 19:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013/07/15 02:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/13 23:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/07/13 23:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013/07/12 13:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/12 13:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/07/12 01:44:46 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/12 01:44:45 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/12 01:44:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/12 01:44:45 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/12 01:44:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/12 01:44:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/12 01:44:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/12 01:44:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/12 01:44:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/12 01:44:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/12 01:44:44 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/12 01:44:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/12 01:44:43 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/12 01:44:43 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/12 01:44:43 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/12 00:45:09 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/12 00:45:09 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/12 00:45:05 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/12 00:45:05 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/12 00:44:33 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/08 16:56:52 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\plmt referat!
[2007/08/13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Christoph\AppData\Local\CDRip.dll
[2007/01/18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Christoph\AppData\Local\No23 Recorder.exe
[2006/12/11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Christoph\AppData\Local\basscd.dll
[2006/12/11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Christoph\AppData\Local\bass.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/08/07 00:54:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2013/08/07 00:08:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/06 15:30:16 | 179,905,920 | ---- | M] () -- C:\Users\Christoph\Desktop\setup_11.0.0.1245.x01_2013_08_06_15_12.exe
[2013/08/06 15:24:22 | 000,377,856 | ---- | M] () -- C:\Users\Christoph\Desktop\9ehx4c2d.exe
[2013/08/06 15:12:46 | 000,000,020 | ---- | M] () -- C:\Windows\tpcsd
[2013/08/06 15:12:26 | 000,001,022 | ---- | M] () -- C:\Users\Christoph\Desktop\pcsafedoctor.lnk
[2013/08/06 14:34:55 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/06 14:34:55 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/06 14:27:30 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/08/06 14:27:22 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/06 14:27:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/06 14:26:59 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/05 22:02:50 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/05 22:02:50 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/08/05 22:02:50 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/05 22:02:50 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/08/05 22:02:50 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/03 01:49:47 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2013/08/01 07:59:09 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/08/01 02:31:14 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/08/01 02:31:14 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/08/01 02:14:12 | 000,085,682 | ---- | M] () -- C:\Users\Christoph\Documents\cc_20130801_021401.reg
[2013/07/30 08:34:21 | 014,401,536 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\frmflup.exe
[2013/07/25 12:09:11 | 001,105,866 | R--- | M] () -- C:\Users\Christoph\Desktop\TwUnderground.zip
[2013/07/23 21:54:30 | 000,001,166 | ---- | M] () -- C:\Users\Christoph\Desktop\Any Video Converter.lnk
[2013/07/19 18:00:42 | 000,000,040 | ---- | M] () -- C:\Users\Christoph\AppData\Local\tmp.no23
[2013/07/19 17:57:50 | 000,001,473 | ---- | M] () -- C:\Users\Christoph\AppData\Local\RecConfig.xml
[2013/07/19 10:53:38 | 353,932,179 | ---- | M] () -- C:\Users\Christoph\Desktop\stargate.sg1.children.of.the.gods.final.cut.dvdrip_8c870.flv
[2013/07/15 09:42:53 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/15 09:42:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/13 23:35:31 | 000,001,206 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/07/13 23:35:30 | 000,001,365 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to DVD Converter.lnk
[2013/07/13 23:35:30 | 000,001,274 | ---- | M] () -- C:\Users\Public\Desktop\Free DVD Video Burner.lnk
[2013/07/12 13:02:09 | 000,389,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 15:26:11 | 000,017,920 | ---- | M] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/09 16:29:11 | 069,888,222 | ---- | M] () -- C:\Users\Christoph\Desktop\Final Fantasy X SD vs HD Comparison.mp4

