Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Völlig vervirter Rechner

Völlig vervirter Rechner


Log-Analyse und Auswertung: Völlig vervirter Rechner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.09.2011, 22:20   #1
Jazzaquarium
 
Völlig vervirter Rechner - Standard

Völlig vervirter Rechner


Guten Abend,

ich sitze gerade am Rechner meines Vaters. Ich bin mir ziemlich sicher dass er unglaublich vervirt ist. Leider hat GMER nicht angezeigt. Es kam nur die Nachricht dass das Sytem nicht "modifiziert" ist.
Im Anhang schicke ich die "Log"-Dateien von OTL.

Vielen Dank für dieses Angebot hier und vielen Dank im voraus für die Hilfe,
Beste Grüße
Steve

P.S. Die OTL.txt läßt sich nicht anhängen deswegen poste ich ihn hier! Ich hoffe dies ist Ok.



OTL logfile created on: 05.09.2011 22:37:49 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\***\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,79% Memory free
8,21 Gb Paging File | 5,73 Gb Available in Paging File | 69,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917,00 Gb Total Space | 220,30 Gb Free Space | 24,02% Space Free | Partition Type: NTFS
Drive D: | 14,51 Gb Total Space | 2,00 Gb Free Space | 13,76% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.09.05 22:37:00 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2011.09.05 22:22:59 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.08.20 09:50:49 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011.06.30 19:48:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.29 14:57:16 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.11.05 14:38:27 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.02.15 12:49:40 | 000,155,648 | ---- | M] (Philips) -- C:\Windows\VPro530.exe
PRC - [2007.07.27 19:24:46 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe


========== Modules (No Company Name) ==========

MOD - [2011.09.05 22:22:59 | 001,014,744 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011.07.24 15:36:52 | 000,101,376 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\anc446cb.default\extensions\{3ad61e5c-eecb-4896-9c8c-03d61f90d8fe}\components\RadioWMPCoreGecko19.dll
MOD - [2011.07.24 15:36:52 | 000,077,312 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\anc446cb.default\extensions\{3ad61e5c-eecb-4896-9c8c-03d61f90d8fe}\components\RadioWMPCoreGecko6.dll
MOD - [2011.07.24 15:36:52 | 000,076,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\anc446cb.default\extensions\{3ad61e5c-eecb-4896-9c8c-03d61f90d8fe}\components\RadioWMPCoreGecko5.dll
MOD - [2011.01.17 15:41:40 | 000,101,376 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\anc446cb.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\components\RadioWMPCore.dll
MOD - [2011.01.17 15:41:40 | 000,052,224 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\anc446cb.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\components\FFExternalAlert.dll
MOD - [2009.04.11 08:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2008.10.05 05:24:02 | 003,695,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008.11.10 00:32:28 | 000,918,528 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2011.06.30 19:48:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 14:57:16 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.11.03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.07.27 19:24:46 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.07.21 12:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.21 12:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008.11.10 04:08:52 | 004,825,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.11.03 18:10:08 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008.08.06 18:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008.05.21 15:30:58 | 000,583,168 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC530.sys -- (SPC530)
DRV:64bit: - [2008.05.21 15:30:58 | 000,008,192 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC530m.sys -- (SPC530m)
DRV:64bit: - [2008.03.07 08:39:00 | 000,113,664 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2006.11.16 18:26:44 | 000,019,248 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys -- (PdiPorts)
DRV - [2008.09.26 03:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.09.10 03:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.shareware-d.com/de/index.php?rvs=hompag
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.shareware-d.com/de/index.php?rvs=hompag
IE - HKLM\..\URLSearchHook: {3ad61e5c-eecb-4896-9c8c-03d61f90d8fe} - C:\Program Files (x86)\webblog\prxtbwebb.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.shareware-d.com/de/index.php?rvs=hompag
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {3ad61e5c-eecb-4896-9c8c-03d61f90d8fe} - C:\Program Files (x86)\webblog\prxtbwebb.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "webblog Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "webblog Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2612550&SearchSource=13"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100006
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.8
FF - prefs.js..extensions.enabledItems: ocr@babylon.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {3ad61e5c-eecb-4896-9c8c-03d61f90d8fe}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.0.20090922023629
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.7.1.3
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.09.04 04:10:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.05 22:23:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.05 22:23:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{528bcd12-8e45-4595-96dd-c92c3989c536}: C:\Program Files (x86)\WEB.DE\WEB.DE MultiMessenger\ThunderbirdSyncProxy [2009.03.20 13:23:12 | 000,000,000 | ---D | M]

