BOO TDSS M , Rechner und Internet browser langsamer

siggy · 19.09.2011, 15:10

Hallo liebe TrojanerBoard Mitgleider ,
seit einigen Tagen kann ich mit Internetbrowsern fast gar nicht mehr surfen, da die Geschwindigkeit langsamer als von Handys ist.

Es liegt definitiv nicht am Internet selber, denn ich habe T-Home DSL 16.000+ IPTV und mein Receiver für Fernsehen geht ( und der brauch schon mindenstens 1500).

Firefox ist am lahmsten und Opera ist etwas schneller.

Allerdings tut das nichts zur Sache das ich den BOO TDSS M Virus habe (und auch schon länger).
Da es mich bisher nicht wirklich gestört hatte.
Das einzige was mir bekannt war, dass die Startfolge der Festplatte trotz korrekter Einstellung nicht richtig ist , und ich deshalb immer am Anfang ne andere Festplatte booten lassen muss um auf mein Betriebssystem zu kommen.

Ich würde mich sehr freuen, wenn mir jemand mit dem Problem helfen kann,
ich werde dann natürlich so schnell wie möglich antworten und die Anweisungen befolgen und die Risiken in Kauf nehmen.

mfg siggy

cosinus · 19.09.2011, 15:31

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Führe danach auch bitte ESET aus, danach sehen wir weiter.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.

siggy · 20.09.2011, 12:30

ist es normal das der ESET Scan so lange dauert ?
gestern hatte er bei 3 stunden Laufzeit rund 29 %
, allerdings hab ich das abgebrochen, weil der Rechner mir zu laut ist und ich schlafen gehen wollte.

Heute hab ich ihn morgens angemacht und jetzt 6 Stunden laufen lassen und er hat grade mal 57.000 files durchsucht und nur 12 %.

cosinus · 20.09.2011, 12:59

Ja das kann dauern. Lass ihn bitte durchlaufen.

siggy · 21.09.2011, 13:45

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7748

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

19.09.2011 18:22:01
mbam-log-2011-09-19 (18-22-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 417991
Laufzeit: 1 Stunde(n), 19 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 16

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Java Update (Trojan.Agent.Gen) -> Value: Java Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\KeApplet (Trojan.Agent) -> Value: KeApplet -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\newdnswatch\8bf491c5ab2.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\7CHGP2BW\load[1].htm (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\Temp\0.43085303321689083.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\Temp\Nc2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\Temp\Nc3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\Temp\Nc4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\Temp\Nc8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\Temp\Nc9.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\Temp\Nda.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\Temp\jar_cache6182722404583965036.tmp (Trojan.Agent.SZ) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\Temp\0.6465531458146891.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Roaming\Help\ceptr.tll (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Roaming\Help\comm.tll (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\Temp\ke64tnkff.exe (Trojan.Agent) -> Delete on reboot.
c:\Recycle.Bin\0582b608128ef7e (Trojan.Spyeyes) -> Quarantined and deleted successfully.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=21d47a98cba7894bab58bc03439ce65e
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-19 07:28:54
# local_time=2011-09-19 09:28:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 79846 52990441 1923457 0
# compatibility_mode=5893 16776574 100 94 56167167 68888763 0 0
# compatibility_mode=8192 67108863 100 0 117 117 0 0
# compatibility_mode=9217 16777214 75 66 14081736 18410722 0 0
# scanned=198711
# found=4
# cleaned=0
# scan_time=10516
C:\Users\Admin\AppData\Local\Temp\jar_cache4056103344549975675.tmp a variant of Win32/Kryptik.SKG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\5e875b5a-3bd7cc49 Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\552fd2c8-1e945da3 a variant of Java/Agent.DM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\Desktop\BurgerKing\WhiteSmokeInstaller_9165.exe a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=21d47a98cba7894bab58bc03439ce65e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-21 05:14:59
# local_time=2011-09-21 07:14:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 38900 53035998 31645 0
# compatibility_mode=5893 16776574 100 94 56212724 68934320 0 0
# compatibility_mode=8192 67108863 100 0 45674 45674 0 0
# compatibility_mode=9217 16777214 75 66 14127293 18456279 0 0
# scanned=860324
# found=14
# cleaned=0
# scan_time=125
C:\Users\Admin\AppData\Local\Temp\jar_cache4056103344549975675.tmp a variant of Win32/Kryptik.SKG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\5e875b5a-3bd7cc49 Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\552fd2c8-1e945da3 a variant of Java/Agent.DM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\Desktop\BurgerKing\WhiteSmokeInstaller_9165.exe a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
D:\Down\Directlinks\CRC-Killer.exe Win32/Packed.Autoit.D.Gen application (unable to clean) 00000000000000000000000000000000 I
D:\Windows\CameraFixer.exe probably a variant of Win32/KillProc.A application (unable to clean) 00000000000000000000000000000000 I
D:\Windows\FixCamera.exe a variant of Win32/KillProc.A application (unable to clean) 00000000000000000000000000000000 I
E:\Dokumente und Einstellungen\Arbeit\Desktop\VisualBoyAdvance\MY Stuff\UltraMixer-2.3.2-win.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
E:\Dokumente und Einstellungen\Neu\Anwendungsdaten\Nyux\daop.exe Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I
E:\Dokumente und Einstellungen\Neu\Lokale Einstellungen\Temp\plugtmp\plugin-2fdp.php JS/Exploit.Pdfka.OTW.Gen trojan (unable to clean) 00000000000000000000000000000000 I
E:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll Win32/Adware.Agent.NJT application (unable to clean) 00000000000000000000000000000000 I
E:\Programme\Free WMA to MP3 Converter\readmedia.dll probably a variant of Win32/PSW.Agent.BUPXGWL trojan (unable to clean) 00000000000000000000000000000000 I
E:\Programme\WarRock\System\WarRock.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I
E:\WINDOWS\CameraFixer.exe probably a variant of Win32/KillProc.A application (unable to clean) 00000000000000000000000000000000 I

