Bundespolizei Virus

theBeGinner · 07.08.2011, 10:51

Hallo,
ich habe nun auch den Bundespolizei-Virus. Ich habe mir schon die Boot-CD mit OTLPENet.exe gemacht, sowie OTLP gestartet. Hier sind die Logs:

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 8/7/2011 12:36:47 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 18000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 579.76 Gb Free Space | 82.98% Space Free | Partition Type: NTFS
Drive D: | 122.28 Mb Total Space | 94.59 Mb Free Space | 77.36% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/02 08:11:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/15 08:05:52 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/28 15:55:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/16 05:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 08:10:01 | 000,079,360 | ---- | M] (Creative Labs) [Disabled] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/09/24 14:03:00 | 000,079,360 | ---- | M] (Creative Labs) [Disabled] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/04/30 07:23:26 | 000,090,112 | ---- | M] () [Auto] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/19 20:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2009/02/23 05:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/02/23 05:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Disabled] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/10/20 16:18:26 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/07/02 08:11:24 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/02 08:11:24 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/10/02 07:15:47 | 000,314,016 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/10/02 07:15:47 | 000,043,680 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/03 20:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2009/06/03 20:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2009/06/03 20:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2009/06/03 20:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2009/06/03 20:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2009/06/03 20:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009/04/08 09:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/19 21:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009/01/13 13:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 13:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 13:14:40 | 000,036,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2009/01/13 13:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/01/13 13:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/08/18 13:37:45 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008/05/16 07:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008/05/16 07:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008/05/16 07:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/05/16 07:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008/05/16 07:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008/05/16 07:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008/05/16 07:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2008/02/02 16:24:00 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E60x64.sys -- (L1E)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/09 07:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2007/03/05 06:03:59 | 002,048,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2007/03/05 06:03:48 | 000,147,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2007/03/05 06:03:26 | 000,290,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2007/03/05 06:03:20 | 000,017,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2007/03/05 06:03:13 | 000,218,424 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2007/03/05 06:02:53 | 000,862,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2007/03/05 06:02:47 | 000,580,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2007/03/05 05:58:53 | 000,123,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007/03/05 05:58:48 | 000,252,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007/03/05 05:58:43 | 001,571,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007/03/05 05:58:37 | 000,363,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007/03/05 05:58:29 | 000,190,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007/03/05 05:58:24 | 000,142,136 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV:64bit: - [2007/03/05 05:58:18 | 000,321,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007/03/05 05:58:12 | 000,219,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2007/03/05 05:58:07 | 000,681,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - [2007/03/05 05:58:01 | 000,700,216 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV:64bit: - [2007/03/05 05:57:52 | 000,157,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV:64bit: - [2007/02/08 13:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV:64bit: - [2007/01/23 03:20:34 | 000,040,216 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vcd9bus.sys -- (vcd9bus)
DRV:64bit: - [2007/01/18 10:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/12/27 19:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006/10/31 11:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/08/11 09:50:02 | 000,078,208 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV:64bit: - [2006/07/05 08:41:45 | 000,075,640 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV:64bit: - [2006/06/14 10:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2002/07/17 11:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Andreas_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\Andreas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\Andreas_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Andreas_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Andreas_ON_C\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - Reg Error: Key error. File not found
IE - HKU\Andreas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\Opera\program\plugins\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/03/03 08:45:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/28 10:15:59 | 000,000,000 | ---D | M]
 