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/08/06 15:27:44 | 179,905,920 | ---- | C] () -- C:\Users\Christoph\Desktop\setup_11.0.0.1245.x01_2013_08_06_15_12.exe
[2013/08/06 15:24:20 | 000,377,856 | ---- | C] () -- C:\Users\Christoph\Desktop\9ehx4c2d.exe
[2013/08/06 15:12:46 | 000,000,020 | ---- | C] () -- C:\Windows\tpcsd
[2013/08/06 15:12:26 | 000,001,022 | ---- | C] () -- C:\Users\Christoph\Desktop\pcsafedoctor.lnk
[2013/08/06 15:12:21 | 000,034,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\RKHit.sys
[2013/08/03 01:49:47 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2013/08/01 07:59:09 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/08/01 02:34:24 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/08/01 02:14:07 | 000,085,682 | ---- | C] () -- C:\Users\Christoph\Documents\cc_20130801_021401.reg
[2013/07/30 08:34:21 | 014,401,536 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\frmflup.exe
[2013/07/25 12:09:11 | 001,105,866 | R--- | C] () -- C:\Users\Christoph\Desktop\TwUnderground.zip
[2013/07/23 21:54:30 | 000,001,166 | ---- | C] () -- C:\Users\Christoph\Desktop\Any Video Converter.lnk
[2013/07/22 02:57:40 | 000,606,208 | ---- | C] () -- C:\Windows\SysNative\CoreAAC.ax
[2013/07/19 17:56:57 | 000,000,040 | ---- | C] () -- C:\Users\Christoph\AppData\Local\tmp.no23
[2013/07/19 10:46:12 | 353,932,179 | ---- | C] () -- C:\Users\Christoph\Desktop\stargate.sg1.children.of.the.gods.final.cut.dvdrip_8c870.flv
[2013/07/13 23:35:31 | 000,001,206 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/07/13 23:35:30 | 000,001,365 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to DVD Converter.lnk
[2013/07/13 23:35:30 | 000,001,274 | ---- | C] () -- C:\Users\Public\Desktop\Free DVD Video Burner.lnk
[2013/07/09 16:28:22 | 069,888,222 | ---- | C] () -- C:\Users\Christoph\Desktop\Final Fantasy X SD vs HD Comparison.mp4
[2013/06/13 23:19:26 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe
[2013/01/02 03:45:15 | 001,426,411 | ---- | C] () -- C:\Users\Christoph\AppData\Local\Tempmusic.ogg
[2012/12/30 13:12:30 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2012/12/30 13:12:29 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2012/12/09 22:38:43 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012/12/07 00:57:06 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012/02/27 00:36:13 | 000,001,123 | ---- | C] () -- C:\Users\Christoph\Dokumente - Verknüpfung.lnk
[2012/02/26 22:00:07 | 000,007,601 | ---- | C] () -- C:\Users\Christoph\AppData\Local\Resmon.ResmonCfg
[2012/02/21 16:55:46 | 000,017,920 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/16 23:04:52 | 000,001,473 | ---- | C] () -- C:\Users\Christoph\AppData\Local\RecConfig.xml
[2012/02/15 17:55:52 | 004,014,540 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/08 01:15:14 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Christoph\AppData\Local\lame_enc.dll
[2006/10/26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Christoph\AppData\Local\vorbisenc.dll
[2006/10/26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Christoph\AppData\Local\vorbisfile.dll
[2006/10/26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Christoph\AppData\Local\vorbis.dll
[2006/10/26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Christoph\AppData\Local\ogg.dll
[2005/08/23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Christoph\AppData\Local\no23xwrapper.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$c4c0e5412a213ae379f24a550137480f\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Hoffe auf eure Hilfe liebe Grüße

11.08.2013, 11:25

Swisstreasure

Moderator

Beiträge: 5694

#2 Herzlich Willkommen auf dem Protecus Forum

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
• Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die

Textbox.

Code

:OTL
O4 - HKCU..\Run: [nvcsvs] C:\Users\Christoph\AppData\Roaming\frmflup.exe ()
[2013/07/30 08:34:21 | 014,401,536 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\frmflup.exe
[2013/07/30 08:34:21 | 014,401,536 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\frmflup.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• Klick auf

.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread

Schritt 2

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

11.08.2013, 13:52

Madn

Member

Themenstarter

Beiträge: 108

#3 Hey Swiss danke für deine Antwort,

hier das Log von OTL

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nvcsvs deleted successfully.
C:\Users\Christoph\AppData\Roaming\frmflup.exe moved successfully.
File C:\Users\Christoph\AppData\Roaming\frmflup.exe not found.
File C:\Users\Christoph\AppData\Roaming\frmflup.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Christoph
->Temp folder emptied: 90365934 bytes
->Temporary Internet Files folder emptied: 60085168 bytes
->Java cache emptied: 1116735 bytes
->FireFox cache emptied: 639016971 bytes
->Flash cache emptied: 13149 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45594 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78140 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 754.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 08112013_122248