cosinus · 21.09.2011, 14:26

Zitat:

D:\Down\Directlinks\CRC-Killer.exe

Was ist das und aus welcher Quelle stammt das?

siggy · 21.09.2011, 14:37

Das ist schon ewigkeiten her, die Platte nutz ich auch gar nicht mehr, da sind halt nur noch alte Daten drauf.

Aber soweit ich weiß, hab ich das von hier :
perfectsoft(dot)tk

ich hab das ganze mal nicht als link kenntlich gemacht, da ich mir nicht sicher bin wie hier die Regeln im Forum diesbezüglich sind.

Das Programm ist dazu da CRC Fehler die beim entpacken von Rar dateien geschehen, praktisch auszulöschen, als wären diese nie da gewesen.
Hat aber glaub ich trotzdem nicht funktioniert.

cosinus · 21.09.2011, 15:01

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

siggy · 21.09.2011, 15:42

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.09.2011 16:08:28 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Admin\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,55 Mb Total Physical Memory | 447,42 Mb Available Physical Memory | 46,68% Memory free
1,94 Gb Paging File | 1,12 Gb Available in Paging File | 57,80% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 621,04 Gb Free Space | 66,67% Space Free | Partition Type: NTFS
Drive D: | 94,38 Gb Total Space | 17,73 Gb Free Space | 18,79% Space Free | Partition Type: NTFS
Drive E: | 54,67 Gb Total Space | 1,99 Gb Free Space | 3,64% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.21 16:04:11 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2011.07.29 21:34:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 13:26:29 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.27 22:11:04 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.04.11 14:23:22 | 000,081,920 | ---- | M] () -- C:\Programme\UltraISO\lang\lang_de.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.07.29 21:34:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.18 07:16:19 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.04.27 13:26:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.29 21:34:10 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.29 21:34:10 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.04.30 16:45:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.15 16:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.01.29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2000.07.24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BrPar.sys -- (BrPar)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 93 22 9A 04 6C CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.13 22:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.13 22:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.09 20:31:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.09 20:31:27 | 000,000,000 | ---D | M]
 