[2010/11/21 17:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions
[2010/11/21 17:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
O3 - HKU\Andreas_ON_C\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\Andreas_ON_C\..\Toolbar\WebBrowser: (no name) - {38542454-DFB6-44F5-B052-D4E071A3D073} - No CLSID value found.
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKU\Andreas_ON_C..\Run: [4Y3Y0C3A8F7XZA5WSGYKCA] C:\Recycle.Bin\B6232F3A820.exe (Got Idle Testy Glob)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab (GameTap Web Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://tonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://tonline.oberon-media.com/gameshell/games/channel--110403623/lc--de/room--5800b24c-f8d7-4149-81c2-3a7f7a5a1891/online/peggle/de/popcaploader_v10_en.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Andreas_ON_C Winlogon: Shell - (C:\Users\Andreas\AppData\Local\Temp\0.33536889630437516.exe) - C:\Users\Andreas\AppData\Local\Temp\0.33536889630437516.exe ()
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{36b06e10-6d53-11dd-a410-00221517ba50}\Shell - "" = AutoRun
O33 - MountPoints2\{36b06e10-6d53-11dd-a410-00221517ba50}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{6a6fda10-e123-11df-822b-00221517ba50}\Shell - "" = AutoRun
O33 - MountPoints2\{6a6fda10-e123-11df-822b-00221517ba50}\Shell\AutoRun\command - "" = E:\pushinst.exe
O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell\directx\command - "" = D:\DirectX9\dxsetup.exe
O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell\setup\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/08/07 12:30:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/27 12:46:21 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion
[2011/07/27 12:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion
[2011/07/27 12:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KaM - The Peasants Rebellion
[2011/07/24 09:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/24 09:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/07/24 09:13:41 | 006,284,664 | ---- | C] (Microsoft Corporation) -- C:\Users\Andreas\Documents\Silverlight.exe
[2011/07/13 10:25:14 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2011/07/13 10:25:11 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/13 10:25:11 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2010/11/06 17:53:25 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC325.dll
[2010/09/26 07:35:04 | 000,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009/06/03 18:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/08/06 18:22:38 | 000,064,756 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000001-00001102-00000005-00291102}.rfx
[2011/08/06 18:22:38 | 000,062,256 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00291102}.rfx
[2011/08/06 18:22:38 | 000,062,256 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000001-00001102-00000005-00291102}.rfx
[2011/08/06 18:22:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/06 18:22:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 18:22:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 18:14:31 | 000,777,460 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/08/06 18:14:31 | 000,720,492 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/06 18:14:31 | 000,190,712 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/08/06 18:14:31 | 000,154,962 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/06 18:04:32 | 000,064,756 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2011/08/06 18:04:32 | 000,060,844 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2011/08/06 18:04:32 | 000,060,844 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2011/08/06 17:27:40 | 000,531,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/06 14:41:47 | 000,292,437 | ---- | M] () -- C:\Users\Andreas\Desktop\8FF6FB1520F458D8E684D7B0514177B7F3AED93A.torrent
[2011/08/06 11:26:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AAC9CB54-4DEE-43C7-9291-CF5B1E98A3A1}.job
[2011/07/27 15:40:22 | 000,000,930 | ---- | M] () -- C:\Users\Andreas\Desktop\KaM - The Peasants Rebellion.lnk
[2011/07/27 12:46:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion
[2011/07/26 12:31:30 | 000,019,968 | ---- | M] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/24 09:15:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/24 09:14:52 | 006,284,664 | ---- | M] (Microsoft Corporation) -- C:\Users\Andreas\Documents\Silverlight.exe
[2011/07/19 09:27:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VistaCodecs
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/08/06 14:41:47 | 000,292,437 | ---- | C] () -- C:\Users\Andreas\Desktop\8FF6FB1520F458D8E684D7B0514177B7F3AED93A.torrent
[2011/07/27 15:40:22 | 000,000,930 | ---- | C] () -- C:\Users\Andreas\Desktop\KaM - The Peasants Rebellion.lnk
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/26 09:41:17 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010/10/31 08:02:34 | 000,000,680 | ---- | C] () -- C:\Users\Andreas\AppData\Local\d3d9caps.dat
[2010/10/26 15:53:39 | 000,001,460 | ---- | C] () -- C:\Users\Andreas\AppData\Local\d3d9caps64.dat
[2010/10/24 17:48:38 | 000,017,043 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\UserTile.png
[2010/09/26 07:35:04 | 000,325,724 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/09/26 07:35:04 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2010/09/26 07:35:04 | 000,055,904 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/09/26 07:35:04 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2010/09/26 07:35:04 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/06/11 06:00:57 | 000,000,473 | ---- | C] () -- C:\Windows\eReg.dat
[2010/04/16 17:24:33 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\KMVIDC32.DLL
[2009/12/18 07:38:05 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\AscSQLite.dll
[2009/11/04 13:09:27 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/10/25 10:58:05 | 000,000,095 | ---- | C] () -- C:\Users\Andreas\AppData\Local\fusioncache.dat
[2009/09/24 11:34:10 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009/09/24 06:26:38 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/24 06:26:10 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/24 06:25:46 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/19 05:17:51 | 000,019,968 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/04 10:17:47 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe
[2009/08/04 10:17:47 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini
[2009/06/03 19:37:08 | 000,097,713 | R--- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/06/03 18:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009/06/03 18:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009/05/30 08:16:28 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2009/05/29 11:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 11:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/05/27 03:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/04/06 16:33:45 | 000,000,000 | ---- | C] () -- C:\Windows\zSpy.INI
[2009/04/05 11:05:37 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/01/30 08:31:36 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/01/30 08:31:36 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/01/30 08:31:36 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/01/30 08:24:43 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/08/20 15:43:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/08/20 05:39:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/08/18 14:08:26 | 000,000,374 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/18 13:05:28 | 000,000,044 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/08/15 05:39:11 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2008/08/15 05:39:10 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2008/08/15 05:39:10 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008/08/15 05:19:41 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BelkinInsDrvZD.dll
[2008/08/15 05:19:41 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
[2008/08/15 05:19:41 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\BelkinPlugMessageBox9x.exe
[2008/08/15 05:19:41 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\BelkinUnplugMessageBox.exe
[2008/08/15 05:19:41 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\BelkinPlugMessageBox.exe
[2008/08/13 04:13:06 | 001,723,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/08/13 04:11:57 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2008/08/13 04:11:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008/08/13 04:11:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/07/23 12:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/09/04 07:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/03/05 03:10:20 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBURST.DLL
[2007/03/05 03:09:04 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\PSCONV.EXE
[2007/02/05 15:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/10/04 11:28:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\CTMMACTL.DLL
[2002/08/13 11:04:12 | 000,217,088 | R--- | C] () -- C:\Windows\SysWow64\MafiaSetup.exe
[1933/10/17 04:19:52 | 007,254,894 | ---- | C] () -- C:\Windows\SysWow64\speed.exe
[1933/10/17 04:19:52 | 000,380,928 | R--- | C] () -- C:\Windows\SysWow64\server.dll
 