[2009.11.12 11:36:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.09.05 21:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\anc446cb.default\extensions
[2009.11.13 08:47:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\anc446cb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.24 14:58:36 | 000,000,000 | ---D | M] (webblog Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\anc446cb.default\extensions\{3ad61e5c-eecb-4896-9c8c-03d61f90d8fe}
[2010.07.10 13:59:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\anc446cb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.01.28 09:51:42 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\anc446cb.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.01.03 20:04:39 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\anc446cb.default\extensions\ffxtlbr@babylon.com
[2011.07.24 14:57:17 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\anc446cb.default\extensions\plugin@yontoo.com
[2011.09.05 08:01:50 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\anc446cb.default\extensions\toolbar@ask.com
[2011.03.04 17:55:31 | 000,002,388 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\anc446cb.default\searchplugins\askcom.xml
[2011.04.17 14:57:18 | 000,001,840 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\anc446cb.default\searchplugins\bing.xml
[2011.07.24 15:36:52 | 000,000,917 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\anc446cb.default\searchplugins\conduit.xml
[2011.09.05 12:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.05 12:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.07.24 14:57:41 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\Program Files (x86)\mozilla firefox\extensions\ocr@babylon.com
[2011.09.04 04:10:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.09.05 12:16:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.05 22:23:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.07.24 14:57:17 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.09.05 22:23:01 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.05 22:23:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.05 22:23:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.05 22:23:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ALOT Symbolleiste Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (webblog Toolbar) - {3ad61e5c-eecb-4896-9c8c-03d61f90d8fe} - C:\Program Files (x86)\webblog\prxtbwebb.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKLM\..\Toolbar: (webblog Toolbar) - {3ad61e5c-eecb-4896-9c8c-03d61f90d8fe} - C:\Program Files (x86)\webblog\prxtbwebb.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ALOT Symbolleiste) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (webblog Toolbar) - {3AD61E5C-EECB-4896-9C8C-03D61F90D8FE} - C:\Program Files (x86)\webblog\prxtbwebb.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)
O4 - HKCU..\Run: [WEB.DE_WEB.DE MultiMessenger] C:\Program Files (x86)\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE (WEB.DE GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3474CE74-B4E8-48EB-85D6-02FB841FB1BD}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{20BC354E-45E0-4908-9143-B3CEB8EE3FE6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
MsConfig:64bit - StartUpReg: CLMLServer for HP TouchSmart - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: DT PHL - hkey= - key= - C:\Program Files (x86)\Philips Display\SmartControl II\DTHtml.exe (Portrait Displays, Inc)
MsConfig:64bit - StartUpReg: DVDAgent - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: TSMAgent - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdateP2GoShortCut - hkey= - key= - c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePDIRShortCut - hkey= - key= - c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePSTShortCut - hkey= - key= - c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.09.05 22:33:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan
[2011.09.05 12:17:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.09.05 12:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.09.05 12:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.09.05 12:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.09.05 08:00:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{56BCC918-016B-45A6-8579-74AD56B98223}
[2011.09.05 07:59:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FA966FFB-B76C-4649-82FA-D528884845A6}
[2011.09.04 14:50:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5474D179-E05A-4A2E-ADEB-2562AB6584B7}
[2011.09.04 14:49:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9194ED44-93AE-451F-95D5-B8651DE07299}
[2011.09.03 14:40:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{608964BA-D5B7-42E6-B87E-87947E97DBF6}
[2011.09.03 14:39:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{101AA30C-A252-4FF2-AE6A-2F17DD02AAC7}
[2011.09.03 12:10:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{900063E0-FFF2-4781-BB1E-6AF8AD4B582B}
[2011.09.03 12:09:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6E811A22-DA77-4586-9ECD-345A9F02DAEC}
[2011.09.03 00:07:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0CA59C1D-4EB7-4980-AEB5-84DAF32966EE}
[2011.09.03 00:06:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1B5DC497-F169-452C-845D-8B2DE92E0AEC}
[2011.09.01 19:21:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E3454B8A-9B00-46EB-86B4-9F70494E0BBC}
[2011.09.01 19:19:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BB74CDAF-18F6-4E21-8C28-246DB414FD91}