Files\Folders moved on Reboot...
C:\Users\Christoph\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

und hier das von Combofix

ComboFix 13-08-09.02 - Christoph 11.08.2013 12:35:18.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8174.6326 [GMT 2:00]
ausgeführt von:: c:\users\Christoph\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Christoph\AppData\Local\lame_enc.dll
c:\users\Christoph\AppData\Local\no23xwrapper.dll
c:\users\Christoph\AppData\Local\ogg.dll
c:\users\Christoph\AppData\Local\vorbis.dll
c:\users\Christoph\AppData\Local\vorbisenc.dll
c:\users\Christoph\AppData\Local\vorbisfile.dll
c:\users\Christoph\AppData\Roaming\.#
c:\users\Christoph\AppData\Roaming\dclogs
c:\users\Christoph\AppData\Roaming\dclogs\2013-08-01-5.dc
c:\users\Christoph\AppData\Roaming\dclogs\2013-08-02-6.dc
c:\users\Christoph\AppData\Roaming\dclogs\2013-08-03-7.dc
c:\users\Christoph\AppData\Roaming\dclogs\2013-08-04-1.dc
c:\users\Christoph\AppData\Roaming\dclogs\2013-08-05-2.dc
c:\users\Christoph\AppData\Roaming\dclogs\2013-08-06-3.dc
c:\users\Christoph\AppData\Roaming\dclogs\2013-08-07-4.dc
c:\users\Christoph\AppData\Roaming\dclogs\2013-08-11-1.dc
c:\users\Christoph\AppData\Roaming\Love
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\A Special World 1.1b\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\A Special World 1.1b\1-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\A Special World 1.1b\1-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\A Special World 1.1b\1-3_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\A Special World 1.1b\1-3_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\A Special World 1.1b\1-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\A Special World 1.1b\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\1-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\1-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\1-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\1-3_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\1-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\1-4_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\3-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\3-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\3-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\3-3_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\3-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\4-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\4-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\4-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\4-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\8-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\8-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\8-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\8-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\icon.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\BowserEmpire\tiles.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\.DS_Store
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\1-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\1-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\1-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\1-3_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\1-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\1-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\2-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\2-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\2-2Background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\2-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\2-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\2-4_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\2-4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\3-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\3-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\3-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\3-2Background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\3-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\3-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\3-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-2_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-2_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-2_2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-2background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-2background3.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-3_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-3_1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-3_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-3_2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\4-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\5-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\5-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\5-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\5-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\5-4_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\5-4_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\5-4_3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\6-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\6-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\6-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\6-3_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\6-3_1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\6-3_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\6-3_3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\6-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\6-4_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\6-4_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\6-4_3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\6-4_4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\6-4_5.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\6-4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\7-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\7-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\7-2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\7-2background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\7-2background3.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\7-2background4.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\7-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\7-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\7-3background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\7-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-1_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-1_3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-1_4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-1background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-2_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-2_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-2_3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-2_4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-2_5.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-3_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-3_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-3_3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-3_4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-4_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-4_1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-4_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-4_2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-4_3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-4_3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-4_4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-4_4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\8-4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\9-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\9-4_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\icon.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\music.mp3
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Community Mappack\tiles.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\custom_mappack_1\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\custom_mappack_1\1-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\custom_mappack_1\1-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\custom_mappack_1\icon.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\custom_mappack_1\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\custom_mappack_2\.DS_Store
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\custom_mappack_2\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\custom_mappack_2\1-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\custom_mappack_2\1-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\custom_mappack_2\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\DodgeMaster\.DS_Store
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\DodgeMaster\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\DodgeMaster\2-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\DodgeMaster\3-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\DodgeMaster\4-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\DodgeMaster\icon.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\DodgeMaster\music.mp3
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\DodgeMaster\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\DodgeMaster\tiles.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Hell (WIP)\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Hell (WIP)\1-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Hell (WIP)\1-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Hell (WIP)\1-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Hell (WIP)\2-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Hell (WIP)\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Kaizo Mari0\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Kaizo Mari0\1-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Kaizo Mari0\1-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Kaizo Mari0\1-2_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Kaizo Mari0\icon.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Kaizo Mari0\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\1-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\1-1_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\1-1_3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\1-1_4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\1-1_5.