========== LOP Check ==========
 
[2011/08/06 14:52:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Azureus
[2010/07/19 06:05:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Bioshock
[2009/04/10 15:45:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe_Limited
[2009/12/13 08:46:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/03/13 09:49:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\CPUControl
[2008/08/18 13:36:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools
[2009/04/10 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DeepBurner
[2009/06/12 07:24:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\hdbADS
[2010/03/10 12:00:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IrfanView
[2010/06/15 13:01:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2010/06/15 13:02:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2009/07/08 07:47:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mount&Blade
[2010/07/01 01:59:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mount&Blade Warband
[2009/06/12 07:24:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MrJobs
[2010/03/16 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Music Recognition
[2010/10/20 13:11:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MyPhoneExplorer
[2011/01/29 14:30:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Opera
[2010/10/24 17:48:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PeerNetworking
[2009/03/10 13:15:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\The Creative Assembly
[2010/11/21 17:07:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
[2008/08/27 05:48:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software
[2011/06/15 11:15:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Turbine
[2011/03/01 13:35:24 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft
[2011/05/15 08:08:31 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\uqm
[2009/10/25 06:57:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VistaCodecs
[2010/07/26 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\WB Games
[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/10/12 09:06:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Azureus
[2010/10/26 13:11:11 | 000,000,000 | ---D | M] -- C:\ProgramData\BioWare
[2008/11/02 16:35:01 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2010/09/23 11:42:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Codemasters
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/04/10 09:53:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/07/23 12:07:36 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2009/08/09 06:16:24 | 000,000,000 | ---D | M] -- C:\ProgramData\MoTeC
[2009/07/08 16:14:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2008/10/29 18:18:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Steam
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/03/01 13:35:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2009/10/25 06:57:42 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs
[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/11/03 06:30:53 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/08/13 04:14:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/02/07 12:07:29 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2011/08/06 18:22:34 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/06 11:26:59 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AAC9CB54-4DEE-43C7-9291-CF5B1E98A3A1}.job
 
========== Purity Check ==========
 
 
< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 8/7/2011 12:36:47 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 18000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 579.76 Gb Free Space | 82.98% Space Free | Partition Type: NTFS
Drive D: | 122.28 Mb Total Space | 94.59 Mb Free Space | 77.36% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = F5 D8 3F EA 20 3D CA 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Andreas_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
< End of report >

Was muss ich jetzt tun?