[2011.08.28 21:36:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F9C385E4-78A2-42BE-92F3-4367FDC6C041}
[2011.08.28 21:35:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C3EA5C60-7520-4880-8B41-5D7A3C59863D}
[2011.08.28 09:35:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{90A8AF27-791D-4643-A216-3C8D4EDF1D4D}
[2011.08.28 09:34:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{818E4C90-67D4-47F9-A05D-B2A05E1D0C00}
[2011.08.27 21:34:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1969161A-AF31-4551-AD2C-2529B0E79F9E}
[2011.08.27 21:33:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D5331E65-7AE5-4711-835C-ED51E7A36E49}
[2011.08.27 11:39:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{30D4B368-F373-4004-A17D-EEB62DFC5D3E}
[2011.08.27 11:38:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{49550FA9-9C32-4958-AB01-A6E53E8E1F72}
[2011.08.26 23:20:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9678F65B-7708-47B3-9D4C-4B9E58B7F31F}
[2011.08.26 23:20:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B5EAB96B-1B97-4D63-8B0A-63FAB0292BE1}
[2011.08.26 16:19:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Yahoo!
[2011.08.26 11:19:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5A48A8AE-9E97-4BF2-B5EC-DE734EE8B860}
[2011.08.26 11:18:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{304080A8-83C6-4455-AE96-32B52E4161A5}
[2011.08.25 19:34:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DFF9EE85-AC87-4A27-9E89-9ABDE13CA35C}
[2011.08.25 19:33:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9BFC7F8D-74B8-44E5-9119-2E3AFCA2A574}
[2011.08.22 00:14:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{98A26F86-535E-4566-92C4-BC526F1BCE3C}
[2011.08.22 00:13:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{363875B0-D0D4-4AB8-8926-2399174B66A3}
[2011.08.21 21:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011.08.21 21:30:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware
[2011.08.21 10:24:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DA5DF64B-2436-4CE2-9217-AEF7122E59F7}
[2011.08.21 10:23:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{46490971-EA0B-4647-964F-718CFDAADD0C}
[2011.08.20 22:23:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{378267EF-473E-4DA2-BCDF-6A014601BAA0}
[2011.08.20 22:21:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{83035B5F-3F3F-4F01-B778-D22CF23745C5}
[2011.08.20 08:28:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E5736431-7717-4DC7-A2E1-3AD481123013}
[2011.08.20 08:27:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5DCBD144-18E2-467E-9BD8-65507393BCBB}
[2011.08.19 08:29:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6387683D-20EA-4458-BC19-2F79E8930C52}
[2011.08.19 08:28:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2D7E0DBD-03DB-4911-A038-E879D9A1E2B4}
[2011.08.18 19:27:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1F597F4D-0BA2-4A70-BFAC-64FE652402D2}
[2011.08.18 19:26:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{817E07EA-E41E-4EEA-9037-058669F63844}
[2011.08.14 21:47:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5A6A2D1E-1943-4060-A326-56D99D9DB1DE}
[2011.08.14 21:47:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{485E63B8-8AAE-4474-A35C-4CC6DAB10F5A}
[2011.08.14 09:46:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{143D4A37-9F8E-4186-A74B-FD279087114F}
[2011.08.14 09:46:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CD231E68-A887-4C84-A133-49F52FC0CA4A}
[2011.08.13 17:26:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6DE80ED9-3EE1-4491-96F2-F5F9F0FEECFC}
[2011.08.13 17:26:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{83F7F8F9-41B4-4661-B553-68E33E7665DE}
[2011.08.12 23:38:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.08.12 23:23:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9F19FC6E-D7A0-4137-8DB4-3BB0CCF6BC78}
[2011.08.12 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BB63D219-1FFA-4266-AB79-72EC206F4DE9}
[2011.08.12 11:22:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B503D4BE-B56C-4429-93FF-AB501964A6FC}
[2011.08.12 11:21:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{50B86330-CF25-4715-B9F0-6932544F5B5B}
[2011.08.11 19:51:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0AD2CEA9-B15E-4E2D-A475-D6FC594FA671}
[2011.08.11 19:50:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8A0312A0-D9F5-4E3F-840E-A617087961CA}
[2011.08.07 15:45:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B9C75BD2-5563-4EAC-BF7B-0011CCB9F8BE}
[2011.08.07 15:44:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0C3B2824-CAF5-4521-B79D-A28D2006DB21}
[2011.08.07 03:25:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7482B77E-720D-48E9-A0C7-7FCFBDBD38AC}
[2011.08.07 03:23:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A86F3C04-F11F-4605-A5B3-5BAB43F768B8}
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.09.05 22:36:41 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.09.05 22:21:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.05 21:58:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.05 21:58:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.05 20:21:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.05 12:24:38 | 000,050,542 | ---- | M] () -- C:\Users\***\Documents\cc_20110905_122429.reg