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\1-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\1-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\1-3_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\1-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\2-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\2-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\2-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\2-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\3-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\3-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\3-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\3-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\4-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\4-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\4-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\4-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\5-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\5-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\5-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\5-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\6-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\6-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\6-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\6-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\7-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\7-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\7-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\7-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\8-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\8-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\8-2_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\8-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\8-3_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\8-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\8-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\8-4_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\8-4_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\8-4_3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\8-4_4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\8-4_5.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\icon.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\Tiles 2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Mari0's Journey\Tiles.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\O brothers\0'Brothers_1.2.love
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\O brothers\DevIL.dll
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\O brothers\lisez-moi.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\O brothers\love.exe
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\O brothers\OpenAL32.dll
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\O brothers\readme.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\O brothers\SDL.dll
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\0-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\0-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\0-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\0-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\1-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\1-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\1-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\10-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\2-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\2-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\2-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\2-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\3-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\3-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\3-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\3-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\4-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\4-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\4-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\4-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\5-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\5-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\5-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\5-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\6-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\6-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\6-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\6-2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\6-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\6-3background1 - Copy.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\6-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\6-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\6-4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\7-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\7-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\7-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\7-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\8-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\8-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\8-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\8-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\9-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\9-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\icon.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\M-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\M-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\M-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\M-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\music.ogg
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\outsidethebox\tiles.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\-4-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\1-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\1-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\1-2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\1-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\1-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\1-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\1-4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\2-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\2-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\2-1_1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\2-1_1background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\2-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\2-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\2-2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\2-2background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\2-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\2-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\2-3background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\2-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\2-4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\2-4background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\3-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\3-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\3-1background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\3-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\3-2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\3-2background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\3-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\3-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\3-3background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\3-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\3-4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\3-4background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\4-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\4-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\4-1background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\4-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\4-2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\4-2background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\4-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\4-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\4-3background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\4-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\4-4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\4-4background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\5-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\5-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\5-1background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\5-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\5-2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\5-2background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\5-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\5-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\5-3background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\5-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\5-4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\5-4background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-1_1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-1_1background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-1background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-2background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-3background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\6-4background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\7-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\7-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\7-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\7-1background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\7-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\7-2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\7-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\7-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\7-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\7-4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\8-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\8-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\8-1_1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\8-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\8-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\8-2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\8-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\8-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\8-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\8-4_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\8-4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\9-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\9-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\9-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\9-2background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\9-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\9-3background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\9-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\9-4_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\9-4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\icon.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\music.ogg