[2011.04.09 16:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.09.16 23:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\llxo0yp0.default\extensions
[2011.09.08 14:45:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\llxo0yp0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.09.10 11:40:02 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\llxo0yp0.default\extensions\foxyproxy@eric.h.jung
[2011.08.28 16:41:42 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\llxo0yp0.default\extensions\toolbar@ask.com
[2011.04.19 06:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.24 17:12:19 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.04.10 13:21:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LLXO0YP0.DEFAULT\EXTENSIONS\SURVEY-REMOVER@GMX.COM.XPI
[2011.09.07 16:26:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4 File not found
O4 - HKCU..\Run: [Lan.FS] C:\Program Files\Lan.FS\Lan-fs.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [KeApplet] C:\Users\Admin\AppData\Local\Temp\ke64tnkff.exe ()
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E727E16-E825-49DE-ABA3-2FB70C364156}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.12.25 15:32:25 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005.05.11 17:34:10 | 000,045,056 | R--- | M] () - K:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005.05.11 16:49:08 | 000,000,042 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.x264 - C:\Programme\x264vfw\x264vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.21 16:04:10 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.09.19 18:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.09.19 18:31:22 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2011.09.19 16:42:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011.09.19 16:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.19 16:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.19 16:41:46 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.19 16:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.19 16:40:43 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Admin\Desktop\mbam-setup-1.51.2.1300.exe
[2011.09.18 00:25:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Help
[2011.09.11 11:45:13 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011.09.11 11:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PocketSoft
[2011.09.10 19:18:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Neuer Ordner (3)
[2011.09.10 13:53:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\biatz
[2011.09.09 20:33:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2011.09.09 20:33:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple Computer
[2011.09.09 20:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.09.09 20:32:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.09.09 20:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.09.09 20:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.09.09 20:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.09.09 20:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.09.09 20:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.09.09 20:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.09.09 20:29:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple
[2011.09.09 20:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.09.09 20:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.09.09 20:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.09.09 20:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011.09.04 13:22:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\creaxcover
[2011.08.28 17:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2011.08.28 17:37:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Ableton
[2011.08.28 17:37:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ableton
[2011.08.28 16:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton
[2011.08.28 16:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ableton
[2011.08.28 16:43:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\ableton_live_trial_822
[2011.08.28 16:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011.08.28 16:40:06 | 003,383,272 | ---- | C] (Search-Results) -- C:\Users\Admin\Desktop\ApnToolbarInstaller.exe
[2011.08.28 15:50:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\AYKAYEPCOVER
[2011.08.28 10:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lan.FS
[2011.08.28 10:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lan.Fs
[2011.08.28 10:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lan.FS
[2011.05.04 21:53:22 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Admin\AppData\Roaming\MinecraftSP.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.21 16:04:11 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.09.21 14:36:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.21 14:36:51 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.21 14:36:51 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.21 07:15:36 | 000,000,260 | ---- | M] () -- C:\Windows\Brownie.ini
[2011.09.20 20:53:28 | 001,327,662 | ---- | M] () -- C:\Users\Admin\Desktop\Vocals unbearbeitet.mp3
[2011.09.19 18:31:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2011.09.19 18:22:12 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\mkwdob.sys
[2011.09.19 16:41:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.19 16:40:57 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Admin\Desktop\mbam-setup-1.51.2.1300.exe
[2011.09.18 20:40:22 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei4
[2011.09.18 20:40:22 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei2
[2011.09.18 20:40:22 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei3
[2011.09.18 20:40:22 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei1
[2011.09.18 20:40:22 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei7
[2011.09.18 20:40:22 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei5
[2011.09.18 20:40:22 | 000,000,468 | ---- | M] () -- C:\Windows\System32\Datei0
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei9
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei8
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei10
[2011.09.18 20:40:22 | 000,000,465 | ---- | M] () -- C:\Windows\System32\Datei6
[2011.09.18 20:25:42 | 000,007,607 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011.09.18 20:24:56 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\Xilv.job
[2011.09.18 20:24:50 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\Ygwsnc.job
[2011.09.18 20:24:50 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\XZRDABX.job
[2011.09.18 20:23:15 | 000,415,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.09.18 20:22:54 | 753,836,032 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.11 15:42:55 | 000,646,244 | ---- | M] () -- C:\Users\Admin\Documents\xDSASBH.jpg
[2011.09.11 15:39:13 | 000,258,581 | ---- | M] () -- C:\Users\Admin\Documents\xAD.jpg
[2011.09.11 11:45:13 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011.09.10 19:35:29 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.10 19:35:29 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.10 19:35:29 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.10 19:35:29 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.07 07:10:08 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.28 16:40:13 | 003,383,272 | ---- | M] (Search-Results) -- C:\Users\Admin\Desktop\ApnToolbarInstaller.exe
[2011.08.28 16:38:55 | 650,382,612 | ---- | M] () -- C:\Users\Admin\Desktop\ableton_live_trial_822.zip
[2011.08.28 10:25:15 | 000,000,000 | -H-- | M] () -- C:\Users\Admin\Documents\Default.rdp
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.20 20:53:26 | 001,327,662 | ---- | C] () -- C:\Users\Admin\Desktop\Vocals unbearbeitet.mp3
[2011.09.19 18:22:12 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mkwdob.sys