[2011.09.05 08:19:42 | 000,024,576 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.05 07:58:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.04 16:26:14 | 572,571,817 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.04 15:22:11 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.08.25 20:03:07 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Firstload.lnk
[2011.08.12 23:40:37 | 000,001,967 | ---- | M] () -- C:\Users\***\Desktop\Amazon.lnk
[2011.08.12 23:40:37 | 000,001,959 | ---- | M] () -- C:\Users\***\Desktop\eBay.lnk
[2011.08.12 11:31:47 | 001,467,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.12 11:31:47 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.12 11:31:47 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.12 11:31:47 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.12 11:31:47 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.09.05 22:36:41 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.09.05 12:24:32 | 000,050,542 | ---- | C] () -- C:\Users\***\Documents\cc_20110905_122429.reg
[2011.04.01 17:10:51 | 000,000,038 | ---- | C] () -- C:\Windows\SysWow64\ZX9EQJT7_{B1B3F951-DFF7-4A3D-B57A-0241B2E3164A}.dat
[2011.01.09 19:06:39 | 000,019,600 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010.06.30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010.05.30 21:17:24 | 000,000,251 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini
[2010.03.12 17:11:30 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.01.10 16:31:29 | 000,023,687 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010.01.09 11:47:17 | 000,023,325 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.01.02 00:28:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\MSVolumeRD.dll
[2009.09.17 19:49:25 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.17 19:48:54 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.09.17 19:48:30 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.13 14:58:07 | 000,040,960 | R--- | C] () -- C:\Windows\IGLobbyReg.exe
[2009.05.24 22:27:29 | 000,119,499 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009.03.20 17:21:08 | 000,160,152 | ---- | C] () -- C:\Windows\hpoins14.dat
[2009.03.15 13:40:39 | 000,006,836 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.03.06 15:17:31 | 000,288,627 | ---- | C] () -- C:\Users\***\AppData\Local\yuskceu_nav.dat
[2009.03.06 15:17:01 | 000,002,961 | ---- | C] () -- C:\Users\***\AppData\Local\yuskceu.dat
[2009.03.06 15:17:01 | 000,000,679 | ---- | C] () -- C:\Users\***\AppData\Local\yuskceu_navps.dat
[2009.03.06 15:17:01 | 000,000,089 | ---- | C] () -- C:\Users\***\AppData\Local\yuskceu.bat
[2009.02.28 16:55:31 | 000,024,576 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.16 00:54:08 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.12.15 17:00:22 | 000,000,428 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2008.12.15 16:36:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.12.15 16:33:04 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008.12.15 16:21:01 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008.12.15 16:21:01 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.09.20 03:14:41 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011.09.05 12:18:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.05.20 19:35:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\1&1 Mail & Media GmbH
[2011.01.28 09:53:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint
[2009.03.01 16:51:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DisplayTune
[2011.05.29 11:11:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.09.05 08:18:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firstload
[2010.05.30 21:23:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\muvee Technologies
[2011.09.05 22:33:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2011.03.04 17:49:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.06.17 21:11:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Verimount
[2009.03.20 13:24:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WEB.DE
[2009.02.28 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent
[2009.04.19 19:32:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch
[2011.06.01 18:28:06 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011.09.04 17:11:25 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2009.02.28 15:58:14 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.01.04 10:37:47 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.02.28 15:45:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.03.07 23:23:51 | 000,000,000 | ---D | M] -- C:\Downloads
[2010.09.16 21:21:31 | 000,000,000 | ---D | M] -- C:\Extracted
[2010.08.21 18:45:10 | 000,000,000 | -H-D | M] -- C:\hp
[2009.02.28 15:48:44 | 000,000,000 | ---D | M] -- C:\Intel
[2009.02.28 17:31:50 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.08.19 11:40:53 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.09.05 12:16:19 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.09.05 12:17:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.02.28 15:45:12 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.05 22:39:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.01.28 09:51:13 | 000,000,000 | R--D | M] -- C:\Users
[2009.11.13 14:23:08 | 000,000,000 | ---D | M] -- C:\VideoOutput
[2011.09.04 16:26:14 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\system64\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\system64\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\system64\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >

Alt 05.09.2011, 22:50   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Völlig vervirter Rechner - Standard

Völlig vervirter Rechner


Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________
Alt 05.09.2011, 23:10   #3
Jazzaquarium
 
Völlig vervirter Rechner - Standard

Völlig vervirter Rechner


Vielen Dank erstmal für die Antowrt!
Ich habe gerade Malwarebytes durhclaufen lassen er hat auch etwas gefunden. Ich habe dann entfernen geklickt und den Rechner neugestartet.
Im Moment laß ich ihn nochmal durchlaufen und schike dann den Post.

Besten Dank
Steve
__________________
Alt 06.09.2011, 00:36   #4
Jazzaquarium
 
Völlig vervirter Rechner - Standard

Völlig vervirter Rechner


So der zweite Test ist durch und er hat nichts weiter gefunden.
Hier der Log:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7659

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

06.09.2011 01:35:42
mbam-log-2011-09-06 (01-35-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 403929
Laufzeit: 1 Stunde(n), 21 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 06.09.2011, 08:19   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Völlig vervirter Rechner - Standard

Völlig vervirter Rechner


Zitat:
Ich habe gerade Malwarebytes durhclaufen lassen er hat auch etwas gefunden. Ich habe dann entfernen geklickt und den Rechner neugestartet.
Ja, dann aber auch das Log mit Funden posten!! Ein Log ohne die Funde sagt doch garnicht aus, was entfernt wurde!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.09.2011, 09:58   #6
Jazzaquarium
 
Völlig vervirter Rechner - Standard

Völlig vervirter Rechner


Ok klar,

hier der Log mit den Funden.