Gruß theBeGinner

cosinus · 09.08.2011, 13:04

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O20 - HKU\Andreas_ON_C Winlogon: Shell - (C:\Users\Andreas\AppData\Local\Temp\0.33536889630437516.exe) - C:\Users\Andreas\AppData\Local\Temp\0.33536889630437516.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{36b06e10-6d53-11dd-a410-00221517ba50}\Shell - "" = AutoRun
O33 - MountPoints2\{36b06e10-6d53-11dd-a410-00221517ba50}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{6a6fda10-e123-11df-822b-00221517ba50}\Shell - "" = AutoRun
O33 - MountPoints2\{6a6fda10-e123-11df-822b-00221517ba50}\Shell\AutoRun\command - "" = E:\pushinst.exe
O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell\directx\command - "" = D:\DirectX9\dxsetup.exe
O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell\setup\command - "" = D:\setup.exe
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

theBeGinner · 09.08.2011, 19:36

Hallo cosinus, danke für die Antwort,
kann leider erst am Sonntag wieder an
meinen Rechner, da ich diese Woche
verhindert bin, werden mich dann
melden, ob es geklappt hat!
Gruß theBeGinner

theBeGinner · 14.08.2011, 21:27

Also habe den Fix jetzt wie beschrieben gemacht, jedoch hat es nichts geholfen!

Hier ist das OTL Logfile:

Code:

ATTFilter

========== OTL ==========
Registry value HKEY_USERS\Andreas_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C :\Users\Andreas\ AppData\Local\Temp\ 0.33536889630437516.exe deleted successfully.
Item C: is whitelisted and cannot be moved.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File X: \AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36b06e 10-6d53- 11dd-a410-00221517 ba50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36b06e 10-6d53- 11dd-a410-00221517 ba50}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36b06e 10-6d53- 11dd-a410-00221517 ba50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36b06e 10-6d53- 11dd-a410-00221517 ba50}\ not found.
File F:\ autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a6fda 10-e123-11df -822b-00221517ba 50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a6fda 10-e123-11df -822b-00221517ba 50}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a6fda 10-e123-11df -822b-00221517ba 50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a6fda 10-e123-11df -822b-00221517ba 50}\ not found.
File E:\pushinst .exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e97f9 dc0-d2 f0-11de- 9e9a- 806e6f6e 6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e97f9 dc0-d2 f0-11de- 9e9a- 806e6f6e 6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e97f9 dc0-d2 f0-11de- 9e9a- 806e6f6e 6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e97f9 dc0-d2 f0-11de- 9e9a- 806e6f6e 6963}\ not found.
File D:\ autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e97f9 dc0-d2 f0-11de- 9e9a- 806e6f6e 6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e97f9 dc0-d2 f0-11de- 9e9a- 806e6f6e 6963}\ not found.
File D:\ DirectX9\dxsetup not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e97f9 dc0-d2 f0-11de- 9e9a- 806e6f6e 6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e97f9 dc0-d2 f0-11de- 9e9a- 806e6f6e 6963}\ not found.
File D: \setup.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 08152011_011441

theBeGinner · 14.08.2011, 22:14

Ok hab jetzt doch noch hinbekommen! Du hast beim Fix in der zweiten Zeile vergessen etwas zu kopieren, hab es aber im OTL-Log selbst gefunden und den Fix editiert! Kann jetzt wieder in Windows rein.

Hier ist das OTL-Fix-Log:

Code:

ATTFilter

========== OTL ==========
Registry value HKEY_USERS\Andreas_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Andreas\AppData\Local\Temp\0.33536889630437516.exe deleted successfully.
C:\Users\Andreas\AppData\Local\Temp\0.33536889630437516.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36b06e10-6d53-11dd-a410-00221517ba50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36b06e10-6d53-11dd-a410-00221517ba50}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36b06e10-6d53-11dd-a410-00221517ba50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36b06e10-6d53-11dd-a410-00221517ba50}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a6fda10-e123-11df-822b-00221517ba50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a6fda10-e123-11df-822b-00221517ba50}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a6fda10-e123-11df-822b-00221517ba50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a6fda10-e123-11df-822b-00221517ba50}\ not found.
File E:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\ not found.
File D:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\ not found.
File D:\DirectX9\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\ not found.
File D:\setup.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 08152011_025812

Den movedFiles Ordner hab ich auch hochgeladen!
Was soll ich jetzt tun?

cosinus · 15.08.2011, 13:52

Zitat:

Ok hab jetzt doch noch hinbekommen! Du hast beim Fix in der zweiten Zeile vergessen etwas zu kopieren, hab es aber im OTL-Log selbst gefunden und den Fix editiert! Kann jetzt wieder in Windows rein.