[2011.09.19 16:41:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.11 15:42:52 | 000,646,244 | ---- | C] () -- C:\Users\Admin\Documents\xDSASBH.jpg
[2011.09.11 15:39:11 | 000,258,581 | ---- | C] () -- C:\Users\Admin\Documents\xAD.jpg
[2011.09.11 11:14:32 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011.09.10 19:25:37 | 000,007,607 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011.09.09 20:29:38 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.08.28 16:31:26 | 650,382,612 | ---- | C] () -- C:\Users\Admin\Desktop\ableton_live_trial_822.zip
[2011.08.28 10:25:15 | 000,000,000 | -H-- | C] () -- C:\Users\Admin\Documents\Default.rdp
[2011.08.01 18:32:02 | 000,000,943 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\coreavc.ini
[2011.07.25 14:46:28 | 000,007,168 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.25 14:43:43 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.07.11 13:13:31 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2011.07.10 14:08:00 | 000,103,400 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.07.09 19:30:27 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011.05.04 21:53:22 | 000,591,252 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Minecraft_Server.exe
[2011.05.04 21:53:22 | 000,290,797 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\minecraft_name.jar
[2011.05.04 21:53:22 | 000,232,501 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Minecraft.exe
[2011.05.04 21:53:22 | 000,051,765 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Minecraft.jar
[2011.05.04 21:53:22 | 000,000,230 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\server.properties
[2011.05.04 21:53:22 | 000,000,133 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\zan.settings
[2011.05.04 21:53:22 | 000,000,008 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\lastlogin
[2011.04.19 06:08:17 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.04.17 13:49:55 | 000,000,132 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.04.12 22:39:58 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.12 22:39:58 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.04.12 22:39:57 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.04.12 22:39:54 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2011.04.12 22:39:53 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI
[2011.04.12 22:38:54 | 000,000,054 | ---- | C] () -- C:\Windows\System32\bd2030.dat
[2011.04.12 22:37:45 | 000,000,260 | ---- | C] () -- C:\Windows\Brownie.ini
[2010.06.17 17:00:00 | 002,761,119 | ---- | C] () -- C:\Windows\System32\Melodyne editor.dll
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.07.14 10:47:43 | 000,643,628 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,126,188 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,415,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,606,992 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,103,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2011.08.28 17:37:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ableton
[2011.04.13 20:27:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ashampoo
[2011.04.26 15:37:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\avidemux
[2011.06.05 16:29:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2011.05.04 21:53:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bin
[2011.07.10 14:07:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\de.txptr.googleplus
[2011.04.12 18:17:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EPSON
[2011.05.14 20:51:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2011.07.28 07:25:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFLVConverter
[2011.09.18 11:46:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2011.05.04 21:53:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\minecraft_name_src
[2011.05.12 18:08:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World
[2011.04.14 21:43:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.05.04 19:37:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2011.05.04 21:53:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\resources
[2011.01.20 17:56:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\saves
[2011.05.04 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Server
[2011.05.04 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Server 2
[2011.01.03 17:32:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\texturepacks
[2011.04.14 14:40:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2011.05.04 21:53:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\world
[2011.05.17 20:51:33 | 000,012,724 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.18 20:24:56 | 000,000,302 | -HS- | M] () -- C:\Windows\Tasks\Xilv.job
[2011.09.18 20:24:50 | 000,000,302 | -HS- | M] () -- C:\Windows\Tasks\XZRDABX.job
[2011.09.18 20:24:50 | 000,000,304 | -HS- | M] () -- C:\Windows\Tasks\Ygwsnc.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.28 17:37:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ableton
[2011.09.09 20:34:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2011.04.13 20:27:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ashampoo
[2011.04.26 15:37:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\avidemux
[2011.05.06 19:06:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Avira
[2011.06.05 16:29:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2011.05.04 21:53:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bin
[2011.04.14 21:02:13 | 000,000,000 | R--D | M] -- C:\Users\Admin\AppData\Roaming\Brother
[2011.07.10 14:07:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\de.txptr.googleplus
[2011.04.26 16:04:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DivX
[2011.08.22 21:58:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dvdcss
[2011.04.12 18:17:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EPSON
[2011.05.14 20:51:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2011.07.28 07:25:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFLVConverter
[2011.09.19 18:22:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Help
[2011.09.18 11:46:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2011.04.09 16:29:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2011.04.17 12:03:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2011.09.19 16:42:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2011.08.01 18:32:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Player Classic
[2011.09.20 15:35:54 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2011.05.04 21:53:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\minecraft_name_src
[2011.04.09 16:31:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2011.06.28 19:40:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Software
[2011.05.12 18:08:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World
[2011.04.30 17:00:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nero
[2011.04.14 21:43:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.05.04 19:37:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2011.05.04 21:53:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\resources
[2011.01.20 17:56:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\saves
[2011.05.04 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Server
[2011.05.04 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Server 2
[2011.09.19 20:12:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype
[2011.06.19 19:59:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\skypePM
[2011.01.03 17:32:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\texturepacks
[2011.04.14 14:40:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2011.08.28 16:50:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc
[2011.04.09 18:33:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR
[2011.05.04 21:53:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\world
 
