Ebenfalls System Fix eingefangen, Windoof 7 64

Speedsta · 23.11.2011, 22:04

Wie bekomm ich das Teil wieder runter?

Zusätzlich seh ich in den Programmen nix mehr, kann aber danach suchen und sie sind noch da. Ebenfalls bekomm ich den Task Manager nicht zum laufen

Ist das alles von dem Mistding?

Hier das OTL Log:
OTL logfile created on: 11/23/2011 9:46:13 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Speedsta\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 55.76% Memory free
8.00 Gb Paging File | 6.16 Gb Available in Paging File | 77.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 377.15 Gb Free Space | 83.60% Space Free | Partition Type: NTFS
Drive D: | 422.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.39 Gb Total Space | 7.28 Gb Free Space | 98.49% Space Free | Partition Type: FAT32

Computer Name: SPEEDSTA-ASUS | User Name: Speedsta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 21:39:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Speedsta\Downloads\OTL.exe
PRC - [2011/11/23 20:30:04 | 000,379,904 | -H-- | M] (R Soft) -- C:\ProgramData\XJMrCJFIlZfXWo.exe
PRC - [2011/11/23 20:19:14 | 000,492,544 | -H-- | M] (R Soft) -- C:\ProgramData\GwDAKVOVed.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,891,048 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/29 12:16:39 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 13:31:52 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:20 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009/12/01 00:07:30 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/08/12 23:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/07/24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/07/24 02:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
PRC - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/07/07 20:20:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/06/24 21:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009/05/19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/12/23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 05:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/03 12:06:56 | 000,774,040 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\PrivacyClean.dll
MOD - [2011/10/15 13:06:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/15 13:06:23 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/15 13:06:02 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/15 13:05:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/15 13:05:43 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/15 13:05:36 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2009/07/24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 03:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/29 12:16:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 13:31:52 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/12/30 14:33:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/06 09:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/07/24 02:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -- (FastBootAgent)
SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/06/29 12:16:39 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/29 12:16:39 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/22 06:09:04 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/04/29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010/04/28 07:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/12/01 00:07:35 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/04 05:39:10 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 04:11:42 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/07/01 05:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 05:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 05:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/26 21:25:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/18 21:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 14:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/20 09:11:06 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/13 02:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/07 08:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2011/11/23 20:59:43 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 17:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/16 19:17:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 17:39:47 | 000,000,000 | ---D | M]

[2010/08/29 18:45:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Extensions
[2010/08/29 18:45:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/11/11 09:37:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Firefox\Profiles\laevukul.default\extensions
[2011/11/11 09:37:32 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Speedsta\AppData\Roaming\mozilla\Firefox\Profiles\laevukul.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009/12/07 12:43:53 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Firefox\Profiles\laevukul.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/11/23 20:45:45 | 000,002,342 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icq-search.xml
[2011/11/22 14:42:39 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-1.xml
[2011/10/12 21:32:41 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-10.xml
[2011/10/15 16:57:34 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-11.xml
[2011/10/18 07:33:07 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-12.xml
[2011/11/11 09:37:45 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-13.xml
[2011/11/11 13:53:34 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-14.xml
[2010/12/17 08:51:47 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-2.xml
[2010/12/23 22:32:14 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-3.xml
[2011/04/16 13:38:46 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-4.xml
[2011/05/12 06:51:41 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-5.xml
[2011/05/13 20:33:23 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-6.xml
[2011/05/14 18:12:28 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-7.xml
[2011/07/13 19:36:33 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-8.xml
[2011/08/14 18:04:12 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-9.xml
[2011/10/31 15:43:36 | 000,000,168 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin.gif
[2011/10/31 15:43:36 | 000,000,618 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin.src
[2010/09/16 07:21:37 | 000,001,056 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin.xml
[2011/03/21 08:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/03/21 08:08:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/11/23 20:31:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/18 07:32:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/18 07:32:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/18 07:32:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/18 07:32:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/18 07:32:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/18 07:32:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKCU..\Run: [GwDAKVOVed.exe] C:\ProgramData\GwDAKVOVed.exe (R Soft)
O4 - HKCU..\Run: [ICQ] "C:\PROGRA~2\ICQ7.2\ICQ.exe" silent loginmode=4 File not found
O4 - Startup: C:\Users\Speedsta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{173E7B6C-625A-49D5-8F35-58388324EEB0}: DhcpNameServer = 192.168.1.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCCBE7E9-7642-4FA0-AC44-B5F9DBA549FA}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/07 13:20:50 | 000,000,032 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0396bc9b-de03-11de-9471-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0396bc9b-de03-11de-9471-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Gigaset_CD.exe -- [2011/01/27 13:11:27 | 009,039,872 | R--- | M] (Gigaset Communications GmbH)
O33 - MountPoints2\{993647da-a3fb-11e0-9bd9-002243d37f6f}\Shell - "" = AutoRun
O33 - MountPoints2\{993647da-a3fb-11e0-9bd9-002243d37f6f}\Shell\AutoRun\command - "" = J:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EBBBE957-67D1-79E9-3EE9-87D055E8DE2A} - Browser Customizations
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.23 20:56:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.11.23 20:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.11.23 20:30:47 | 000,000,000 | -H-D | C] -- C:\Users\Speedsta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011.11.23 20:30:04 | 000,379,904 | -H-- | C] (R Soft) -- C:\ProgramData\XJMrCJFIlZfXWo.exe
[2011.11.23 20:22:47 | 000,492,544 | -H-- | C] (R Soft) -- C:\ProgramData\GwDAKVOVed.exe
[2011.11.11 14:12:58 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.11.11 09:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2008.08.12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