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7659

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

06.09.2011 00:00:59
mbam-log-2011-09-06 (00-00-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 181008
Laufzeit: 2 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorNE (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistryDoktor_is1 (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files (x86)\registrydoktor 4.1 (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
c:\program files (x86)\registrydoktor 4.1\definitions (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\registrydoktor 4.1 (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\extracted\password.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files (x86)\registrydoktor 4.1\folderpaths.txt (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
c:\program files (x86)\registrydoktor 4.1\scheduleap.txt (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
c:\program files (x86)\registrydoktor 4.1\Task.dat (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
c:\program files (x86)\registrydoktor 4.1\task.xml (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
c:\program files (x86)\registrydoktor 4.1\unins000.dat (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
c:\program files (x86)\registrydoktor 4.1\unins000.exe (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
c:\program files (x86)\registrydoktor 4.1\definitions\200812.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\registrydoktor 4.1\registry doktor 4.1 entfernen.lnk (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.

Alt 06.09.2011, 11:25   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Völlig vervirter Rechner - Standard

Völlig vervirter Rechner


Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten! Ich hab doch etxra VOLLSCAN geschrieben!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Völlig vervirter Rechner
adobe, antivir, autorun, avira, babylon, bho, bingbar, c:\windows\system32\rundll32.exe, conduit, defender, desktop, dsl, error, explorer, firefox, format, helper, home, hängen, igdctrl.exe, installation, intranet, logfile, mozilla, otl.txt, plug-in, realtek, registry, rundll, scan, search the web, vista, winlogon.exe


« Hab mir etwas eingefangen | Ich kann keine Programme mehr installieren und ausführen »


Ähnliche Themen: Völlig vervirter Rechner


  1. System völlig versucht
    Plagegeister aller Art und deren Bekämpfung - 01.11.2014 (13)
  2. Wie in einem Albtraum - PC völlig zerstört?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2011 (8)
  3. 0% CPU auslastung und trotzdem völlig überlastet
    Plagegeister aller Art und deren Bekämpfung - 17.08.2010 (0)
  4. Troja.JS.Redirector.ar - bin völlig verzweifelt...
    Plagegeister aller Art und deren Bekämpfung - 25.01.2010 (5)
  5. Antivirus XP 2008 - völlig überfordert!
    Plagegeister aller Art und deren Bekämpfung - 30.08.2008 (22)
  6. PC völlig zerstört?
    Mülltonne - 25.07.2008 (1)
  7. Völlig verspammter Laptop?
    Log-Analyse und Auswertung - 28.01.2007 (7)
  8. Helft einer völlig verblödeten
    Log-Analyse und Auswertung - 29.03.2006 (9)
  9. PC völlig verseucht
    Plagegeister aller Art und deren Bekämpfung - 04.01.2006 (11)
  10. PC völlig lahm gelegt!!
    Plagegeister aller Art und deren Bekämpfung - 06.06.2005 (4)
  11. Firewalls völlig sinnlos
    Antiviren-, Firewall- und andere Schutzprogramme - 06.05.2005 (19)
  12. Bin völlig überfordert...
    Log-Analyse und Auswertung - 28.10.2004 (19)
  13. Bin völlig lahmgelegt--Bitte helft mir!!!
    Log-Analyse und Auswertung - 24.10.2004 (2)
  14. Völlig verseuchter Rechner. Bitte um Auswertung!
    Log-Analyse und Auswertung - 10.10.2004 (10)
  15. Bitte um Hilfe...bin völlig Ratlos
    Log-Analyse und Auswertung - 15.09.2004 (4)
  16. völlig entnervt
    Log-Analyse und Auswertung - 30.06.2004 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Völlig vervirter Rechner - Guten Abend, ich sitze gerade am Rechner meines Vaters. Ich bin mir ziemlich sicher dass er unglaublich vervirt ist. Leider hat GMER nicht angezeigt. Es kam nur die Nachricht dass - Völlig vervirter Rechner...
Archiv
Du betrachtest: Völlig vervirter Rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131