< %APPDATA%\*.exe /s >
[2010.12.22 17:49:28 | 000,232,501 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Minecraft.exe
[2010.10.21 03:00:00 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Admin\AppData\Roaming\MinecraftSP.exe
[2011.03.19 15:54:46 | 000,591,252 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Minecraft_Server.exe
[2011.07.10 14:03:19 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.07.11 13:20:54 | 000,008,192 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{1B77BC7B-4538-4652-AF33-C201F21BF8F2}\Icon1B77BC7B.exe
[2011.03.19 15:54:46 | 000,591,252 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\minecraft_name_src\Minecraft_Server.exe
[2011.03.19 15:54:46 | 000,591,252 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Server 2\Minecraft_Server.exe
[2011.03.19 15:54:46 | 000,591,252 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Server\Minecraft_Server.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2011.05.18 07:16:39 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=7BD7F45FF37FA0669CD32CA0EF46E22C -- C:\Windows\System32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.30 16:45:47 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
[2010.05.15 16:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) Unable to obtain MD5 -- C:\Windows\system32\drivers\vsdatant.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

cosinus · 21.09.2011, 15:46

Zitat:

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

ZoneAlarm ist kontraproduktiver Müll, bitte umgehend deinstallieren und die Windows-Firewall einschalten!
Mach danach ein neues OTL-Log.

siggy · 21.09.2011, 16:06

Das Programm lässt sich nicht deinstallieren es fehlt eine dll datei und deshalb macht er das nicht.

edit//
hab die dll runtergeladen und eingefügt, er wollte darraufhin eine weitere dll datei haben und jetzt bemängelt er wiederrum die vsutil dll

die Windows Firewall war komischerweiße schon angeschaltet, obwohl ich die immer deaktiviert habe

zoneAlarm hab ich erstmal manuell gelöschtOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.09.2011 17:27:12 - Run 2
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Admin\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,55 Mb Total Physical Memory | 242,38 Mb Available Physical Memory | 25,29% Memory free
1,94 Gb Paging File | 1,01 Gb Available in Paging File | 52,01% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 620,61 Gb Free Space | 66,62% Space Free | Partition Type: NTFS
Drive D: | 94,38 Gb Total Space | 17,73 Gb Free Space | 18,79% Space Free | Partition Type: NTFS
Drive E: | 54,67 Gb Total Space | 1,99 Gb Free Space | 3,64% Space Free | Partition Type: NTFS
Drive K: | 594,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.21 16:04:11 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2011.07.29 21:34:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 13:26:29 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.27 22:11:04 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.04.11 14:23:22 | 000,081,920 | ---- | M] () -- C:\Programme\UltraISO\lang\lang_de.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.07.29 21:34:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.18 07:16:19 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.04.27 13:26:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Unknown | Running] --  -- (Vsdatant)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.29 21:34:10 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.29 21:34:10 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.04.30 16:45:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2000.07.24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BrPar.sys -- (BrPar)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 93 22 9A 04 6C CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.13 22:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.13 22:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.09 20:31:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.09 20:31:27 | 000,000,000 | ---D | M]
 