========== Files - Modified Within 30 Days ==========

[2011.11.23 21:38:33 | 000,000,000 | ---- | M] () -- C:\Users\Speedsta\defogger_reenable
[2011.11.23 21:37:03 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.23 21:37:03 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.23 21:30:21 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.23 21:30:21 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.23 21:30:21 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.23 21:30:21 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.23 21:30:21 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.23 21:15:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.23 21:15:34 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.23 20:56:31 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.11.23 20:35:49 | 000,000,432 | -H-- | M] () -- C:\ProgramData\XJMrCJFIlZfXWo
[2011.11.23 20:35:44 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWo
[2011.11.23 20:35:43 | 000,000,232 | -H-- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWor
[2011.11.23 20:30:48 | 000,000,651 | -H-- | M] () -- C:\Users\Speedsta\Desktop\System Fix.lnk
[2011.11.23 20:30:04 | 000,379,904 | -H-- | M] (R Soft) -- C:\ProgramData\XJMrCJFIlZfXWo.exe
[2011.11.23 20:19:22 | 000,056,661 | -H-- | M] () -- C:\Users\Speedsta\Desktop\0.9019126404538498.exe
[2011.11.23 20:19:14 | 000,492,544 | -H-- | M] (R Soft) -- C:\ProgramData\GwDAKVOVed.exe
[2011.11.21 22:38:40 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.11.21 22:38:40 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.11.19 09:50:13 | 000,715,220 | -H-- | M] () -- C:\Users\Speedsta\Desktop\Swissvax-CarCare-KundenFlyer.pdf
[2011.11.16 13:34:28 | 000,000,126 | -H-- | M] () -- C:\Users\Speedsta\Desktop\.~lock.Korrigierte Emails.ods#
[2011.11.11 13:45:53 | 000,009,065 | -H-- | M] () -- C:\Users\Speedsta\Desktop\Gemeinden angeschrieben.ods
[2011.11.11 13:32:09 | 000,771,830 | -H-- | M] () -- C:\Users\Speedsta\Desktop\Korrigierte Emails.ods
[2011.11.11 09:51:50 | 000,007,615 | -H-- | M] () -- C:\Users\Speedsta\AppData\Local\Resmon.ResmonCfg
[2011.11.11 09:33:51 | 002,213,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys

========== Files Created - No Company Name ==========

[2011/05/12 21:37:44 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/12 21:37:44 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.11.23 21:38:33 | 000,000,000 | ---- | C] () -- C:\Users\Speedsta\defogger_reenable
[2011.11.23 20:56:31 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.11.23 20:30:48 | 000,000,651 | -H-- | C] () -- C:\Users\Speedsta\Desktop\System Fix.lnk
[2011.11.23 20:30:48 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~XJMrCJFIlZfXWo
[2011.11.23 20:30:48 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~XJMrCJFIlZfXWor
[2011.11.23 20:30:43 | 000,000,432 | -H-- | C] () -- C:\ProgramData\XJMrCJFIlZfXWo
[2011.11.23 20:19:18 | 000,056,661 | -H-- | C] () -- C:\Users\Speedsta\Desktop\0.9019126404538498.exe
[2011.11.19 09:50:13 | 000,715,220 | -H-- | C] () -- C:\Users\Speedsta\Desktop\Swissvax-CarCare-KundenFlyer.pdf
[2011.11.16 13:34:28 | 000,000,126 | -H-- | C] () -- C:\Users\Speedsta\Desktop\.~lock.Korrigierte Emails.ods#
[2011.11.11 13:45:52 | 000,009,065 | -H-- | C] () -- C:\Users\Speedsta\Desktop\Gemeinden angeschrieben.ods
[2011.11.11 09:51:50 | 000,007,615 | -H-- | C] () -- C:\Users\Speedsta\AppData\Local\Resmon.ResmonCfg
[2010/12/23 22:14:43 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\Rydll32.dll
[2010/12/23 22:12:29 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.23 22:15:47 | 000,000,027 | ---- | C] () -- C:\Windows\BarCode.ini
[2010.04.11 12:32:47 | 000,267,890 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2010.04.11 12:31:11 | 000,083,526 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010.03.04 17:40:38 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2010.03.02 17:36:11 | 000,267,291 | ---- | C] () -- C:\Windows\hpwins22.dat
[2010.03.02 17:36:11 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2009/12/30 14:35:45 | 000,777,728 | ---- | C] () -- C:\Windows\SysWow64\SSLSVC.DLL
[2009/12/30 14:35:45 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lang_cfml.dll
[2009/12/30 14:35:45 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\cfmsg.dll
[2009/12/21 15:56:01 | 000,009,391 | ---- | C] () -- C:\Windows\SysWow64\dymourl.ini
[2009/12/21 15:45:14 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\DYMOCFG.DLL
[2009/12/01 00:07:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/07/29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.12.30 14:35:58 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2009.12.30 14:35:45 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2009.12.30 14:35:45 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2009.12.30 14:35:45 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\xml_datagrove.dll
[2009.12.21 15:48:28 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini
[2009.12.14 09:58:26 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
[2009.12.08 10:09:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.12.06 19:34:21 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009.12.06 19:26:39 | 000,067,584 | ---- | C] () -- C:\Windows\unlite2.exe
[2009.12.01 00:31:47 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.12.01 00:07:33 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009.07.29 06:21:06 | 000,024,576 | -H-- | C] () -- C:\ProgramData\SetWallpaper.exe
[2009.07.29 06:21:06 | 000,000,223 | -H-- | C] () -- C:\ProgramData\setwallpaper.cmd
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.04.08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/12/02 03:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2006/02/18 09:16:04 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SlpApi42.dll

========== LOP Check ==========

[2011.06.01 07:21:47 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\.Kanton ZH
[2011.07.28 09:02:27 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\Firelab
[2011.08.15 10:30:22 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\Gomez
[2009.12.08 10:02:54 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\gtk-2.0
[2011.11.23 21:17:47 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\ICQ
[2010.09.07 13:50:00 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\IT-Service Christian Hau (www.a-bit-more.de)
[2009.12.07 11:48:29 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\Leadertech
[2009.12.06 19:49:32 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\OpenOffice.org
[2009.12.18 14:34:51 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\Scan2PDF
[2009.12.07 15:44:39 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\Smart Label Printer
[2010.08.29 18:45:49 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\Thunderbird
[2010.02.27 10:04:40 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2010.04.01 11:53:36 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.10.08 09:05:52 | 000,000,000 | -H-D | M] -- C:\android-sdk
[2009.12.01 16:20:11 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2009.12.01 00:09:03 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS
[2011.07.26 15:15:12 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.11.23 21:15:32 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.01 00:09:15 | 000,000,000 | -H-D | M] -- C:\eSupport
[2011.09.15 08:17:53 | 000,000,000 | -H-D | M] -- C:\Netgear
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.06.21 13:36:38 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.23 21:22:42 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.11.23 21:15:33 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.12.06 17:34:11 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.23 21:47:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.12.06 17:35:38 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.11 14:12:58 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