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\objects.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Pop A Portal\tiles.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\smb\2-3_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\smb\5-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\smb\5-4_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\smb\6-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\smb\7-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Test your fast FIX\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Test your fast FIX\1-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Test your fast FIX\1-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Test your fast FIX\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\The Random\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\The Random\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\1-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\1-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\1-3_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\1-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\2-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\2-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\2-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\2-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\2-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\3-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\3-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\3-2_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\3-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\3-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\3-4_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\4-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\4-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\4-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\4-3_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\4-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\4-4_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\5-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\5-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\5-2_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\5-2_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\5-2_3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\5-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\5-3_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\5-3_2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\5-3_3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\5-3_4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\5-3_5.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\5-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\6-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\6-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\6-1background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\6-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\6-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\6-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\7-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\7-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\7-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\7-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\7-3_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\7-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\8-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\8-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\8-2_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\8-3.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\8-4.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\8-4background1.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\8-4background2.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\8-4background3.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\icon.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Time Attack\tiles.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Wrecked_Apeture_\1-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Wrecked_Apeture_\1-1_1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Wrecked_Apeture_\1-2.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Wrecked_Apeture_\2-1.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Wrecked_Apeture_\icon.png
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Wrecked_Apeture_\settings.txt
c:\users\Christoph\AppData\Roaming\Love\mari0\mappacks\Wrecked_Apeture_\tiles.png
c:\users\Christoph\AppData\Roaming\Love\mari0\options.txt
c:\users\Christoph\AppData\Roaming\Love\not_pacman\highscoreA
c:\users\Christoph\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
c:\users\Christoph\AppData\Roaming\Love\not_tetris_2\highscoresB.txt
c:\users\Christoph\AppData\Roaming\Love\not_tetris_2\options.txt
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-11 bis 2013-08-11 ))))))))))))))))))))))))))))))
.
.
2013-08-11 10:22 . 2013-08-11 10:22 -------- d-----w- C:\_OTL
2013-08-08 16:56 . 2013-08-08 19:01 -------- d-----w- c:\program files (x86)\DevPro
2013-08-06 13:47 . 2013-08-06 13:47 -------- d-----w- c:\programdata\Kaspersky Lab
2013-08-02 19:50 . 2013-08-02 19:50 -------- d-----w- c:\users\Christoph\AppData\Roaming\RenPy
2013-08-01 10:11 . 2013-08-01 10:11 -------- d-----w- c:\program files (x86)\PhrozenSoft
2013-08-01 05:59 . 2013-08-01 05:59 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-01 00:41 . 2013-08-01 08:37 -------- d-----w- c:\users\Christoph\AppData\Roaming\LavasoftStatistics
2013-08-01 00:40 . 2013-08-01 00:40 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-08-01 00:34 . 2013-08-01 00:34 -------- d-----w- c:\programdata\Lavasoft
2013-08-01 00:34 . 2013-08-01 00:40 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-08-01 00:33 . 2013-08-01 00:33 -------- d-----w- c:\programdata\blekko toolbars
2013-08-01 00:33 . 2013-08-01 00:33 -------- d-----w- c:\users\Christoph\AppData\Local\adawarebp
2013-08-01 00:33 . 2013-08-01 00:33 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-08-01 00:33 . 2013-08-01 00:33 -------- d-----w- c:\program files (x86)\Lavasoft
2013-08-01 00:33 . 2013-08-01 00:33 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-08-01 00:31 . 2013-08-01 00:31 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-08-01 00:31 . 2013-08-01 00:31 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-08-01 00:31 . 2013-08-06 22:55 -------- d-----w- c:\users\Christoph\AppData\Roaming\Ad-Aware Antivirus
2013-07-23 19:54 . 2013-07-23 19:54 -------- d-----w- c:\users\Christoph\AppData\Roaming\AnvSoft
2013-07-23 19:54 . 2013-07-23 19:54 -------- d-----w- c:\program files (x86)\AnvSoft
2013-07-23 19:48 . 2013-07-23 19:48 -------- d-----w- c:\users\Christoph\AppData\Roaming\Apowersoft
2013-07-22 22:52 . 2013-07-22 22:52 -------- d-----w- c:\programdata\Freemake
2013-07-22 22:52 . 2013-07-23 21:44 -------- d-----w- c:\program files (x86)\Freemake
2013-07-22 22:48 . 2013-07-22 22:48 -------- d-----w- c:\users\Christoph\AppData\Local\Tipard Studio
2013-07-22 00:57 . 2013-08-01 00:17 -------- d-----w- c:\users\Christoph\AppData\Roaming\Media Player Classic
2013-07-22 00:57 . 2005-08-12 09:04 606208 ----a-w- c:\windows\system32\CoreAAC.ax
2013-07-22 00:29 . 2013-07-22 00:57 -------- d-----w- c:\program files (x86)\XP Codec Pack
2013-07-15 00:46 . 2013-07-15 00:48 -------- d-----w- c:\windows\system32\MRT
2013-07-13 21:35 . 2013-07-13 21:35 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-07-13 21:35 . 2013-07-13 21:35 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-07-12 11:02 . 2013-07-12 11:02 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-15 07:42 . 2012-03-29 08:54 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 07:42 . 2012-02-15 16:10 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-06 21:53 . 2013-07-06 21:53 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-06-24 10:08 . 2013-06-24 10:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 10:08 . 2012-08-11 10:38 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-24 10:08 . 2011-08-03 10:38 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-24 09:04 . 2013-05-07 13:42 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-23 22:57 . 2012-03-29 16:05 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 23:43 . 2013-07-11 23:44 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-11 23:44 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-11 23:44 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-11 23:44 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-11 23:44 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-11 23:44 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-11 23:44 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-11 23:44 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-11 23:44 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-11 23:44 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-11 23:44 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-11 23:44 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-11 23:44 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-11 23:44 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-11 23:44 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-11 23:44 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-11 23:44 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-11 23:44 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-11 23:44 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-11 23:44 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-11 23:44 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-11 23:44 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-11 22:44 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 22:45 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 22:45 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-27 20:19 . 2013-04-14 14:55 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-27 20:19 . 2013-04-14 14:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-18 19:35 . 2013-05-18 19:35 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-05-18 19:35 . 2013-05-18 19:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-05-18 19:35 . 2013-05-18 19:35 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Spotify Web Helper"="c:\users\Christoph\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-08 1104384]
"Spotify"="c:\users\Christoph\AppData\Roaming\Spotify\Spotify.exe" [2013-07-08 4640768]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-26 1807272]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"TrayServer"="c:\program files (x86)\MAGIX\Filme_auf_DVD_8_TerraTec_Edition\TrayServer.exe" [2008-01-17 90112]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-24 345144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe;c:\windows\SYSNATIVE\libusbd-nt.exe [x]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe;c:\windows\SYSNATIVE\lxeacoms.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 cleanhlp;cleanhlp;c:\users\CHRIST~1\AppData\Local\Temp\Rar$EXa0.546\Run\cleanhlp64.sys;c:\users\CHRIST~1\AppData\Local\Temp\Rar$EXa0.546\Run\cleanhlp64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys;c:\windows\SYSNATIVE\drivers\QIOMem.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:26]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\7wtk37vu.default\
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - c:\program files (x86)\RegTweaker\key.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-AviSynth - c:\program files (x86)\AviSynth 2.5\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4258952765-378114140-3910551352-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-11 13:05:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-08-11 11:05
.
Vor Suchlauf: 12 Verzeichnis(se), 12.869.156.864 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 14.191.132.672 Bytes frei
.
- - End Of File - - 696A19CF39CDD55C5BD5317A5AFA5834
D41D8CD98F00B204E9800998ECF8427E