Nein! Ich hab da da nichts vergessen! Du muss beim Kopieren was vergessen haben!

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL-Custom:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

theBeGinner · 15.08.2011, 14:34

Hier ist das Malwarebytes-Log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7467

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

15.08.2011 00:41:28
mbam-log-2011-08-15 (00-41-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|F:\|)
Durchsuchte Objekte: 366550
Laufzeit: 54 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3A8F7XZA5WSGYKCA (Trojan.Spyeyes) -> Value: 4Y3Y0C3A8F7XZA5WSGYKCA -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Recycle.Bin\b6232f3a820.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\Recycle.Bin\a7d9b803899d9b1 (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Und hier OTL.txt:

Code:

ATTFilter

OTL logfile created on: 15.08.2011 15:21:20 - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = C:\
64bit-Windows (TM) Vista Home Premium  (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free
10,00 Gb Paging File | 8,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 18000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 581,13 Gb Free Space | 83,18% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.02 14:11:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.15 14:05:52 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.28 21:55:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 14:10:01 | 000,079,360 | ---- | M] (Creative Labs) [Disabled] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009.09.24 20:03:00 | 000,079,360 | ---- | M] (Creative Labs) [Disabled] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 02:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Disabled] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2002.07.17 17:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002.07.17 17:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\Software\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\PROGRA~2\Opera\program\plugins\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.03.03 14:45:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.28 16:15:59 | 000,000,000 | ---D | M]
 
[2010.11.21 23:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2010.11.21 23:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
 