kira · 24.11.2011, 07:48

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKCU\..\URLSearchHook: - No CLSID value found
[2011/10/12 21:32:41 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-10.xml
[2011/10/15 16:57:34 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-11.xml
[2011/10/18 07:33:07 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-12.xml
[2011/11/11 09:37:45 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-13.xml
[2011/11/11 13:53:34 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-14.xml
[2010/12/17 08:51:47 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-2.xml
[2010/12/23 22:32:14 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-3.xml
[2011/04/16 13:38:46 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-4.xml
[2011/05/12 06:51:41 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-5.xml
[2011/05/13 20:33:23 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-6.xml
[2011/05/14 18:12:28 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-7.xml
[2011/07/13 19:36:33 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-8.xml
[2011/08/14 18:04:12 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-9.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [GwDAKVOVed.exe] C:\ProgramData\GwDAKVOVed.exe (R Soft)
O4 - HKCU..\Run: [ICQ] "C:\PROGRA~2\ICQ7.2\ICQ.exe" silent loginmode=4 File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/07 13:20:50 | 000,000,032 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0396bc9b-de03-11de-9471-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0396bc9b-de03-11de-9471-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Gigaset_CD.exe -- [2011/01/27 13:11:27 | 009,039,872 | R--- | M] (Gigaset Communications GmbH)
O33 - MountPoints2\{993647da-a3fb-11e0-9bd9-002243d37f6f}\Shell - "" = AutoRun
O33 - MountPoints2\{993647da-a3fb-11e0-9bd9-002243d37f6f}\Shell\AutoRun\command - "" = J:\MI.exe
[2011.11.23 20:30:47 | 000,000,000 | -H-D | C] -- C:\Users\Speedsta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011.11.23 20:30:04 | 000,379,904 | -H-- | C] (R Soft) -- C:\ProgramData\XJMrCJFIlZfXWo.exe
[2011.11.23 20:22:47 | 000,492,544 | -H-- | C] (R Soft) -- C:\ProgramData\GwDAKVOVed.exe
[2011.11.23 20:35:49 | 000,000,432 | -H-- | M] () -- C:\ProgramData\XJMrCJFIlZfXWo
[2011.11.23 20:35:44 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWo
[2011.11.23 20:35:43 | 000,000,232 | -H-- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWor
[2011.11.23 20:30:48 | 000,000,651 | -H-- | M] () -- C:\Users\Speedsta\Desktop\System Fix.lnk
[2011.11.23 20:30:04 | 000,379,904 | -H-- | M] (R Soft) -- C:\ProgramData\XJMrCJFIlZfXWo.exe
[2011.11.23 20:19:22 | 000,056,661 | -H-- | M] () -- C:\Users\Speedsta\Desktop\0.9019126404538498.exe
[2011.11.23 20:19:14 | 000,492,544 | -H-- | M] (R Soft) -- C:\ProgramData\GwDAKVOVed.exe
[2011.11.23 20:30:48 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~XJMrCJFIlZfXWo
[2011.11.23 20:30:48 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~XJMrCJFIlZfXWor
[2011.11.23 20:30:43 | 000,000,432 | -H-- | C] () -- C:\ProgramData\XJMrCJFIlZfXWo
[2011.11.23 20:19:18 | 000,056,661 | -H-- | C] () -- C:\Users\Speedsta\Desktop\0.9019126404538498.exe

:Commands
[purity]
[REBOOT]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

Versuche jetzt folgendes - ich habe zwei Vorschläge: :

2.
Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!:

- Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen.

Zitat:

-> Systemwiederherstellung
► Bitte wähle das älteste verfügbare Datum für die Wiederherstellung von Windows aus, wo dein Rechner noch einwandfrei funktioniert hat!

Du musst dich als Administrator oder als Benutzer mit Administratorrechten anmelden.
Die Systemwiederherstellung lässt sich unter Windows Vista/XP/7 wie folgt aufrufen:
► Start → Alle Programme → Zubehör → Systemprogramme → Systemwiederherstellung

->Eine Schritt-für-Schritt-Anleitung zum Einsatz der Systemwiederherstellung unter Windows XP
->Systemwiederherstellung unter Windows Vista
->Unter Win 7
► Falls nötig, kannst Du es im abgesicherten Modus auch tun - (Link bitte unbedingt anklicken & lesen!)

Die Systemwiederherstellung ist nur ein "Notlösung", das Problem wird damit nie 100%ig beseitigt, da dem Zeitpunkt des Eindringen des Trojaners nicht mehr feststellen kann. Aber man kann damit die Funktionsfähigkeit eines Computersystems erhöhen.
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis)

► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können?

3.

Zitat:

Sollte die Systemwiederherstellung nicht funktionieren (Malware kann es verhindern):
- Du kannst auch noch die folgenden Methoden ausprobieren, um das Problem zu beheben.:-> Verwenden der letzten als funktionierend bekannten Konfiguration

4.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

5.
erneut einen Systemscan mit OTL

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

6.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Speedsta · 24.11.2011, 08:55

Hey Kira

Vielen Dank für den sehr ausführlichen Beschrieb.

Hab gestern noch viel rumgedoktert und ihn schlussendlich mit ComboFix erledigt. Geh jetzt noch die Registry druch um zu schauen ob wirklich alles weg ist.

Problem war dass ich ja nichts mehr ausführen konnte als Admin. Sah auch sämtliche wichtigen Dateien nicht mehr.

kira · 25.11.2011, 08:49

und...jetzt alles in Ordnung? alles sichtbar..kannst alle Befehle ausführen usw?