[2011.04.09 16:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.09.16 23:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\llxo0yp0.default\extensions
[2011.09.08 14:45:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\llxo0yp0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.09.10 11:40:02 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\llxo0yp0.default\extensions\foxyproxy@eric.h.jung
[2011.08.28 16:41:42 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\llxo0yp0.default\extensions\toolbar@ask.com
[2011.04.19 06:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.24 17:12:19 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.04.10 13:21:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LLXO0YP0.DEFAULT\EXTENSIONS\SURVEY-REMOVER@GMX.COM.XPI
[2011.09.07 16:26:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4 File not found
O4 - HKCU..\Run: [Lan.FS] C:\Program Files\Lan.FS\Lan-fs.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [KeApplet] C:\Users\Admin\AppData\Local\Temp\ke64tnkff.exe ()
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E727E16-E825-49DE-ABA3-2FB70C364156}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.12.25 15:32:25 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005.05.11 17:34:10 | 000,045,056 | R--- | M] () - K:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005.05.11 16:49:08 | 000,000,042 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.x264 - C:\Programme\x264vfw\x264vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.21 17:10:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\vsinit
[2011.09.21 17:08:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\vsutil
[2011.09.21 16:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data
[2011.09.21 16:04:10 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.09.19 18:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.09.19 18:31:22 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2011.09.19 16:42:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011.09.19 16:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.19 16:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.19 16:41:46 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.19 16:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.19 16:40:43 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Admin\Desktop\mbam-setup-1.51.2.1300.exe
[2011.09.18 00:25:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Help
[2011.09.11 11:45:13 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011.09.11 11:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PocketSoft
[2011.09.10 19:18:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Neuer Ordner (3)
[2011.09.10 13:53:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\biatz
[2011.09.09 20:33:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2011.09.09 20:33:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple Computer
[2011.09.09 20:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.09.09 20:32:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.09.09 20:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.09.09 20:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.09.09 20:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.09.09 20:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.09.09 20:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.09.09 20:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.09.09 20:29:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple
[2011.09.09 20:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.09.09 20:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.09.09 20:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.09.09 20:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011.09.04 13:22:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\creaxcover
[2011.08.28 17:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2011.08.28 17:37:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Ableton
[2011.08.28 17:37:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ableton
[2011.08.28 16:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton
[2011.08.28 16:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ableton
[2011.08.28 16:43:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\ableton_live_trial_822
[2011.08.28 16:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011.08.28 16:40:06 | 003,383,272 | ---- | C] (Search-Results) -- C:\Users\Admin\Desktop\ApnToolbarInstaller.exe
[2011.08.28 15:50:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\AYKAYEPCOVER
[2011.08.28 10:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lan.FS
[2011.08.28 10:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lan.Fs
[2011.08.28 10:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lan.FS
[2011.08.27 18:42:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Xara
[2011.05.04 21:53:22 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Admin\AppData\Roaming\MinecraftSP.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.21 17:10:07 | 000,033,135 | ---- | M] () -- C:\Users\Admin\Desktop\vsinit.zip
[2011.09.21 17:08:41 | 000,065,489 | ---- | M] () -- C:\Users\Admin\Desktop\vsutil.zip
[2011.09.21 16:36:51 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.21 16:36:51 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.21 16:04:11 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.09.21 14:36:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.21 07:15:36 | 000,000,260 | ---- | M] () -- C:\Windows\Brownie.ini
[2011.09.20 20:53:28 | 001,327,662 | ---- | M] () -- C:\Users\Admin\Desktop\Vocals unbearbeitet.mp3
[2011.09.19 18:31:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2011.09.19 18:22:12 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\mkwdob.sys
[2011.09.19 16:41:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.19 16:40:57 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Admin\Desktop\mbam-setup-1.51.2.1300.exe
[2011.09.18 20:40:22 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei4
[2011.09.18 20:40:22 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei2
[2011.09.18 20:40:22 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei3
[2011.09.18 20:40:22 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei1
[2011.09.18 20:40:22 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei7
[2011.09.18 20:40:22 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei5
[2011.09.18 20:40:22 | 000,000,468 | ---- | M] () -- C:\Windows\System32\Datei0
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei9
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei8
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei10
[2011.09.18 20:40:22 | 000,000,465 | ---- | M] () -- C:\Windows\System32\Datei6
[2011.09.18 20:25:42 | 000,007,607 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011.09.18 20:24:56 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\Xilv.job
[2011.09.18 20:24:50 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\Ygwsnc.job
[2011.09.18 20:24:50 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\XZRDABX.job
[2011.09.18 20:23:15 | 000,415,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.09.18 20:22:54 | 753,836,032 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.11 15:42:55 | 000,646,244 | ---- | M] () -- C:\Users\Admin\Documents\xDSASBH.jpg
[2011.09.11 15:39:13 | 000,258,581 | ---- | M] () -- C:\Users\Admin\Documents\xAD.jpg
[2011.09.11 11:45:13 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011.09.10 19:35:29 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.10 19:35:29 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.10 19:35:29 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.10 19:35:29 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.07 07:10:08 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.28 16:40:13 | 003,383,272 | ---- | M] (Search-Results) -- C:\Users\Admin\Desktop\ApnToolbarInstaller.exe
[2011.08.28 16:38:55 | 650,382,612 | ---- | M] () -- C:\Users\Admin\Desktop\ableton_live_trial_822.zip
[2011.08.28 10:25:15 | 000,000,000 | -H-- | M] () -- C:\Users\Admin\Documents\Default.rdp