O1 HOSTS File: ([2011.08.15 08:58:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
O3 - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\..\Toolbar\WebBrowser: (no name) - {38542454-DFB6-44F5-B052-D4E071A3D073} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab (GameTap Web Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://tonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://tonline.oberon-media.com/gameshell/games/channel--110403623/lc--de/room--5800b24c-f8d7-4149-81c2-3a7f7a5a1891/online/peggle/de/popcaploader_v10_en.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003 Winlogon: Shell - (C:\Users\Andreas\AppData\Local\Temp\0.33536889630437516.exe) -  File not found
O24 - Desktop WallPaper: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{36b06e10-6d53-11dd-a410-00221517ba50}\Shell - "" = AutoRun
O33 - MountPoints2\{36b06e10-6d53-11dd-a410-00221517ba50}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{6a6fda10-e123-11df-822b-00221517ba50}\Shell - "" = AutoRun
O33 - MountPoints2\{6a6fda10-e123-11df-822b-00221517ba50}\Shell\AutoRun\command - "" = E:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Andreas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\PROGRA~2\MICROS~1\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AsioReg - hkey= - key= - C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: AsioThk32Reg - hkey= - key= - C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: AudioDrvEmulator - hkey= - key= - C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: Creative MediaSource Go - hkey= - key= - C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: CreativeTaskScheduler - hkey= - key= - C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: CTHelper - hkey= - key= - C:\Windows\SysWow64\CTHELPER.EXE (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: EADM - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EADM\EADMUI.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: F5D7050v3 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: FBSSA - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: igndlm.exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: NvCplDaemon - hkey= - key= - C:\Windows\System32\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NvMediaCenter - hkey= - key= - C:\Windows\System32\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Performance Center - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RCSystem - hkey= - key= - C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: VolPanel - hkey= - key= - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: zerepepa - hkey= - key= -  File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1237F2C6-1D0F-9087-61E3-722F665D4D6F} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {342DA84B-B5F5-7DA5-51CA-DA27053DCCE8} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.iv31 - C:\Windows\SysWOW64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\SysWOW64\ir32_32.dll (Intel(R) Corporation)
Drivers32: VIDC.MKVC - C:\Windows\SysWow64\KMVIDC32.DLL ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.15 08:58:13 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011.08.15 05:50:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.15 01:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2011.08.14 23:44:52 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.08.14 23:44:52 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.14 23:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.14 23:22:08 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2011.08.14 23:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.14 23:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.08.14 23:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011.08.07 18:30:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.07.27 18:46:21 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion
[2011.07.27 18:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion
[2011.07.27 18:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KaM - The Peasants Rebellion
[2011.07.24 15:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.07.24 15:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010.11.06 23:53:25 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC325.dll
[2010.09.26 13:35:04 | 000,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009.06.04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[15 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.15 11:47:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.15 01:20:56 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AAC9CB54-4DEE-43C7-9291-CF5B1E98A3A1}.job
[2011.08.15 01:01:30 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires III.lnk
[2011.08.15 01:01:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011.08.14 23:44:52 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.14 23:44:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.14 23:36:05 | 001,821,944 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.14 23:14:16 | 000,099,408 | ---- | M] () -- C:\Users\Andreas\Desktop\movedFiles.zip
[2011.07.27 21:40:22 | 000,000,930 | ---- | M] () -- C:\Users\Andreas\Desktop\KaM - The Peasants Rebellion.lnk
[2011.07.27 18:46:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion
[2011.07.26 18:31:30 | 000,019,968 | ---- | M] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.24 15:15:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.07.19 15:27:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VistaCodecs
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[15 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.15 01:01:30 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires III.lnk
[2011.08.14 23:44:52 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.14 23:14:16 | 000,099,408 | ---- | C] () -- C:\Users\Andreas\Desktop\movedFiles.zip
[2011.07.27 21:40:22 | 000,000,930 | ---- | C] () -- C:\Users\Andreas\Desktop\KaM - The Peasants Rebellion.lnk
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.26 15:41:17 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010.10.31 14:02:34 | 000,000,680 | ---- | C] () -- C:\Users\Andreas\AppData\Local\d3d9caps.dat
[2010.10.26 21:53:39 | 000,001,460 | ---- | C] () -- C:\Users\Andreas\AppData\Local\d3d9caps64.dat
[2010.10.24 23:48:38 | 000,017,043 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\UserTile.png
[2010.09.26 13:35:04 | 000,325,724 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010.09.26 13:35:04 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2010.09.26 13:35:04 | 000,055,904 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010.09.26 13:35:04 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2010.09.26 13:35:04 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010.06.11 12:00:57 | 000,000,473 | ---- | C] () -- C:\Windows\eReg.dat
[2010.04.16 23:24:33 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\KMVIDC32.DLL
[2009.12.18 13:38:05 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\AscSQLite.dll
[2009.11.04 19:09:27 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009.10.25 16:58:05 | 000,000,095 | ---- | C] () -- C:\Users\Andreas\AppData\Local\fusioncache.dat
[2009.09.24 17:34:10 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009.09.24 12:26:38 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.24 12:26:10 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.09.24 12:25:46 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.08.19 11:17:51 | 000,019,968 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.04 16:17:47 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe
[2009.08.04 16:17:47 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini
[2009.06.04 01:37:08 | 000,097,713 | R--- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.06.04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009.05.30 14:16:28 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2009.05.29 17:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 17:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.05.27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009.04.06 22:33:45 | 000,000,000 | ---- | C] () -- C:\Windows\zSpy.INI
[2009.04.05 17:05:37 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2009.01.30 14:31:36 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009.01.30 14:31:36 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009.01.30 14:31:36 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009.01.30 14:24:43 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.08.20 21:43:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.08.20 11:39:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.08.18 20:08:26 | 000,000,374 | ---- | C] () -- C:\Windows\wininit.ini
[2008.08.18 19:05:28 | 000,000,044 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.08.15 11:39:11 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2008.08.15 11:39:10 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2008.08.15 11:39:10 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008.08.15 11:19:41 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BelkinInsDrvZD.dll
[2008.08.15 11:19:41 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
[2008.08.15 11:19:41 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\BelkinPlugMessageBox9x.exe
[2008.08.15 11:19:41 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\BelkinUnplugMessageBox.exe
[2008.08.15 11:19:41 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\BelkinPlugMessageBox.exe
[2008.08.13 10:13:06 | 001,821,944 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.08.13 10:11:57 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2008.08.13 10:11:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008.08.13 10:11:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.07.23 18:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.09.04 13:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007.03.05 09:10:20 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBURST.DLL
[2007.03.05 09:09:04 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\PSCONV.EXE
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.10.04 17:28:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\CTMMACTL.DLL
[2002.08.13 17:04:12 | 000,217,088 | R--- | C] () -- C:\Windows\SysWow64\MafiaSetup.exe
[1933.10.17 10:19:52 | 007,254,894 | ---- | C] () -- C:\Windows\SysWow64\speed.exe
[1933.10.17 10:19:52 | 000,380,928 | R--- | C] () -- C:\Windows\SysWow64\server.dll
 