Speedsta · 25.11.2011, 09:19

Ja jetzt läufts wieder

Nur wenn ich aufs Windows Symbol klicke um die Programme aufzurufen isses da noch leer, über die Suche oder alle Programme is aber alles da. Darum kümmer ich mich dann wenn ich Zeit hab

kira · 25.11.2011, 10:15

1.

Zitat:

Falls treten folgende Symptome auf:
Ordner sind leer, unter Startmenü Programme fehlen etc., dieses Tool bietet dir die Lösung:

Lade Dir Unhide.exe (http://filepony.de/download-unhide/) (by Grinler) herunter und speichere auf deinem Desktop
für Windows 7 und Vista mit Rechtsklick als Administrator ausführen
Doppelklick auf das Unhide.exe Icon auf dem Desktop - Alles braucht seine Zeit, also ein bisschen Geduld

<Achtung!>: Wenn Dateien etc, die absichtlich von Dir verborgen waren, also unter eigenschaften versteckt eingestellt hast, musst Du wieder auszublenden, nachdem das Tool ausgeführt wird.

Zitat:

Alles wieder sichtbar? Bitte kontrolliere es und berichte mir genau über den Zustand!

die Schritte 4., 5., und 6., empfehele ich Dir auch noch abarbeiten:
► auch wenn die Symptome verschwunden sind, um festzustellen ob unbekannte bzw `nicht entdeckte` Dateien noch vorhanden sind, ich empfehle Dir diese Anleitung genau abzuarbeiten

Speedsta · 25.11.2011, 13:30

Scritt 4:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8236

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

25.11.2011 11:51:04
mbam-log-2011-11-25 (11-51-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 378874
Laufzeit: 59 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

5.
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11/25/2011 1:14:07 PM - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Speedsta\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 54.96% Memory free
8.00 Gb Paging File | 5.63 Gb Available in Paging File | 70.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 383.48 Gb Free Space | 85.01% Space Free | Partition Type: NTFS
Drive E: | 7.39 Gb Total Space | 7.28 Gb Free Space | 98.49% Space Free | Partition Type: FAT32
 
Computer Name: SPEEDSTA-ASUS | User Name: Speedsta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/11/23 21:39:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Speedsta\Desktop\OTL.exe
PRC - [2011/11/23 20:31:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/29 12:16:39 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 13:31:52 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.2\ICQ.exe
PRC - [2010/12/13 08:39:20 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009/12/01 00:07:30 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/08/19 10:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/08/12 23:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/07/24 02:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
PRC - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/07/07 20:20:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/06/19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009/05/19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/12/23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 05:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/07 10:56:40 | 001,660,256 | ---- | M] (Seiko Instruments USA Inc.) -- C:\Program Files (x86)\Seiko Instruments USA Inc\Smart Label Printer 6.6\slpwin.exe
PRC - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2003/08/25 18:24:42 | 002,254,848 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\Macromedia\HomeSite+\Homesite+.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/11/23 20:31:10 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/11 14:12:42 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/15 13:06:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/15 13:06:23 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/15 13:06:02 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/15 13:05:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/15 13:05:43 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/15 13:05:36 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/01/05 09:18:56 | 000,733,184 | ---- | M] () -- C:\Program Files (x86)\ICQ7.2\MDb.dll
MOD - [2009/10/03 01:48:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.DEU
MOD - [2009/10/03 01:45:02 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.DEU
MOD - [2009/08/19 10:28:46 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\NSLDAP32V50.dll
MOD - [2009/08/18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/04/16 13:03:22 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\libxslt.dll
MOD - [2009/02/27 16:41:54 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.DEU
MOD - [2009/02/27 16:40:12 | 001,712,128 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
MOD - [2007/06/15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
MOD - [2001/07/20 14:23:28 | 000,114,688 | ---- | M] () -- C:\Windows\SysWOW64\lang_cfml.dll
MOD - [2001/07/20 14:23:28 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\xml_datagrove.dll
MOD - [2000/06/14 16:45:00 | 000,147,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MACROM~1\bin\wddx_com.dll
MOD - [2000/06/14 16:22:24 | 000,036,864 | ---- | M] () -- C:\Windows\SysWOW64\xmlparse.dll
MOD - [2000/06/14 16:22:20 | 000,069,632 | ---- | M] () -- C:\Windows\SysWOW64\xmltok.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 03:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/29 12:16:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 13:31:52 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/12/30 14:33:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/06 09:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/07/24 02:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -- (FastBootAgent)
SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/06/29 12:16:39 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/29 12:16:39 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/22 06:09:04 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/04/29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010/04/28 07:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/12/01 00:07:35 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/04 05:39:10 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 04:11:42 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/07/01 05:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 05:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 05:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/26 21:25:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/18 21:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 14:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/20 09:11:06 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/13 02:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/07 08:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.2&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 17:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/16 19:17:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 17:39:47 | 000,000,000 | ---D | M]
 