zu Mari0: Das waren ganz normale mappacks von nem Spiel mehr nicht.

mir ist nach dem Scan mit combofix aber was komisches aufgetreten.
Das Programm hat alles korrekt ausgeführt, bis zum log.
Allerdings konnte ich danach keine Programme mehr ausführen, weder firefox noch Internetexplorer oder sonstige Programme, selbst das log von combofix nachträglich öffnen war nicht drin.
Es kam immer die Nachricht "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen der zum löschen markiert wurde"
Wollt dann weil nix mehr ging das system wiederherstellen, aber es gab keine wiederherstellungspunkte.
Hab nun neugestartet und nun geht es wieder und ich komm in die Programme rein.
Allerdings hab ich eben nachgeguckt, gibt es auch jetzt keine wiederherstellungspunkte mehr.

ansonsten funktionieren die Programme wieder.
hoffe die logs bringen uns was

11.08.2013, 22:22

Swisstreasure

Moderator

Beiträge: 5694

#4 Hast Du denn aktuell noch probleme?

12.08.2013, 04:05

Madn

Member

Themenstarter

Beiträge: 108

#5 Nein hab nochmal neugestartet das Problem mit dem keylogger scheint behoben zu sein. Richtig top vielen dank dafür

hatte mich nur gewundert, weils dieses Problem mit dem laden der Programme gab. Wusst kurz nicht was ich machen sollte.

Habe jetzt mit spybot nochmal gescannt nur noch so ein komisches "DoubleClick" gefunden, was mir da angezeigt wird und auch bei jedem systemneustart wieder zu finden ist.

--- Search result list ---
DoubleClick: Verfolgender Cookie (Internet Explorer: Madn) (Cookie, nothing done)

Dieser Beitrag wurde am 12.08.2013 um 12:38 Uhr von Madn editiert.

12.08.2013, 19:35

Swisstreasure

Moderator

Beiträge: 5694

#6 Das ist nicht weiter tragisch

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

• Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
• Speichere es auf Deinem Desktop.
• Doppelklick auf OTL.exe um das Programm auszuführen.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Klicke auf den Button "Bereinigung"
• OTL fragt eventuell nach einem Neustart.

Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der
Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
• Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
• Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software
• Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz
• MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
• WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen
• SpywareBlaster
Eine kurze Einführung findest du Hier
• MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
• WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
• Opera
• Mozilla Firefox.

Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
• NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.

• AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts
• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Freiwillige Spende

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

13.08.2013, 12:47

Madn

Member

Themenstarter

Beiträge: 108

#7 Habe die TFC.exe mir runtergeladen und ausgeführt.
Danach nochmal Spybot laufen gelassen und nun

--- Search result list ---
DoubleClick: Verfolgender Cookie (Internet Explorer: Christoph) (Cookie, fixed)

MediaPlex: Verfolgender Cookie (Internet Explorer: Christoph) (Cookie, fixed)

Right Media: Verfolgender Cookie (Internet Explorer: Christoph) (Cookie, fixed)

MediaPlex: Verfolgender Cookie (Internet Explorer: Christoph) (Cookie, fixed)

gefunden. Weiß nicht in wiefern diese Ergebnisse schadhaft sind, aber früher gab es keine Meldungen über solche Einträge in Spybot.
Das gibt mir schon etwas zu bedenken.

Deine Tipps sind super, werde davon sicherlich einige gebrauchen können.

13.08.2013, 20:03

Swisstreasure

Moderator

Beiträge: 5694

#8 Dann mach noch folgendes:

Downloade Dir bitte AdwCleaner auf deinen Desktop.
• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Löschen.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

13.08.2013, 23:51

Madn

Member

Themenstarter

Beiträge: 108

#9 Hier das Log vom AdwCleaner

# AdwCleaner v3.000 - Report created13/08/2013at23:39:41
# Updated 13/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Christoph - CHRISTOPH-TOSH
# Running from : C:\Users\Christoph\Desktop\adwcleaner.exe

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Folder Deleted : C:\Users\Christoph\AppData\Local\APN
Folder Deleted : C:\Users\Christoph\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\7wtk37vu.default\adawaretb
File Deleted : C:\Users\Christoph\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_xpadder_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_xpadder_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-to-mp3-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-to-mp3-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_kmplayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_kmplayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_malwarebytes-anti-malware_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_malwarebytes-anti-malware_RASMANCS
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\findlyrics
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] No bad entry found.

-\\ Mozilla Firefox v14.0.1 (de)

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
File Deleted : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\7wtk37vu.default\user.js

[ File : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\7wtk37vu.default\prefs.js ]

Line Deleted : user_pref("extensions.enabledAddons", "de-DE@dictionaries.addons.mozilla.org:2.0.2,DivXWebPlayer@div[...]
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{D19CA586-DD6C-[...]

*************************

AdwCleaner[0].txt - [3528 octets] - [13/08/2013 23:39:41]

########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [3587 octets] ##########

14.08.2013, 21:42

Swisstreasure

Moderator

Beiträge: 5694

#10 Sind die Meldungen immernoch?

14.08.2013, 23:23

Madn

Member

Themenstarter

Beiträge: 108

#11 Hallo Swiss, ja leider erscheinen die Meldungen immernoch. Hier der log von Spybot

--- Search result list ---
MediaPlex: Verfolgender Cookie (Internet Explorer: Christoph) (Cookie, fixed)

FastClick: Verfolgender Cookie (Internet Explorer: Christoph) (Cookie, fixed)

MediaPlex: Verfolgender Cookie (Internet Explorer: Christoph) (Cookie, fixed)

hab dann noch Malwarebytes im Schnellsuchlauf durchgeführt
und das gefunden

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.14.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Christoph :: CHRISTOPH-TOSH [Administrator]

Schutz: Aktiviert

14.08.2013 23:24:49
MBAM-log-2013-08-15 (00-42-49).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228001
Laufzeit: 3 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Christoph\Downloads\bs_DarkComet_RAT_Remover.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Christoph\Downloads\bs_Picture_Slideshow_Viewer.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Christoph\Downloads\DCRemoverV1_setup.zip (Backdoor.DarkComet) -> Keine Aktion durchgeführt.
C:\Users\Christoph\Downloads\DTLite4471-0333.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Christoph\Downloads\KMPlayer_EN_3.1.0.0.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

(Ende)

Dieser Beitrag wurde am 15.08.2013 um 00:44 Uhr von Madn editiert.