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.21 17:10:07 | 000,033,135 | ---- | C] () -- C:\Users\Admin\Desktop\vsinit.zip
[2011.09.21 17:08:41 | 000,065,489 | ---- | C] () -- C:\Users\Admin\Desktop\vsutil.zip
[2011.09.20 20:53:26 | 001,327,662 | ---- | C] () -- C:\Users\Admin\Desktop\Vocals unbearbeitet.mp3
[2011.09.19 18:22:12 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mkwdob.sys
[2011.09.19 16:41:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.11 15:42:52 | 000,646,244 | ---- | C] () -- C:\Users\Admin\Documents\xDSASBH.jpg
[2011.09.11 15:39:11 | 000,258,581 | ---- | C] () -- C:\Users\Admin\Documents\xAD.jpg
[2011.09.11 11:14:32 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011.09.10 19:25:37 | 000,007,607 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011.09.09 20:29:38 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.08.28 16:31:26 | 650,382,612 | ---- | C] () -- C:\Users\Admin\Desktop\ableton_live_trial_822.zip
[2011.08.28 10:25:15 | 000,000,000 | -H-- | C] () -- C:\Users\Admin\Documents\Default.rdp
[2011.07.25 14:46:28 | 000,007,168 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.25 14:43:43 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.07.11 13:13:31 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2011.07.10 14:08:00 | 000,103,400 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.07.09 19:30:27 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011.05.04 21:53:22 | 000,591,252 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Minecraft_Server.exe
[2011.05.04 21:53:22 | 000,290,797 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\minecraft_name.jar
[2011.05.04 21:53:22 | 000,232,501 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Minecraft.exe
[2011.05.04 21:53:22 | 000,051,765 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Minecraft.jar
[2011.05.04 21:53:22 | 000,000,230 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\server.properties
[2011.05.04 21:53:22 | 000,000,133 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\zan.settings
[2011.05.04 21:53:22 | 000,000,008 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\lastlogin
[2011.04.19 06:08:17 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.04.12 22:39:58 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.12 22:39:58 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.04.12 22:39:57 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.04.12 22:39:54 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2011.04.12 22:39:53 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI
[2011.04.12 22:38:54 | 000,000,054 | ---- | C] () -- C:\Windows\System32\bd2030.dat
[2011.04.12 22:37:45 | 000,000,260 | ---- | C] () -- C:\Windows\Brownie.ini
[2010.06.17 17:00:00 | 002,761,119 | ---- | C] () -- C:\Windows\System32\Melodyne editor.dll
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.07.14 10:47:43 | 000,643,628 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,126,188 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,415,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,606,992 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,103,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2011.08.28 17:37:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ableton
[2011.04.13 20:27:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ashampoo
[2011.04.26 15:37:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\avidemux
[2011.06.05 16:29:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2011.05.04 21:53:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bin
[2011.07.10 14:07:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\de.txptr.googleplus
[2011.04.12 18:17:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EPSON
[2011.05.14 20:51:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2011.07.28 07:25:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFLVConverter
[2011.09.18 11:46:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2011.05.04 21:53:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\minecraft_name_src
[2011.05.12 18:08:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World
[2011.04.14 21:43:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.05.04 19:37:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2011.05.04 21:53:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\resources
[2011.01.20 17:56:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\saves
[2011.05.04 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Server
[2011.05.04 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Server 2
[2011.01.03 17:32:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\texturepacks
[2011.04.14 14:40:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2011.05.04 21:53:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\world
[2011.05.17 20:51:33 | 000,012,724 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.18 20:24:56 | 000,000,302 | -HS- | M] () -- C:\Windows\Tasks\Xilv.job
[2011.09.18 20:24:50 | 000,000,302 | -HS- | M] () -- C:\Windows\Tasks\XZRDABX.job
[2011.09.18 20:24:50 | 000,000,304 | -HS- | M] () -- C:\Windows\Tasks\Ygwsnc.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2011.09.21 16:50:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\ZA_PreservedFiles
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.28 17:37:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ableton
[2011.09.09 20:34:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2011.04.13 20:27:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ashampoo
[2011.04.26 15:37:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\avidemux
[2011.05.06 19:06:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Avira
[2011.06.05 16:29:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2011.05.04 21:53:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bin
[2011.04.14 21:02:13 | 000,000,000 | R--D | M] -- C:\Users\Admin\AppData\Roaming\Brother
[2011.07.10 14:07:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\de.txptr.googleplus
[2011.04.26 16:04:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DivX
[2011.08.22 21:58:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dvdcss
[2011.04.12 18:17:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EPSON
[2011.05.14 20:51:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2011.07.28 07:25:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFLVConverter
[2011.09.19 18:22:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Help
[2011.09.18 11:46:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2011.04.09 16:29:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2011.09.19 16:42:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2011.08.01 18:32:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Player Classic
[2011.09.20 15:35:54 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2011.05.04 21:53:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\minecraft_name_src
[2011.04.09 16:31:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2011.06.28 19:40:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Software
[2011.05.12 18:08:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World
[2011.04.30 17:00:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nero
[2011.04.14 21:43:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.05.04 19:37:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2011.05.04 21:53:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\resources
[2011.01.20 17:56:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\saves
[2011.05.04 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Server
[2011.05.04 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Server 2
[2011.09.19 20:12:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype
[2011.06.19 19:59:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\skypePM
[2011.01.03 17:32:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\texturepacks
[2011.04.14 14:40:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2011.08.28 16:50:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc
[2011.04.09 18:33:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR
[2011.05.04 21:53:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\world
 