[2010/08/29 18:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Extensions
[2010/08/29 18:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/11/11 09:37:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Firefox\Profiles\laevukul.default\extensions
[2011/11/11 09:37:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Speedsta\AppData\Roaming\mozilla\Firefox\Profiles\laevukul.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009/12/07 12:43:53 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Firefox\Profiles\laevukul.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/11/23 20:45:45 | 000,002,342 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icq-search.xml
[2011/11/22 14:42:39 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-1.xml
[2011/10/12 21:32:41 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-10.xml
[2011/10/15 16:57:34 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-11.xml
[2011/10/18 07:33:07 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-12.xml
[2011/11/11 09:37:45 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-13.xml
[2011/11/11 13:53:34 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-14.xml
[2011/11/24 08:50:05 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-15.xml
[2010/12/17 08:51:47 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-2.xml
[2010/12/23 22:32:14 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-3.xml
[2011/04/16 13:38:46 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-4.xml
[2011/05/12 06:51:41 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-5.xml
[2011/05/13 20:33:23 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-6.xml
[2011/05/14 18:12:28 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-7.xml
[2011/07/13 19:36:33 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-8.xml
[2011/08/14 18:04:12 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-9.xml
[2010/09/16 07:21:37 | 000,001,056 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin.xml
[2011/03/21 08:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/03/21 08:08:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/11/23 20:31:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/18 07:32:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/18 07:32:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/18 07:32:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/18 07:32:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/18 07:32:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/18 07:32:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/11/23 23:54:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [ICQ] "C:\PROGRA~2\ICQ7.2\ICQ.exe" silent loginmode=4 File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Speedsta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{173E7B6C-625A-49D5-8F35-58388324EEB0}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCCBE7E9-7642-4FA0-AC44-B5F9DBA549FA}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/11/25 10:43:08 | 000,000,000 | ---D | C] -- C:\Users\Speedsta\AppData\Roaming\Malwarebytes
[2011/11/25 10:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/25 10:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 10:42:45 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/25 10:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/24 07:42:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/23 23:47:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/23 23:47:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/23 23:47:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/23 23:47:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/23 23:45:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/23 21:39:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Speedsta\Desktop\OTL.exe
[2011/11/23 20:56:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/11/23 20:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/11/11 14:12:58 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/11/11 09:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2008/08/12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/11/25 11:31:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/25 10:42:49 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/24 07:48:55 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/24 07:48:55 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/24 07:45:30 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/24 07:45:30 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/11/24 07:45:30 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/24 07:45:30 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/11/24 07:45:30 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/24 07:41:01 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/23 23:54:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/23 21:39:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Speedsta\Desktop\OTL.exe
[2011/11/23 21:38:33 | 000,000,000 | ---- | M] () -- C:\Users\Speedsta\defogger_reenable
[2011/11/23 20:59:42 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/23 20:56:31 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/23 20:35:49 | 000,000,432 | ---- | M] () -- C:\ProgramData\XJMrCJFIlZfXWo
[2011/11/23 20:35:44 | 000,000,312 | ---- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWo
[2011/11/23 20:35:43 | 000,000,232 | ---- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWor
[2011/11/23 20:19:22 | 000,056,661 | ---- | M] () -- C:\Users\Speedsta\Desktop\0.9019126404538498.exe
[2011/11/21 22:38:40 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/21 22:38:40 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/19 09:50:13 | 000,715,220 | ---- | M] () -- C:\Users\Speedsta\Desktop\Swissvax-CarCare-KundenFlyer.pdf
[2011/11/16 13:34:28 | 000,000,126 | ---- | M] () -- C:\Users\Speedsta\Desktop\.~lock.Korrigierte Emails.ods#
[2011/11/11 14:12:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/11 13:45:53 | 000,009,065 | ---- | M] () -- C:\Users\Speedsta\Desktop\Gemeinden angeschrieben.ods
[2011/11/11 13:32:09 | 000,771,830 | ---- | M] () -- C:\Users\Speedsta\Desktop\Korrigierte Emails.ods
[2011/11/11 09:51:50 | 000,007,615 | ---- | M] () -- C:\Users\Speedsta\AppData\Local\Resmon.ResmonCfg
[2011/11/11 09:33:51 | 002,213,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
 
========== Files Created - No Company Name ==========
 
[2011/11/25 10:42:49 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/23 23:47:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/23 23:47:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/23 23:47:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/23 23:47:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/23 23:47:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/23 23:46:04 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/23 21:38:33 | 000,000,000 | ---- | C] () -- C:\Users\Speedsta\defogger_reenable
[2011/11/23 20:56:31 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/23 20:30:48 | 000,000,312 | ---- | C] () -- C:\ProgramData\~XJMrCJFIlZfXWo
[2011/11/23 20:30:48 | 000,000,232 | ---- | C] () -- C:\ProgramData\~XJMrCJFIlZfXWor
[2011/11/23 20:30:43 | 000,000,432 | ---- | C] () -- C:\ProgramData\XJMrCJFIlZfXWo
[2011/11/23 20:19:18 | 000,056,661 | ---- | C] () -- C:\Users\Speedsta\Desktop\0.9019126404538498.exe
[2011/11/19 09:50:13 | 000,715,220 | ---- | C] () -- C:\Users\Speedsta\Desktop\Swissvax-CarCare-KundenFlyer.pdf
[2011/11/16 13:34:28 | 000,000,126 | ---- | C] () -- C:\Users\Speedsta\Desktop\.~lock.Korrigierte Emails.ods#
[2011/11/11 13:45:52 | 000,009,065 | ---- | C] () -- C:\Users\Speedsta\Desktop\Gemeinden angeschrieben.ods
[2011/11/11 09:51:50 | 000,007,615 | ---- | C] () -- C:\Users\Speedsta\AppData\Local\Resmon.ResmonCfg
[2011/05/12 21:37:44 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/12 21:37:44 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/12/23 22:15:47 | 000,000,027 | ---- | C] () -- C:\Windows\BarCode.ini
[2010/12/23 22:14:43 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\Rydll32.dll
[2010/12/23 22:12:29 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/11 12:32:47 | 000,267,890 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2010/04/11 12:31:11 | 000,083,526 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010/03/04 17:40:38 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2010/03/02 17:36:11 | 000,267,291 | ---- | C] () -- C:\Windows\hpwins22.dat
[2010/03/02 17:36:11 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2009/12/30 14:35:58 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2009/12/30 14:35:45 | 000,777,728 | ---- | C] () -- C:\Windows\SysWow64\SSLSVC.DLL
[2009/12/30 14:35:45 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lang_cfml.dll
[2009/12/30 14:35:45 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2009/12/30 14:35:45 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\cfmsg.dll
[2009/12/30 14:35:45 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2009/12/30 14:35:45 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\xml_datagrove.dll
[2009/12/21 15:56:01 | 000,009,391 | ---- | C] () -- C:\Windows\SysWow64\dymourl.ini
[2009/12/21 15:48:28 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini
[2009/12/21 15:45:14 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\DYMOCFG.DLL
[2009/12/14 09:58:26 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
[2009/12/08 10:09:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/06 19:34:21 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/12/06 19:26:39 | 000,067,584 | ---- | C] () -- C:\Windows\unlite2.exe
[2009/12/01 00:31:47 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/12/01 00:07:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/12/01 00:07:33 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/07/29 06:21:06 | 000,000,223 | ---- | C] () -- C:\ProgramData\setwallpaper.cmd
[2009/07/29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/12/02 03:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/05/22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2006/02/18 09:16:04 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SlpApi42.dll
 