========== LOP Check ==========
 
[2011.08.14 23:26:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Azureus
[2010.07.19 12:05:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Bioshock
[2009.04.10 21:45:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe_Limited
[2009.12.13 14:46:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009.03.13 15:49:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\CPUControl
[2008.08.18 19:36:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools
[2009.04.10 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DeepBurner
[2009.06.12 13:24:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\hdbADS
[2010.03.10 18:00:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IrfanView
[2010.06.15 19:01:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2010.06.15 19:02:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2009.07.08 13:47:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mount&Blade
[2010.07.01 07:59:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mount&Blade Warband
[2009.06.12 13:24:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MrJobs
[2010.03.16 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Music Recognition
[2010.10.20 19:11:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MyPhoneExplorer
[2011.01.29 20:30:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Opera
[2010.10.24 23:48:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PeerNetworking
[2009.03.10 19:15:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\The Creative Assembly
[2010.11.21 23:07:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
[2008.08.27 11:48:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software
[2011.06.15 17:15:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Turbine
[2011.03.01 19:35:24 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft
[2011.05.15 14:08:31 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\uqm
[2009.10.25 12:57:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VistaCodecs
[2010.07.26 22:41:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\WB Games
[2011.08.15 01:19:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Age of Empires 3
[2008.08.15 10:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008.10.12 15:06:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Azureus
[2010.10.26 19:11:11 | 000,000,000 | ---D | M] -- C:\ProgramData\BioWare
[2008.11.02 22:35:01 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2010.09.23 17:42:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Codemasters
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008.08.15 10:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011.04.10 15:53:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008.08.15 10:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009.07.23 18:07:36 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2009.08.09 12:16:24 | 000,000,000 | ---D | M] -- C:\ProgramData\MoTeC
[2009.07.08 22:14:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008.08.15 10:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2008.10.30 00:18:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Steam
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011.03.01 19:35:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2009.10.25 12:57:42 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs
[2008.08.15 10:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008.11.03 12:30:53 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2011.08.14 23:17:27 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2008.08.13 10:14:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010.02.07 18:07:29 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2011.08.15 03:51:24 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.15 01:20:56 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AAC9CB54-4DEE-43C7-9291-CF5B1E98A3A1}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
 
Invalid Environment Variable: %APPDATA%\*.
 
Invalid Environment Variable: %APPDATA%\*.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINXPCD\I386\sp1.cab:atapi.sys
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\System32\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[15 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< CREATERESTOREPOINT >
< End of report >

cosinus · 15.08.2011, 18:23

Zitat:

c:\Recycle.Bin\b6232f3a820.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\Recycle.Bin\a7d9b803899d9b1 (Trojan.Spyeyes)

Machst du Onlinebanking oder ähnliche kritische Dinge mit diesem PC unter dieser verseuchten Windows-Installation?

theBeGinner · 15.08.2011, 20:50

Ja! Soll ich die Passwörter wechseln?

cosinus · 15.08.2011, 21:25

Bei Onlinebanking solltest du generell sehr vorsichtig sein und überlegen ob du den Kompromiss einer Bereinigung wirklich eingehen willst.
Normalerweise empfiehlt man bei sowas eine Neuinstallation von Windows.

theBeGinner · 15.08.2011, 21:38

Leider besitze ich jedoch keine Windows-CD, Vista war vorinstalliert! Ich müsste mir also erst Windows kaufen!

Sollte ich mit diesem PC keine empfindlichen Sachen, wie Onlinebanking mehr beitreiben oder?

Gibt es keine andere Möglichkeit als Neuinstallation von Windows?

cosinus · 15.08.2011, 21:41

Dann hat das Teil eine Recoverypartition oder du hättest dir beim ersten Einschalten des Geräts mal das Handbuch durchlesen müssen...

Zitat:

Gibt es keine andere Möglichkeit als Neuinstallation von Windows?

Wenn du dann nie wieder Onlinebanking machen willst auf diesem bereinigten Windows...

15.08.2011, 21:25	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Virus Bei Onlinebanking solltest du generell sehr vorsichtig sein und überlegen ob du den Kompromiss einer Bereinigung wirklich eingehen willst. Normalerweise empfiehlt man bei sowas eine Neuinstallation von Windows. __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolizei Virus

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Virus