< %APPDATA%\*.exe /s >
[2010.12.22 17:49:28 | 000,232,501 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Minecraft.exe
[2010.10.21 03:00:00 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Admin\AppData\Roaming\MinecraftSP.exe
[2011.03.19 15:54:46 | 000,591,252 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Minecraft_Server.exe
[2011.07.10 14:03:19 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.07.11 13:20:54 | 000,008,192 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{1B77BC7B-4538-4652-AF33-C201F21BF8F2}\Icon1B77BC7B.exe
[2011.03.19 15:54:46 | 000,591,252 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\minecraft_name_src\Minecraft_Server.exe
[2011.03.19 15:54:46 | 000,591,252 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Server 2\Minecraft_Server.exe
[2011.03.19 15:54:46 | 000,591,252 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Server\Minecraft_Server.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2011.05.18 07:16:39 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=7BD7F45FF37FA0669CD32CA0EF46E22C -- C:\Windows\System32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.30 16:45:47 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

cosinus · 21.09.2011, 19:46

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
DRV - File not found [Kernel | Unknown | Running] --  -- (Vsdatant)
[2011.08.28 16:41:42 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\llxo0yp0.default\extensions\toolbar@ask.com
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4 File not found
O4 - HKCU..\Run: [Lan.FS] C:\Program Files\Lan.FS\Lan-fs.exe ()
O4 - HKCU..\RunOnce: [KeApplet] C:\Users\Admin\AppData\Local\Temp\ke64tnkff.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.12.25 15:32:25 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005.05.11 17:34:10 | 000,045,056 | R--- | M] () - K:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005.05.11 16:49:08 | 000,000,042 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
[2011.08.28 16:40:06 | 003,383,272 | ---- | C] (Search-Results) -- C:\Users\Admin\Desktop\ApnToolbarInstaller.exe
[2011.08.28 10:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lan.Fs
[2011.08.28 10:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lan.FS
[2011.08.27 18:42:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Xara
[2011.09.18 20:40:22 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei4
[2011.09.18 20:40:22 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei2
[2011.09.18 20:40:22 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei3
[2011.09.18 20:40:22 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei1
[2011.09.18 20:40:22 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei7
[2011.09.18 20:40:22 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei5
[2011.09.18 20:40:22 | 000,000,468 | ---- | M] () -- C:\Windows\System32\Datei0
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei9
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei8
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei10
[2011.09.18 20:40:22 | 000,000,465 | ---- | M] () -- C:\Windows\System32\Datei6
[2011.09.18 20:25:42 | 000,007,607 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011.09.18 20:24:56 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\Xilv.job
[2011.09.18 20:24:50 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\Ygwsnc.job
[2011.09.18 20:24:50 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\XZRDABX.job
[2011.09.19 18:22:12 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mkwdob.sys
[2011.09.11 11:14:32 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011.05.17 20:51:33 | 000,012,724 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.18 20:24:56 | 000,000,302 | -HS- | M] () -- C:\Windows\Tasks\Xilv.job
[2011.09.18 20:24:50 | 000,000,302 | -HS- | M] () -- C:\Windows\Tasks\XZRDABX.job
[2011.09.18 20:24:50 | 000,000,304 | -HS- | M] () -- C:\Windows\Tasks\Ygwsnc.job
[2011.09.21 16:50:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\ZA_PreservedFiles
:Files
C:\Program Files\Ask.com
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

siggy · 22.09.2011, 14:38

der otl fix funktioniert nicht, es stürzt ab
AntiViren Programm etc waren alle ausgeschaltet.
ich habe mal ein screen gemacht

cosinus · 22.09.2011, 15:04

Probiers mit diesem Text:

Code:

ATTFilter

:OTL
[2011.08.28 16:41:42 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\llxo0yp0.default\extensions\toolbar@ask.com
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4 File not found
O4 - HKCU..\Run: [Lan.FS] C:\Program Files\Lan.FS\Lan-fs.exe ()
O4 - HKCU..\RunOnce: [KeApplet] C:\Users\Admin\AppData\Local\Temp\ke64tnkff.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.12.25 15:32:25 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005.05.11 17:34:10 | 000,045,056 | R--- | M] () - K:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005.05.11 16:49:08 | 000,000,042 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
[2011.08.28 16:40:06 | 003,383,272 | ---- | C] (Search-Results) -- C:\Users\Admin\Desktop\ApnToolbarInstaller.exe
[2011.08.28 10:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lan.Fs
[2011.08.28 10:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lan.FS
[2011.08.27 18:42:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Xara
[2011.09.18 20:40:22 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei4
[2011.09.18 20:40:22 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei2
[2011.09.18 20:40:22 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei3
[2011.09.18 20:40:22 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei1
[2011.09.18 20:40:22 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei7
[2011.09.18 20:40:22 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei5
[2011.09.18 20:40:22 | 000,000,468 | ---- | M] () -- C:\Windows\System32\Datei0
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei9
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei8
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei10
[2011.09.18 20:40:22 | 000,000,465 | ---- | M] () -- C:\Windows\System32\Datei6
[2011.09.18 20:25:42 | 000,007,607 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011.09.18 20:24:56 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\Xilv.job
[2011.09.18 20:24:50 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\Ygwsnc.job
[2011.09.18 20:24:50 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\XZRDABX.job
[2011.09.19 18:22:12 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mkwdob.sys
[2011.09.11 11:14:32 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011.05.17 20:51:33 | 000,012,724 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.18 20:24:56 | 000,000,302 | -HS- | M] () -- C:\Windows\Tasks\Xilv.job
[2011.09.18 20:24:50 | 000,000,302 | -HS- | M] () -- C:\Windows\Tasks\XZRDABX.job
[2011.09.18 20:24:50 | 000,000,304 | -HS- | M] () -- C:\Windows\Tasks\Ygwsnc.job
[2011.09.21 16:50:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\ZA_PreservedFiles
:Files
C:\Program Files\Ask.com
:Commands
[emptytemp]
[resethosts]

siggy · 22.09.2011, 15:32

immer noch keine Rückmeldung nach 27 minuten.

diesmal liegt es daran :

edit//
gibt es vielleicht sonst noch irgendetwas zu beachten ?
bzw ist es sogar normal das es so lange dauert ?

20.09.2011, 12:59	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BOO TDSS M , Rechner und Internet browser langsamer Ja das kann dauern. Lass ihn bitte durchlaufen. __________________ Logfiles bitte immer in CODE-Tags posten

BOO TDSS M , Rechner und Internet browser langsamer

Plagegeister aller Art und deren Bekämpfung: BOO TDSS M , Rechner und Internet browser langsamer