========== LOP Check ==========
 
[2011/06/01 07:21:47 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\.Kanton ZH
[2011/07/28 09:02:27 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\Firelab
[2011/08/15 10:30:22 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\Gomez
[2009/12/08 10:02:54 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\gtk-2.0
[2011/11/23 21:17:47 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\ICQ
[2010/09/07 13:50:00 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\IT-Service Christian Hau (www.a-bit-more.de)
[2009/12/07 11:48:29 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\Leadertech
[2009/12/06 19:49:32 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\OpenOffice.org
[2009/12/18 14:34:51 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\Scan2PDF
[2009/12/07 15:44:39 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\Smart Label Printer
[2010/08/29 18:45:49 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\Thunderbird
[2010/02/27 10:04:40 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 11/25/2011 1:14:07 PM - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Speedsta\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 54.96% Memory free
8.00 Gb Paging File | 5.63 Gb Available in Paging File | 70.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 383.48 Gb Free Space | 85.01% Space Free | Partition Type: NTFS
Drive E: | 7.39 Gb Total Space | 7.28 Gb Free Space | 98.49% Space Free | Partition Type: FAT32
 
Computer Name: SPEEDSTA-ASUS | User Name: Speedsta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{64A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{D42F84B6-3709-4A50-8502-6719D16AE6C8}" = SRS Premium Sound Control Panel
"{D850BEF5-67AF-4071-9538-FA9AC725D62C}" = Officejet Pro 8500 A909 Series
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{4E8FFAB1-88FA-4A8C-B611-08C2C9DD69F3}_is1" = NinjaLite 4.0.1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{345AE244-BCF5-439E-B301-15E339BEC536}" = Smart Label Printer 6.6
"{3699BC50-DA7B-4DA7-BB43-2981C9178FAD}" = UFO Aftermath
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{47AF4245-CD81-4353-BFC0-0A21A6EF483A}" = UFO Afterlight
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{639555DF-952A-4161-97F6-AB9807E421D7}" = UFO Aftershock
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}" = Macromedia HomeSite+
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{936B421E-70D6-43B1-AC08-A079EE4DAE68}" = PSP ISO Compressor
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A16656CE-4B17-4484-A13F-22B9500E5223}" = Fast Boot
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{B8934332-6BD6-4736-9898-DBFE80AC0468}" = Falk Navi-Manager
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4A0BDDA-04B9-44BD-A28E-7E2F7C9E1092}" = GameShadow
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D37B24D2-D4F8-40ED-A8D4-0D03F56D6838}" = Falk Navi-Manager
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFE506AB-DDEA-4C94-BDE0-C26F4B21C71A}" = Falk Navi-Manager
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Android SDK Tools" = Android SDK Tools
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Banana Buchhaltung 4.0" = Banana Buchhaltung 4.0
"Best of Amiga Classix" = Best of Amiga Classix 1.0
"DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox
"DYMO Label Software" = DYMO Label Software
"ICQToolbar" = ICQ Toolbar
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"Naviextras Toolbox" = Naviextras Toolbox
"OpenAL" = OpenAL
"Pocket UFO_is1" = Pocket UFO V1.26
"Private Tax 2009" = Private Tax 2009
"Private Tax 2010" = Private Tax 2010
"Scan2PDF_is1" = Scan2PDF 1.6
"TopStyle Lite (Version 2)" = TopStyle Lite (Version 2)
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"VLC media player" = VLC media player 1.0.3
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10/15/2011 7:30:59 PM | Computer Name = Speedsta-Asus | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 10/18/2011 2:31:24 AM | Computer Name = Speedsta-Asus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NinjaLi.exe, Version: 4.9.7.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: mpcore.dll_unloaded, Version: 0.0.0.0, 
Zeitstempel: 0x4e95b76e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x090142f0  ID des fehlerhaften
 Prozesses: 0xd24  Startzeit der fehlerhaften Anwendung: 0x01cc8ca7e9af989c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\NinjaLite\NinjaLite\NinjaLi.exe  Pfad
 des fehlerhaften Moduls: mpcore.dll  Berichtskennung: cc3f51eb-f952-11e0-bbb6-002243d37f6f
 
Error - 10/18/2011 10:09:18 AM | Computer Name = Speedsta-Asus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NinjaLi.exe, Version: 4.9.7.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: mpcore.dll_unloaded, Version: 0.0.0.0, 
Zeitstempel: 0x4e95b76e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x08c942f0  ID des fehlerhaften
 Prozesses: 0xb74  Startzeit der fehlerhaften Anwendung: 0x01cc8d7463bd99b1  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\NinjaLite\NinjaLite\NinjaLi.exe  Pfad
 des fehlerhaften Moduls: mpcore.dll  Berichtskennung: c462ea98-f992-11e0-bbb6-002243d37f6f
 
Error - 10/18/2011 1:47:06 PM | Computer Name = Speedsta-Asus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a144  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c8f9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000028359
ID
 des fehlerhaften Prozesses: 0x5b8  Startzeit der fehlerhaften Anwendung: 0x01cc8b40e410be91
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 31903895-f9b1-11e0-bbb6-002243d37f6f
 
Error - 10/19/2011 3:25:19 AM | Computer Name = Speedsta-Asus | Source = GomezFFAgent | ID = 4096
Description = 
 
Error - 10/24/2011 2:47:59 PM | Computer Name = Speedsta-Asus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a144  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c8f9  Ausnahmecode: 0xc0000420  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0x18e8  Startzeit der fehlerhaften Anwendung: 0x01cc8de24c7c1ef7
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: b16c5c3b-fe70-11e0-bbb6-002243d37f6f
 
Error - 10/29/2011 6:48:57 AM | Computer Name = Speedsta-Asus | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 10/29/2011 8:30:39 AM | Computer Name = Speedsta-Asus | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 11/2/2011 3:51:27 AM | Computer Name = Speedsta-Asus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a144  Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c9ab  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000013d28
ID
 des fehlerhaften Prozesses: 0x1458  Startzeit der fehlerhaften Anwendung: 0x01cc9731c99bb824
Pfad
 der fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\SHLWAPI.dll  Berichtskennung: 77cff16e-0527-11e1-bbc5-002243d37f6f
 