16.08.2013, 13:19

Swisstreasure

Moderator

Beiträge: 5694

#12 Am besten leerst Du einmal diesen Ordner:
C:\Users\Christoph\Downloads
Und pass auf was Du für Programme runterlädtst....

Nutzt Du IE oder FF?

16.08.2013, 20:08

Madn

Member

Themenstarter

Beiträge: 108

#13 Habe den Ordner jetzt geleert und nochmal neugestartet, dann gescannt mit Malwarebytes und Spybot

Hier der Log von Malwarebytes

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Christoph :: CHRISTOPH-TOSH [Administrator]

16.08.2013 19:40:13
mbam-log-2013-08-16 (19-40-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227031
Laufzeit: 5 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Christoph\AppData\Local\Temp\KMP_3.6.0.87.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Spybot hab ich auch durchlaufen lassen, der hat aber nichts gefunden. Zum ersten Mal. Ich starte gleich nochmal und lasse den Scanner nochmal laufen. Wäre klasse, wenns jetzt geklappt hätte.

update: Auch nach dem erneuten Neustart und nochmaligen Scan mit Spybot wurde nichts gefunden.

Habe jetzt noch das Program DarkComet Remover auf meinem PC, das habe ich damals geladen um diesen DarkComet Keylogger zu finden. Bin mir nicht sicher, ob ich das Program behalten sollte oder meinst du ich sollte es löschen?

Ich surfe immer mit dem Browser Firefox.

update2:
leider ergab der Scan mit Spybot am nächsten Tag wieder die beiden Ergebnisse, da hab ich mich wohl zu früh gefreut.

DoubleClick: Verfolgender Cookie (Internet Explorer: Christoph) (Cookie, fixed)

MediaPlex: Verfolgender Cookie (Internet Explorer: Christoph) (Cookie, fixed)

MediaPlex: Verfolgender Cookie (Internet Explorer: Christoph) (Cookie, fixed)

nochmal Malwarebytes laufen lassen und erneut die Datei gefunden, die ich gestern bereits entfernt habe.
Schätze diese Datei und die Funde in Spybot hängen zusammen.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Christoph :: CHRISTOPH-TOSH [Administrator]

17.08.2013 11:54:15
mbam-log-2013-08-17 (11-54-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227617
Laufzeit: 3 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Christoph\AppData\Local\Temp\KMP_3.6.0.87.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Gibts ne Möglichkeit die Datei dauerhaft zu löschen? Ich dachte immer KMP wäre der KMPlayer, also ein Abspielvideoplayer der ganz ungefährlich ist oder ist das hier was anderes, in jedem Fall kommt es immer wieder.

die Datei war wohl deshalb einmal entfernt als ich erneut gescannt hatte, weil Malwarebytes die KMP_3.6.0.87.exe während eines Neustartes entfernt hat. Dann hat sie sich wohl beim nächsten Neustart ohne Malwarebytes wieder aktiviert.

Dieser Beitrag wurde am 17.08.2013 um 12:16 Uhr von Madn editiert.

18.08.2013, 18:16

Swisstreasure

Moderator

Beiträge: 5694

#14 Bitte• alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
• keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
• nichts am Rechner arbeiten,
• nach jedem Scan der Rechner neu gestarten.Gmer scannen lassen

• Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
• Sollte sich ein Fenster mit folgender Warnung öffnen:[indent]WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?[/indent]Unbedingt auf "No" klicken.
• Entferne rechts den Hacken bei:
• IAT/EAT
• Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
• Show all (sollte abgehackt sein)
• Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.• Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

18.08.2013, 19:51

Madn

Member

Themenstarter

Beiträge: 108

#15 Hab den Scan mit Gmer abgeschlossen

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-18 19:49:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 465,76GB
Running: iyoptpn6.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\pwliruoc.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800035eb000 63 bytes [00, 00, 3A, 00, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 610 fffff800035eb042 4 bytes [00, 00, 00, 00]

---- EOF - GMER 2.1 ----

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2