Error - 11/2/2011 6:21:35 AM | Computer Name = Speedsta-Asus | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 8/13/2010 3:46:35 AM | Computer Name = Speedsta-Asus | Source = DCOM | ID = 10016
Description = 
 
Error - 8/25/2010 12:18:11 PM | Computer Name = Speedsta-Asus | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ICQ Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 8/25/2010 12:18:12 PM | Computer Name = Speedsta-Asus | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ICQ Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 9/3/2010 5:12:36 PM | Computer Name = Speedsta-Asus | Source = DCOM | ID = 10016
Description = 
 
Error - 9/18/2010 1:40:55 PM | Computer Name = Speedsta-Asus | Source = DCOM | ID = 10016
Description = 
 
Error - 10/11/2010 4:34:03 PM | Computer Name = Speedsta-Asus | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Lavasoft Ad-Aware Service" ist als interaktiver Dienst
 gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
 nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 10/11/2010 4:37:18 PM | Computer Name = Speedsta-Asus | Source = DCOM | ID = 10010
Description = 
 
Error - 10/11/2010 4:39:43 PM | Computer Name = Speedsta-Asus | Source = DCOM | ID = 10016
Description = 
 
Error - 10/15/2010 10:55:08 AM | Computer Name = Speedsta-Asus | Source = DCOM | ID = 10016
Description = 
 
Error - 10/16/2010 10:44:31 AM | Computer Name = Speedsta-Asus | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

--- --- ---

6.

Code:

ATTFilter

Ad-Aware	Lavasoft Limited	22.11.2011	34.1MB	9.6.0
Adobe Color Common Settings	Adobe Systems Incorporated	25.07.2010	9.20MB	1.0.1
Adobe Download Manager	NOS Microsystems Ltd.	06.12.2009		1.6.2.49
Adobe ExtendScript Toolkit 2	Adobe Systems Incorporated	25.07.2010	16.4MB	2.0.2
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	20.06.2011	6.00MB	10.3.181.26
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	10.11.2011	6.00MB	11.1.102.55
Adobe Photoshop CS3	Adobe Systems Incorporated	29.12.2009	1'085MB	10.0
Adobe Reader 9.4.5 - Deutsch	Adobe Systems Incorporated	26.07.2011	164.9MB	9.4.5
Alcor Micro USB Card Reader	Alcor Micro Corp.	29.11.2009	2.87MB	1.2.17.25001
Android SDK Tools	Google Inc.	07.10.2011		1.13
ASUS AI Recovery	ASUS	29.11.2009	2.89MB	1.0.5
ASUS CopyProtect	ASUS	29.11.2009	3.62MB	1.0.0015
ASUS Data Security Manager	ASUS	29.11.2009	15.1MB	1.00.0013
ASUS FancyStart	ASUSTeK Computer Inc.	29.11.2009	10.5MB	1.0.6
ASUS LifeFrame3	ASUS	29.11.2009	27.7MB	3.0.20
ASUS Live Update	ASUS	29.11.2009		2.5.8
ASUS MultiFrame	ASUS	30.11.2009		1.0.0019
ASUS Power4Gear Hybrid	ASUS	29.11.2009	10.8MB	1.1.20
ASUS SmartLogon	ASUS	29.11.2009	10.9MB	1.0.0007
ASUS Splendid Video Enhancement Technology	ASUS	29.11.2009	24.4MB	1.02.0028
ASUS Virtual Camera	asus	29.11.2009	3.12MB	1.0.18
Asus_Camera_ScreenSaver	ASUS	30.11.2009		2.0.0008
Atheros Client Installation Program	Atheros	29.11.2009		7.0
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver	Atheros Communications Inc.	29.11.2009		1.0.0.10
ATK Generic Function Service	ATK	29.11.2009		1.00.0008
ATK Hotkey	ASUS	29.11.2009	5.75MB	1.0.0052
ATK Media	ASUS	29.11.2009	0.18MB	2.0.0005
ATKOSD2	ASUS	29.11.2009	8.08MB	7.0.0005
Avira AntiVir Personal - Free Antivirus	Avira GmbH	12.10.2011	76.9MB	10.2.0.704
Banana Buchhaltung 4.0	Banana.ch SA	06.12.2009		Banana Buchhaltung 4.0
Best of Amiga Classix 1.0	Magnussoft	19.12.2009		1.0
CardRecovery 5.30	WinRecovery Software	06.11.2010		
CCleaner	Piriform	24.11.2011		3.12
ControlDeck	ASUS	29.11.2009	1.77MB	1.0.1
DreamBoxEdit -- The one and only settings editor for your Dreambox		31.12.2010		
DYMO Label Software		20.12.2009		
ETDWare PS/2-x64 7.0.5.7_WHQL		29.11.2009		
Express Gate	DeviceVM, Inc.	29.11.2009	382MB	1.2.13.16
Falk Navi-Manager	Falk Navigation GmbH	13.12.2009		2.2.2
Fast Boot	ASUS	29.11.2009	1.55MB	1.0.0
GameShadow	GameShadow Ltd	26.12.2009	12.2MB	2.04.0000
HP Customer Participation Program 13.0	HP	01.03.2010		13.0
HP Document Manager 2.0	HP	01.03.2010		2.0
HP Imaging Device Functions 13.0	HP	01.03.2010		13.0
HP Photosmart Essential 3.5	HP	10.04.2010		3.5
HP Smart Web Printing 4.51	HP	01.03.2010		4.51
HP Solution Center 13.0	HP	01.03.2010		13.0
HP Update	Hewlett-Packard	01.03.2010	3.73MB	4.000.011.006
ICQ Toolbar	ICQ	24.08.2010		3.0.0
ICQ7.2	ICQ	24.08.2010		7.2
Ipswitch WS_FTP 12	Ipswitch	05.12.2009		12.0
Java(TM) 6 Update 24	Sun Microsystems, Inc.	05.12.2009	97.7MB	6.0.240
Java(TM) 6 Update 26 (64-bit)	Oracle	20.06.2011	91.6MB	6.0.260
Java(TM) SE Development Kit 6 Update 26 (64-bit)	Oracle	20.06.2011	132.8MB	1.6.0.260
Macromedia HomeSite+		29.12.2009		
Malwarebytes' Anti-Malware Version 1.51.2.1300	Malwarebytes Corporation	24.11.2011	13.8MB	1.51.2.1300
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	27.06.2010	1.72MB	3.1.0000
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	12.10.2010	0.21MB	9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	29.06.2010	0.20MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	23.04.2011	0.77MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	23.04.2011	0.58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	10.10.2010	0.77MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	15.06.2011	0.77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	05.12.2009	0.58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0.59MB	9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 de)	Mozilla	17.10.2011	33.3MB	7.0.1
Mozilla Thunderbird (7.0.1)	Mozilla	14.10.2011		7.0.1 (de)
MPM	Hewlett-Packard	01.03.2010	0.14MB	1.00.0000
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	14.12.2009	1.28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	15.12.2009	1.33MB	4.20.9876.0
Naviextras Toolbox	NNG Llc.	16.09.2011		3.1.0.25401
Naviextras Toolbox Prerequesities	NNG Llc.	16.09.2011	2.17MB	1.0.0
NinjaLite 4.0.1	Global IP Telecommunications Ltd.	11.10.2011	38.6MB	4
NVIDIA Drivers	NVIDIA Corporation	29.11.2009		1.4
OCR Software by I.R.I.S. 13.0	HP	01.03.2010		13.0
Officejet Pro 8500 A909 Series	HP	01.03.2010		13.0
OpenAL		26.12.2009		
OpenOffice.org 3.1	OpenOffice.org	05.12.2009	370MB	3.1.9420
Pocket UFO V1.26	SMK Software	21.05.2010		
Private Tax 2009	Abraxas Informatik AG	21.05.2010		1.1.7.545
Private Tax 2010	Abraxas Informatik AG	30.05.2011		1.1.3.584
PSP ISO Compressor	danny_kay1710	29.05.2010	2.55MB	1.3.0
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	29.11.2009		6.0.1.5904
Scan2PDF 1.6	Koma-Code	17.12.2009		
Shop for HP Supplies	HP	01.03.2010		13.0
Smart Label Printer 6.6	Ihr Firmenname	06.12.2009	12.7MB	6.6.0365
SRS Premium Sound Control Panel	SRS Labs, Inc.	29.11.2009	1.59MB	1.07.0100
TopStyle Lite (Version 2)		05.12.2009		
TopStyle Lite (Version 3.0)	Bradbury Software, LLC	29.12.2009		3.1.0
UFO Afterlight		26.12.2009		1.5
UFO Aftermath		26.12.2009		1.4
UFO Aftershock		26.12.2009		1.0
VLC media player 1.0.3	VideoLAN Team	05.12.2009		1.0.3
WBFS Manager 3.0	AlexDP	04.07.2010		3.0
WIDCOMM Bluetooth Software	Broadcom Corporation	29.11.2009	144.3MB	6.2.0.9600
Windows Live Anmelde-Assistent	Microsoft Corporation	27.06.2010	1.94MB	5.000.818.5
Windows Live Essentials	Microsoft Corporation	27.06.2010		14.0.8117.0416
Windows Live Sync	Microsoft Corporation	27.06.2010	2.79MB	14.0.8117.416
Windows Live-Uploadtool	Microsoft Corporation	27.06.2010	0.22MB	14.0.8014.1029
Windows Mobile-Gerätecenter	Microsoft Corporation	06.12.2009	27.4MB	6.1.6965.0
WinFlash	ASUS	29.11.2009	1.29MB	2.26.0
WinRAR		09.12.2009		
Wireless Console 3	ASUS	29.11.2009	2.43MB	3.0.10

kira · 25.11.2011, 19:40

Punkt 1 (Unhide) ausgeführt?:

Zitat:

Alles wieder sichtbar? Bitte kontrolliere es und berichte mir genau über den Zustand!

1.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

2.
Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten!
falls noch existierendeinstalliere:

Zitat:

Java(TM) 6 Update 5

Java(TM) 6 Update 22
Java(TM) 6 Update 26

3.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.2&q="
[2011/11/22 14:42:39 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-1.xml
[2011/10/12 21:32:41 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-10.xml
[2011/10/15 16:57:34 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-11.xml
[2011/10/18 07:33:07 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-12.xml
[2011/11/11 09:37:45 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-13.xml
[2011/11/11 13:53:34 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-14.xml
[2011/11/24 08:50:05 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-15.xml
[2010/12/17 08:51:47 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-2.xml
[2010/12/23 22:32:14 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-3.xml
[2011/04/16 13:38:46 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-4.xml
[2011/05/12 06:51:41 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-5.xml
[2011/05/13 20:33:23 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-6.xml
[2011/05/14 18:12:28 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-7.xml
[2011/07/13 19:36:33 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-8.xml
[2011/08/14 18:04:12 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-9.xml
[2010/09/16 07:21:37 | 000,001,056 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin.xml
[2011/10/18 07:32:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/18 07:32:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [ICQ] "C:\PROGRA~2\ICQ7.2\ICQ.exe" silent loginmode=4 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2011/11/23 20:56:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/11/23 20:35:49 | 000,000,432 | ---- | M] () -- C:\ProgramData\XJMrCJFIlZfXWo
[2011/11/23 20:35:44 | 000,000,312 | ---- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWo
[2011/11/23 20:35:43 | 000,000,232 | ---- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWor
[2011/11/23 20:19:22 | 000,056,661 | ---- | M] () -- C:\Users\Speedsta\Desktop\0.9019126404538498.exe
[2011/11/23 20:56:31 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

:Commands
[purity]
[REBOOT]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

6.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

8.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

Ebenfalls System Fix eingefangen, Windoof 7 64

Plagegeister aller Art und deren Bekämpfung: Ebenfalls System Fix eingefangen, Windoof 7 64